Add clair to apps

Fixes #239
Nekroze · Mar 13, 2019 · 6b8f74c · 6b8f74c
1 parent b1eb9b4
commit 6b8f74c
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 0 deletions.
diff --git a/app/docker/Dockerfile.clair b/app/docker/Dockerfile.clair
@@ -0,0 +1,6 @@
+ARG CLAIR_TAG=latest
+FROM "quay.io/coreos/clair:$CLAIR_TAG"
+
+COPY configs/clair.yml /config/config.yaml
+
+CMD ["-config=/config/config.yaml"]
diff --git a/app/docker/configs/clair.yml b/app/docker/configs/clair.yml
@@ -0,0 +1,16 @@
+clair:
+
+  database:
+    type: pgsql
+    options:
+      # PostgreSQL Connection string
+      # https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING
+      source: host=postgres port=5432 user=postgres sslmode=disable statement_timeout=60000
+
+  api:
+    # v3 grpc/RESTful API server address
+    addr: "0.0.0.0:6060"
+
+    # Health server address
+    # This is an unencrypted endpoint useful for load balancers to check to healthiness of the clair server.
+    healthaddr: "0.0.0.0:6061"
diff --git a/app/docker/docker-compose.clair.yml b/app/docker/docker-compose.clair.yml
@@ -0,0 +1,26 @@
+version: '3.5'
+
+services:
+
+  clair:
+    container_name: dab_clair
+    build:
+      context: .
+      dockerfile: Dockerfile.clair
+      args:
+        - "CLAIR_TAG=${DAB_APPS_CLAIR_TAG:-latest}"
+    labels:
+      description: 'Vulnerability Static Analysis for Containers'
+      com.centurylinklabs.watchtower.enable: 'true'
+    restart: on-failure
+    depends_on:
+      - postgres
+    expose:
+      - 6060
+      - 6061
+    tmpfs:
+      - /tmp
+
+networks:
+  default:
+    name: dab_apps