Add certificate injection support to images
This change adds support for injecting certificates into Docker images during the build process using the same setup as airshipctl. Some proxy servers use custom certificates, and those must be trusted by the container. Signed-off-by: Drew Walters <andrew.walters@att.com> Change-Id: I7d00e416c2e27c2a362b9dc09c1e9e41216b0fe4
This commit is contained in:
parent
acb3d02e83
commit
ee193b056b
@ -5,6 +5,14 @@ FROM gcr.io/gcp-runtimes/go1-builder:1.13 as builder
|
||||
|
||||
ENV PATH "/usr/local/go/bin:$PATH"
|
||||
|
||||
# Inject custom root certificate authorities if needed.
|
||||
# Docker does not have a good conditional copy statement and requires that a
|
||||
# source file exists to complete the copy function without error. Therefore, the
|
||||
# README.md file will be copied to the image every time even if there are no
|
||||
# .crt files.
|
||||
COPY ./certs/* /usr/local/share/ca-certificates/
|
||||
RUN update-ca-certificates
|
||||
|
||||
WORKDIR /workspace
|
||||
# Copy the Go Modules manifests
|
||||
COPY go.mod go.mod
|
||||
|
8
certs/README.md
Normal file
8
certs/README.md
Normal file
@ -0,0 +1,8 @@
|
||||
# Additional Docker image root certificate authorities
|
||||
|
||||
If you require additional certificate authorities for your Docker image:
|
||||
* Add ASCII PEM encoded .crt files to this directory
|
||||
* The files will be copied into your docker image at build time.
|
||||
|
||||
To update manually copy the `.crt` files to `/usr/local/share/ca-certificates/`
|
||||
and run `sudo update-ca-certificates`.
|
@ -1,9 +1,18 @@
|
||||
ARG BASE_IMAGE=gcr.io/google-appengine/python
|
||||
FROM ${BASE_IMAGE}
|
||||
|
||||
# Inject custom root certificate authorities if needed.
|
||||
# Docker does not have a good conditional copy statement and requires that a
|
||||
# source file exists to complete the copy function without error. Therefore, the
|
||||
# README.md file will be copied to the image every time even if there are no
|
||||
# .crt files.
|
||||
COPY ./certs/* /usr/local/share/ca-certificates/
|
||||
RUN update-ca-certificates
|
||||
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y --no-install-recommends jq
|
||||
|
||||
RUN pip3 config set global.cert /etc/ssl/certs/ca-certificates.crt
|
||||
RUN pip3 install requests python-dateutil redfishtool
|
||||
|
||||
CMD ["/bin/bash"]
|
||||
|
Loading…
x
Reference in New Issue
Block a user