blob: 1508abca10e459bf1d24bc152c8c650af69012db (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
FROM haproxy:2.4.13-alpine
# For building the image in a proxy environment if necessary
ARG HTTP_PROXY
ARG HTTPS_PROXY
ENV HTTP_PROXY ${HTTP_PROXY}
ENV HTTPS_PROXY ${HTTPS_PROXY}
ENV http_proxy ${HTTP_PROXY}
ENV https_proxy ${HTTPS_PROXY}
# Added to execute commands which required root permission
USER root
RUN apk add --no-cache \
ca-certificates \
curl \
bash \
socat \
openssl \
shadow \
util-linux && \
chown -R haproxy:haproxy /usr/local/etc/haproxy
RUN mkdir -p /etc/ssl/certs/ && mkdir -p /etc/ssl/private
COPY --chown=haproxy aai.pem /etc/ssl/private/aai.pem
COPY --chown=haproxy docker-entrypoint.sh /docker-entrypoint.sh
COPY --chown=haproxy resolvers.conf /usr/local/etc/haproxy/resolvers.conf
COPY --chown=haproxy haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
# Changing group and group permission to allow haproxy user to execute sed comamnd ot change files
RUN chgrp haproxy /usr/local/etc/haproxy; \
chgrp haproxy /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf
RUN chmod +x /docker-entrypoint.sh; \
chmod g+wx /usr/local/etc/haproxy; \
chmod g+w /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf
# Reverting to haproxy use to not run the pod with root permissions
USER haproxy
ENTRYPOINT [ "/docker-entrypoint.sh" ]
CMD [ "haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/resolvers.conf" ]
EXPOSE 8443
|
