64 lines
1.7 KiB
Docker
64 lines
1.7 KiB
Docker
FROM almalinux:9 AS builder
|
|
|
|
ARG KANIDM_VERSION
|
|
ARG KANIDM_FEATURES
|
|
ARG KANIDM_BUILD_PROFILE="container_generic"
|
|
ARG KANIDM_BUILD_OPTIONS=""
|
|
|
|
# Set the build profile
|
|
ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
|
|
ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"
|
|
|
|
RUN dnf install -y epel-release dnf-plugins-core \
|
|
&& dnf update -y \
|
|
&& dnf config-manager --enable crb \
|
|
&& dnf clean all \
|
|
&& rm -rf /var/cache/yum
|
|
|
|
RUN dnf install -y clang mold pam-devel openssl-devel git make automake gawk systemd-libs systemd-devel systemd-udev \
|
|
&& dnf clean all \
|
|
&& rm -rf /var/cache/yum
|
|
|
|
# Get Rust
|
|
ENV RUSTUP_HOME=/root/.rustup
|
|
ENV CARGO_HOME=/root/.cargo
|
|
ENV PATH=/root/.cargo/bin:${PATH}
|
|
RUN curl -s --proto '=https' --tlsv1.3 -sSf 'https://sh.rustup.rs' | sh -s -- -y --no-modify-path || true
|
|
|
|
RUN git clone --branch $KANIDM_VERSION --depth 1 https://github.com/kanidm/kanidm.git /usr/src/kanidm
|
|
|
|
WORKDIR /usr/src/kanidm
|
|
|
|
# Exports don't persist through RUN statements.
|
|
RUN make release/kanidmd
|
|
RUN make release/kanidm
|
|
|
|
FROM almalinux:9
|
|
|
|
COPY *.repo /etc/yum.repos.d/
|
|
|
|
RUN dnf install -y openssl sqlite pam kubectl \
|
|
&& dnf clean all \
|
|
&& rm -rf /var/cache/yum
|
|
|
|
COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/
|
|
COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/
|
|
COPY --from=builder /usr/src/kanidm/server/core/static /hpkg
|
|
RUN chmod +x /sbin/kanidmd
|
|
|
|
WORKDIR /data
|
|
|
|
EXPOSE 8443 3636
|
|
|
|
ENV RUST_BACKTRACE=1
|
|
|
|
HEALTHCHECK \
|
|
--interval=60s \
|
|
--timeout=10s \
|
|
--start-period=60s \
|
|
--start-interval=5s \
|
|
--retries=3 \
|
|
CMD [ "/sbin/kanidmd", "healthcheck", "-c", "/data/server.toml"]
|
|
|
|
CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"]
|