This repository has been archived by the owner on Apr 21, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
60 lines (50 loc) · 2.73 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
FROM alpine:latest
MAINTAINER Miguel Terron <[email protected]>
ARG BUILD_DATE
ARG VCS_REF
ARG CONSUL_VERSION=1.6.0-rc1
ARG HASHICORP_PGP_KEY=51852D87348FFC4C
LABEL maintainer="Miguel Terron <[email protected]>" \
org.label-schema.build-date=$BUILD_DATE \
org.label-schema.vcs-url="https://github.com/mterron/consul.git" \
org.label-schema.vcs-ref=$VCS_REF \
org.label-schema.schema-version="1.0.0-rc.1" \
org.label-schema.version=$CONSUL_VERSION \
org.label-schema.description="Alpine based Consul image"
RUN apk -q --no-cache add binutils curl gnupg jq libcap su-exec tini tzdata wget &&\
gpg --keyserver hkps://hkps.pool.sks-keyservers.net:443 --recv-keys "$HASHICORP_PGP_KEY" &&\
echo 'Download Consul binary' &&\
wget -nv --progress=bar:force --show-progress https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_amd64.zip &&\
echo 'Download Consul integrity file' &&\
wget -nv --progress=bar:force --show-progress https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_SHA256SUMS &&\
wget -nv --progress=bar:force --show-progress https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_SHA256SUMS.sig &&\
# Check integrity and installs Consul
gpg --batch --verify consul_${CONSUL_VERSION}_SHA256SUMS.sig consul_${CONSUL_VERSION}_SHA256SUMS &&\
grep "consul_${CONSUL_VERSION}_linux_amd64.zip$" consul_${CONSUL_VERSION}_SHA256SUMS | sha256sum -c &&\
unzip -q -o consul_${CONSUL_VERSION}_linux_amd64.zip -d /usr/local/bin &&\
strip --strip-debug /usr/local/bin/consul &&\
# Create Consul user
adduser -h /data -D -u 100000 -g 'Consul user' -s /dev/null consul &&\
# Assign a linux capability to the Consul binary that allows it to bind to low ports in case it's needed
setcap 'cap_net_bind_service=+ep' /usr/local/bin/consul &&\
mkdir -p -m 770 /data /etc/consul /run/consul &&\
chown consul:root /data /etc/consul /run/consul &&\
chmod 6550 /sbin/su-exec &&\
# Cleanup
apk -q --no-cache del --purge binutils gnupg wget libcap &&\
rm -rf consul_${CONSUL_VERSION}_* .ash* /root/.gnupg
# Copy binaries. bin directory contains startup script
COPY bin/* /usr/local/bin/
COPY log /usr/local/lib/
ENTRYPOINT ["tini", "-g", "--"]
CMD ["start_consul"]
HEALTHCHECK --start-period=300s CMD consul operator raft list-peers | grep -q leader
# Serf LAN and WAN (WAN is used only by Consul servers) are used for gossip between
# Consul agents. LAN is used within the datacenter and WAN between Consul servers
# in all datacenters.
# HTTPS, and DNS (both TCP and UDP) are the primary interfaces that applications
# use to interact with Consul.
EXPOSE 8301 8301/udp 8302 8302/udp 8500 8501 53 53/udp 8600 8600/udp
STOPSIGNAL SIGINT
COPY Dockerfile /etc/
USER consul