-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
49 lines (36 loc) · 1.44 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Build-Container
FROM openpolicyagent/opa:latest-debug AS builder
# opa:latest-debug: this variant includes a shell and is based on the lightweight distroless images.
WORKDIR /app
COPY src/bundle .
COPY sign ./sign
# OPA build & sign bundle
RUN opa build -b . -o dsr-fachdienst-policy-bundle.tar.gz \
--signing-key sign/bundle_sign_prk.pem \
--signing-alg ES256 \
--claims-file sign/claims.json
# Inspect the bundle, just for information
RUN opa inspect -a dsr-fachdienst-policy-bundle.tar.gz
# NGINX OPA Bundle Server - Container
FROM nginx:1.25.2-alpine
# The STOPSIGNAL instruction sets the system call signal that will be sent to the container to exit
# SIGTERM = 15 - https://de.wikipedia.org/wiki/Signal_(Unix)
STOPSIGNAL SIGTERM
# Create a directory for the OPA bundle in the container
RUN mkdir /usr/share/nginx/html/opa-bundle
# Copy OPA-Bundle to NGINX
COPY --from=builder /app/dsr-fachdienst-policy-bundle.tar.gz /usr/share/nginx/html/opa-bundle/
# Copy nginx.conf & .htpasswd
COPY nginx/nginx.conf /etc/nginx/nginx.conf
COPY nginx/.htpasswd /etc/pwd/.htpasswd
CMD ["nginx", "-g", "daemon off;"]
EXPOSE 80
ARG COMMIT_HASH
ARG VERSION
# Define Labels
LABEL de.gematik.commit-sha=$COMMIT_HASH \
de.gematik.version=$VERSION \
de.gematik.vendor="gematik GmbH" \
maintainer="[email protected]" \
de.gematik.app="DSR OPA Bundle Server" \
de.gematik.git-repo-name="https://.../dsr-fachdienst-policy.git"