diff --git a/Dockerfile b/Dockerfile index a43bf31c..f8eee750 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,6 +20,19 @@ COPY . . RUN make release-binary +FROM alpine:3.13.1 AS gomplate + +ARG TARGETOS +ARG TARGETARCH +ARG TARGETVARIANT + +ENV GOMPLATE_VERSION=v3.9.0 + +RUN wget -O /usr/local/bin/gomplate \ + "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS:-linux}-${TARGETARCH:-amd64}${TARGETVARIANT}-slim" \ + && chmod +x /usr/local/bin/gomplate + + FROM alpine:3.13.1 # Dex connectors, such as GitHub and Google logins require root certificates. @@ -32,11 +45,16 @@ RUN apk add --no-cache --update ca-certificates openssl RUN mkdir -p /var/dex RUN chown -R 1001:1001 /var/dex +RUN mkdir -p /etc/dex +COPY config.docker.yaml /etc/dex/ +RUN chown -R 1001:1001 /etc/dex + # Copy module files for CVE scanning / dependency analysis. COPY --from=builder /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/ COPY --from=builder /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/ COPY --from=builder /go/bin/dex /usr/local/bin/dex +COPY --from=gomplate /usr/local/bin/gomplate /usr/local/bin/gomplate USER 1001:1001 @@ -46,6 +64,7 @@ COPY --from=builder /usr/local/src/dex/web /web USER 1001:1001 -ENTRYPOINT ["dex"] +COPY docker-entrypoint.sh /entrypoint.sh -CMD ["version"] +ENTRYPOINT ["/entrypoint.sh"] +CMD ["dex", "serve", "/etc/dex/config.docker.yaml"] diff --git a/config.docker.yaml b/config.docker.yaml new file mode 100644 index 00000000..c5d2a47b --- /dev/null +++ b/config.docker.yaml @@ -0,0 +1,48 @@ +{{- /* NOTE: This configuration file is an example and exists only for development purposes. */ -}} +{{- /* To find more about gomplate formatting, please visit its documentation site - https://docs.gomplate.ca/ */ -}} +issuer: {{ getenv "DEX_ISSUER" "http://127.0.0.1:5556/dex" }} + +storage: + type: sqlite3 + config: + file: {{ getenv "DEX_STORAGE_SQLITE3_CONFIG_FILE" "/var/dex/dex.db" }} + +web: +{{- if getenv "DEX_WEB_HTTPS" "" }} + https: {{ .Env.DEX_WEB_HTTPS }} + tlsKey: {{ getenv "DEX_WEB_TLS_KEY" | required "$DEX_WEB_TLS_KEY in case of web.https is enabled" }} + tlsCert: {{ getenv "DEX_WEB_TLS_CERT" | required "$DEX_WEB_TLS_CERT in case of web.https is enabled" }} +{{- end }} + http: {{ getenv "DEX_WEB_HTTP" "0.0.0.0:5556" }} + +{{- if getenv "DEX_TELEMETRY_HTTP" }} +telemetry: + http: {{ .Env.DEX_TELEMETRY_HTTP }} +{{- end }} + +expiry: + deviceRequests: {{ getenv "DEX_EXPIRY_DEVICE_REQUESTS" "5m" }} + signingKeys: {{ getenv "DEX_EXPIRY_SIGNING_KEYS" "6h" }} + idTokens: {{ getenv "DEX_EXPIRY_ID_TOKENS" "24h" }} + authRequests: {{ getenv "DEX_EXPIRY_AUTH_REQUESTS" "24h" }} + +logger: + level: {{ getenv "DEX_LOG_LEVEL" "info" }} + format: {{ getenv "DEX_LOG_FORMAT" "text" }} + +oauth2: + responseTypes: {{ getenv "DEX_OAUTH2_RESPONSE_TYPES" "[code]" }} + skipApprovalScreen: {{ getenv "DEX_OAUTH2_SKIP_APPROVAL_SCREEN" "false" }} + alwaysShowLoginScreen: {{ getenv "DEX_OAUTH2_ALWAYS_SHOW_LOGIN_SCREEN" "false" }} +{{- if getenv "DEX_OAUTH2_PASSWORD_CONNECTOR" "" }} + passwordConnector: {{ .Env.DEX_OAUTH2_PASSWORD_CONNECTOR }} +{{- end }} + +enablePasswordDB: {{ getenv "DEX_ENABLE_PASSWORD_DB" "true" }} + +connectors: +{{- if getenv "DEX_CONNECTORS_ENABLE_MOCK" }} +- type: mockCallback + id: mock + name: Example +{{- end }} diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100755 index 00000000..bb12d313 --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,32 @@ +#!/bin/sh -e + +### Usage: /docker-entrypoint.sh +function main() { + executable=$1 + command=$2 + + if [[ "$executable" != "dex" ]] && [[ "$executable" != "$(which dex)" ]]; then + exec $@ + fi + + if [[ "$command" != "serve" ]]; then + exec $@ + fi + + for tpl_candidate in $@ ; do + case "$tpl_candidate" in + *.tpl|*.tmpl|*.yaml) + tmp_file=$(mktemp /tmp/dex.config.yaml-XXXXXX) + gomplate -f "$tpl_candidate" -o "$tmp_file" + + args="${args} ${tmp_file}" + ;; + *) + args="${args} ${tpl_candidate}" + ;; + esac + done + exec $args +} + +main $@