Add a Dockerfile. #143
Add a Dockerfile. #143
Conversation
There was a problem hiding this comment.
This looks great @idez, thanks! I think it would be reasonable to turn on the automatic Dockerhub builds. 👍
My Docker/container fluency is pretty low, can you provide a usage example for the README? Do you need to do anything to expose the Pebble WFE port to the host machine or other containers? Is it possible to provide command line arguments (-strict, -dnsserver, etc) at runtime or does that have to be factored into the Dockerfile?
| COPY --from=builder /go/bin/pebble /usr/bin/pebble | ||
| COPY --from=builder /go/src/github.com/letsencrypt/pebble/test/ /test/ | ||
|
|
||
| ENTRYPOINT [ "/usr/bin/pebble" ] |
There was a problem hiding this comment.
I think this needs a --config /test/config.json no? Otherwise I think pebble will default to trying to read from test/config/pebble-config.json in the pwd.
There was a problem hiding this comment.
I keep the behavior of Pebble, the default config file path is test/config/pebble-config.json
I copy this file and all the content of /test/ inside the container:
COPY --from=builder /go/src/github.com/letsencrypt/pebble/test/ /test/There was a problem hiding this comment.
Ahh, and PWD == / in this case so everything works 👍
Thanks for clarifying.
There was a problem hiding this comment.
This should probably be CMD rather than ENTRYPOINT. The difference: If you pass an alternate command to docker run, it gets passed as an argument to ENTRYPOINT, but it overrides CMD. So for instance if you wanted to run bash in the context of this container it would not work right due to the ENTRYPOINT.
| RUN go get -u github.com/jmhodges/clock \ | ||
| && go get -u gopkg.in/square/go-jose.v2 | ||
|
|
||
| RUN go install ./... |
There was a problem hiding this comment.
Could you make the Builder script also run the unit tests? Is that an anti-pattern?
There was a problem hiding this comment.
The purpose of a Dockerfile is not to replace a CI.
A Dockerfile must contain only what allows to build.
|
@shred 👋 Would you be interested in taking a quick 👀 at this PR? Would it help you remove any of the Pebble Docker definitions in the ACME4J |
|
Here is a small example with a docker-compose file: pebble:
image: letsencrypt/pebble
command: -dnsserver ${CUSTOM_DNS_IP}:5053
ports:
- 14000:14000
environment:
- PEBBLE_VA_NOSLEEP=1
- PEBBLE_WFE_NONCEREJECT=30And with a Docker command: docker run -e "PEBBLE_VA_NOSLEEP=1" letsencrypt/pebble -dnsserver 10.10.10.10:5053 |
|
Documentation added in 3691aa9 |
|
@cpu Thanks for the pointer. This PR looks good, and I could use an automated build of Pebble. But I prefer to keep the current way for now, because with a few modifications to the pom file, I can also use my own Pebble fork for tests. |
@shred Thanks for taking a look, appreciated! Totally understand the desire to keep your setup as-is. If its working don't break it :-) You were just the first person I thought of that I knew was using Pebble with Docker and wanted to see if this PR made sense to you. Thanks! |
|
@ldez I will try to activate the automatic Dockerhub builds soon. I created a repository (https://hub.docker.com/r/letsencrypt/pebble/) but haven't been able to create an automatic build yet. I'm having a hard time getting the UI to let me create a build for a repo in the Let's Encrypt GH organization even though I'm a member. |
| COPY --from=builder /go/bin/pebble /usr/bin/pebble | ||
| COPY --from=builder /go/src/github.com/letsencrypt/pebble/test/ /test/ | ||
|
|
||
| ENTRYPOINT [ "/usr/bin/pebble" ] |
There was a problem hiding this comment.
This should probably be CMD rather than ENTRYPOINT. The difference: If you pass an alternate command to docker run, it gets passed as an argument to ENTRYPOINT, but it overrides CMD. So for instance if you wanted to run bash in the context of this container it would not work right due to the ENTRYPOINT.
| WORKDIR /go/src/github.com/letsencrypt/pebble | ||
| COPY . . | ||
|
|
||
| RUN go get -u github.com/jmhodges/clock \ |
There was a problem hiding this comment.
This and the line below can be condensed into go get ./..., since go get fetches dependencies recursively.
| FROM golang:1.10-alpine as builder | ||
|
|
||
| RUN apk --update upgrade \ | ||
| && apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar \ |
There was a problem hiding this comment.
What are mercurial, musl-dev, and tar used for?
|
@cpu Are you planning to use tags for versioning, so it is possible to access a specific version (that would be a git commit ID, I guess) of Pebble? |
@felixfontein Do you want to start an issue to sort this out? I haven't given it a lot of thought and would be interested in discussing options. |
This PR adds a simple Dockerfile.
In the case of running tests for a client with Docker, it avoids having to build the image during the execution of the tests or maintain a fork to build an image for the Docker Hub.
If this PR interests you, could you activate the automatic builds from the Docker Hub so that the image is built automatically? (this would allow to easily run the tests with a Pebble always up to date)