[Feature Request] LabCA standalone Arm container image

[akanok]

We have a docker/container image version which use boulder
and a standalone version which allows you to use other ACME server implementation like step-ca from Smallstep™. I think that we should also provide a standalone container image of labca (for arm and x86_64).

Why?

This will provide more flexibility to the project, which is always great!

Personally I wanted to run labca using step-ca in containers on an arm computer.
Smallstep is already providing a step-ca docker image (also for arm), so we lack a labca one.

Where we are now

The project's readme says that I can not run labca on Raspberry Pi, so I thought it has some problems with arm.

Fortunately this wasn't the case, because building (cross compiling) a static arm binary works flawlessly:

GOARCH=arm64 CGO_ENABLED=0 go build -o ../bin/labca-gui -a -ldflags '-extldflags "-static"'

Then I also tried building a very simple container image:

FROM golang as builder

RUN git clone https://github.com/hakwerk/labca.git
# Cross compiling for ARM
RUN cd labca/gui && GOARCH=arm64 CGO_ENABLED=0 go build -o ../bin/labca-gui -a -ldflags '-extldflags "-static"'

FROM alpine

COPY --from=builder /go/labca/bin/labca-gui /labca-gui
ENV HOME=/

ENTRYPOINT ["/labca-gui", "-config"]

Lastly I came up with this simple pod for local developing (tested only with podman):

apiVersion: v1
kind: Pod
metadata:
  name: test-pod
  labels:
    app: test-pod
spec:
  containers:
  - name: db
    image: docker.io/library/mariadb:latest
    stdin: true
    tty: true
    args:
    - mariadbd
    env:
    - name: MYSQL_DATABASE
      value: db-name
    - name: MYSQL_USER
      value: user
    - name: MYSQL_ROOT_PASSWORD
      value: root-passwd
    - name: TERM
      value: xterm
    - name: MYSQL_PASSWORD
      value: passwd
    - name: HOSTNAME
      value: db
    volumeMounts:
    - mountPath: /var/lib/mysql
      name: db-data-pvc
  - name: step
    image: docker.io/smallstep/step-ca:latest
    stdin: true
    tty: true
    args:
    - /bin/sh
    - -c
    - exec /usr/local/bin/step-ca --password-file $PWDPATH $CONFIGPATH
    env:
    - name: TERM
      value: xterm
    - name: HOSTNAME
      value: step
    volumeMounts:
    - mountPath: /home/step
      name: step-data_host
  - name: labca
    image: localhost/labca_arm:latest # Builded from the above Dockerfile
    stdin: true
    tty: true
    args:
    - /config.json
    env:
    - name: TERM
      value: xterm
    - name: HOSTNAME
      value: labca
    volumeMounts:
    - mountPath: /config.json
      name: config.json_host
    ports:
    - containerPort: 5080
      hostPort: 5080

  volumes:
  - name: db-data-pvc
    persistentVolumeClaim:
      claimName: db-data
  - name: step-data_host
    hostPath:
      path: /path/to/mount/folders/step-data
      type: Directory
  - name: config.json_host
    hostPath:
      path: /path/to/mount/folders/config.json
      type: File

If needed this is my testing config.json that I used for step-ca:

{
  "backend": "step-ca",
  "config": {
    "complete": true
  },
  "db": {
    "conn": "user:passwd@tcp(db:3306)/db-name",
    "type": "mysql"
  },
  "keys": {
    "auth": "Your-keys",
    "enc": "Your-keys"
  },
  "server": {
    "addr": "0.0.0.0",
    "https": false,
    "port": 5080,
    "session": {
      "maxage": 3600
    }
  },
  "standalone": true,
  "user": {
    "email": "user.email@example.com",
    "name": "user",
    "password": "your-passwd"
  }
}

In the end I think that providing a standalone container image of labca won't be too complicated because the main building blocks are already working, but do not hesitate to point me out if I made some mistakes.