distroless: fetch CA certificates in builder stage
...so that we don't rely on a package manager to bring these down into the runner stage. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
parent
764ce711b6
commit
a672ff9288
@ -2,7 +2,7 @@ FROM golang:1.17.6-alpine3.14 AS builder
|
|||||||
|
|
||||||
WORKDIR /usr/local/src/dex
|
WORKDIR /usr/local/src/dex
|
||||||
|
|
||||||
RUN apk add --no-cache --update alpine-sdk
|
RUN apk add --no-cache --update alpine-sdk ca-certificates openssl
|
||||||
|
|
||||||
ARG TARGETOS
|
ARG TARGETOS
|
||||||
ARG TARGETARCH
|
ARG TARGETARCH
|
||||||
@ -39,8 +39,8 @@ FROM alpine:3.15.0
|
|||||||
# Proper installations should manage those certificates, but it's a bad user
|
# Proper installations should manage those certificates, but it's a bad user
|
||||||
# experience when this doesn't work out of the box.
|
# experience when this doesn't work out of the box.
|
||||||
#
|
#
|
||||||
# OpenSSL is required so wget can query HTTPS endpoints for health checking.
|
# See https://go.dev/src/crypto/x509/root_linux.go for Go root CA bundle locations.
|
||||||
RUN apk add --no-cache --update ca-certificates openssl
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
RUN mkdir -p /var/dex
|
RUN mkdir -p /var/dex
|
||||||
RUN chown -R 1001:1001 /var/dex
|
RUN chown -R 1001:1001 /var/dex
|
||||||
|
Reference in New Issue
Block a user