Skip to content

Add Kerberos libraries to the Docker images #242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Apr 18, 2023
Merged

Add Kerberos libraries to the Docker images #242

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
bdcb96f
Include all binary outputs from the workspace in the images' $PATH
nightkr Mar 7, 2023
6e0b831
Include MIT kerberos libraries in the build- and runtime environments
nightkr Mar 7, 2023
0c77764
Document why the different Nix components are installed
nightkr Mar 7, 2023
a0fc88c
Install krb5 for CI
nightkr Mar 7, 2023
ddd45d0
Also install krb5 headers for CI
nightkr Mar 7, 2023
27b90c9
Consider all workspace members for udeps
nightkr Mar 7, 2023
dc972c3
Fix wonky Dockerfile COPY path
nightkr Mar 8, 2023
90448e7
Add undo-tree files to the Tilt ignore list
nightkr Mar 8, 2023
16a1fc8
Merge branch 'main' into feature/kerberos
razvan Apr 18, 2023
300bed1
Merge branch 'main' into feature/kerberos
razvan Apr 18, 2023
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 23 additions & 7 deletions template/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,15 @@
tonic-reflection = attrs: {
buildInputs = [ pkgs.rustfmt ];
};
stackable-secret-operator = attrs: {
buildInputs = [ pkgs.protobuf pkgs.rustfmt ];
};
krb5-sys = attrs: {
nativeBuildInputs = [ pkgs.pkg-config ];
buildInputs = [ (pkgs.enableDebugging pkgs.krb5) ];
LIBCLANG_PATH = "${pkgs.libclang.lib}/lib";
BINDGEN_EXTRA_CLANG_ARGS = "-I${pkgs.glibc.dev}/include -I${pkgs.clang.cc.lib}/lib/clang/${pkgs.lib.getVersion pkgs.clang.cc}/include";
};
};
}
, meta ? pkgs.lib.importJSON ./nix/meta.json
Expand All @@ -27,14 +36,21 @@ rec {
dockerImage = pkgs.dockerTools.streamLayeredImage {
name = dockerName;
tag = dockerTag;
contents = [ pkgs.bashInteractive pkgs.coreutils pkgs.util-linuxMinimal ];
contents = [
# Common debugging tools
pkgs.bashInteractive pkgs.coreutils pkgs.util-linuxMinimal
# Kerberos 5 must be installed globally to load plugins correctly
pkgs.krb5
# Make the whole cargo workspace available on $PATH
build
];
config = {
Env =
let
fileRefVars = {
PRODUCT_CONFIG = deploy/config-spec/properties.yaml;
};
in pkgs.lib.concatLists (pkgs.lib.mapAttrsToList (env: path: pkgs.lib.optional (pkgs.lib.pathExists path) "${env}=${path}") fileRefVars);
Env =
let
fileRefVars = {
PRODUCT_CONFIG = deploy/config-spec/properties.yaml;
};
in pkgs.lib.concatLists (pkgs.lib.mapAttrsToList (env: path: pkgs.lib.optional (pkgs.lib.pathExists path) "${env}=${path}") fileRefVars);
Entrypoint = [ entrypoint ];
Cmd = [ "run" ];
};
Expand Down
7 changes: 5 additions & 2 deletions template/docker/Dockerfile.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,12 @@ RUN microdnf install -y yum \
&& yum clean all \
&& microdnf clean all

# Install kerberos client libraries
RUN microdnf install -y krb5-libs libkadm5 && microdnf clean all

COPY LICENSE /licenses/LICENSE

COPY --from=builder /app/stackable-{[ operator.name }] /
COPY --from=builder /app/* /usr/local/bin
{[% if operator.include_productconfig is undefined or operator.include_productconfig == true %}]
COPY deploy/config-spec/properties.yaml /etc/stackable/{[ operator.name }]/config-spec/properties.yaml
{[% endif %}]
Expand All @@ -34,5 +37,5 @@ RUN groupadd -g 1000 stackable && adduser -u 1000 -g stackable -c 'Stackable Ope

USER stackable:stackable

ENTRYPOINT ["/stackable-{[ operator.name }]"]
ENTRYPOINT ["stackable-{[ operator.name }]"]
CMD ["run"]