Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-09-27 12:01:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

Use nonroot distroless container for KMS

Browse source 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer 2022-10-17 15:00:29 +02:00
parent c4d8fa54a6
commit 87d94c59fd
2 changed files with 2 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
kms/Dockerfile
View file

@ -26,7 +26,6 @@ WORKDIR /constellation/kms/cmd
ARG PROJECT_VERSION=0.0.0
RUN CGO_ENABLED=0 go build -o /constellation/build/kmsserver -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}"
# Use gcr.io/distroless/static here since we need CA certificates to be installed for aTLS operations on GCP.
FROM gcr.io/distroless/static@sha256:f6ba6e4b2b5881fb94a99113de3c886c5f72e589946ece055dee2aade9486b8f as release
FROM gcr.io/distroless/static:nonroot@sha256:d8afc7d6973f357162e2283551cf3347b2bb847a03d24510ee837f289505f8e3 as release
COPY --from=build /constellation/build/kmsserver /kmsserver
ENTRYPOINT ["/kmsserver"]