mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-13 00:19:32 -05:00
90b88e1cf9
In the light of extending our eKMS support it will be helpful to have a tighter use of the word "KMS". KMS should refer to the actual component that manages keys. The keyservice, also called KMS in the constellation code, does not manage keys itself. It talks to a KMS backend, which in turn does the actual key management.
32 lines
1.1 KiB
Docker
32 lines
1.1 KiB
Docker
FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d55006538a as build
|
|
|
|
RUN dnf -y update && \
|
|
dnf install -y wget git
|
|
|
|
# Install Go
|
|
ARG GO_VER=1.19.5
|
|
RUN wget -q https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \
|
|
tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \
|
|
rm go${GO_VER}.linux-amd64.tar.gz
|
|
ENV PATH ${PATH}:/usr/local/go/bin
|
|
|
|
# Download go dependencies
|
|
WORKDIR /constellation/
|
|
COPY go.mod ./
|
|
COPY go.sum ./
|
|
RUN go mod download all
|
|
|
|
# Copy Repo
|
|
COPY . /constellation
|
|
RUN rm -rf ./hack/
|
|
|
|
# Build
|
|
RUN mkdir -p /constellation/build
|
|
WORKDIR /constellation/keyservice/cmd
|
|
ARG PROJECT_VERSION=0.0.0
|
|
RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -o /constellation/build/keyservice -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}"
|
|
|
|
FROM gcr.io/distroless/static:nonroot@sha256:1fa522fe6cfe020d50341f1ca561c099487bd44f8eb98d25d1920b07e05e40be as release
|
|
COPY --from=build /constellation/build/keyservice /keyservice
|
|
ENTRYPOINT ["/keyservice"]
|