forked from cockroachdb/cockroach
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
46 lines (39 loc) · 1.69 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
FROM registry.access.redhat.com/ubi9/ubi-minimal
ARG fips_enabled
# For deployment, we need the following additionally installed:
# tzdata - for time zone functions; reinstalled to replace the missing
# files in /usr/share/zoneinfo/
# hostname - used in cockroach k8s manifests
# tar - used by kubectl cp
RUN microdnf update -y \
&& rpm --erase --nodeps tzdata \
&& microdnf install tzdata hostname tar gzip xz -y \
&& rm -rf /var/cache/yum
# FIPS mode requires the `openssl` package installed. Also we need to temporarily
# install the `crypto-policies-scripts` packege to tweak some configs. Because
# `microdnf` doesn't support `autoremove`, we need to record the list of
# packages before and after, and remove the installed ones afterward.
RUN if [ "$fips_enabled" == "1" ]; then \
microdnf install -y openssl && \
rpm -qa | sort > /before.txt && \
microdnf install -y crypto-policies-scripts && \
fips-mode-setup --enable --no-bootcfg && \
rpm -qa | sort > /after.txt && \
microdnf remove -y $(comm -13 /before.txt /after.txt) && \
microdnf clean all && \
rm -rf /var/cache/yum /before.txt /after.txt; \
fi
RUN mkdir /usr/local/lib/cockroach /cockroach /licenses /docker-entrypoint-initdb.d
COPY cockroach.sh cockroach /cockroach/
COPY licenses/* /licenses/
# Install GEOS libraries.
COPY libgeos.so libgeos_c.so /usr/local/lib/cockroach/
# Set working directory so that relative paths
# are resolved appropriately when passed as args.
WORKDIR /cockroach/
# Include the directory in the path to make it easier to invoke
# commands via Docker
ENV PATH=/cockroach:$PATH
ENV COCKROACH_CHANNEL=official-docker
EXPOSE 26257 8080
ENTRYPOINT ["/cockroach/cockroach.sh"]