UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Normal view Permalink
Dockerfile 879 B
Newer Older
Alvin Huang's avatar
vault-enterprise-fips 1.10.5 initial commit
Alvin Huang committed
1 2 
ARG BASE_REGISTRY=registry1.dso.mil
ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
Engineering Services's avatar
Update vault to 1.10.9+ent.fips1402  
Engineering Services committed
3 
ARG BASE_TAG=8.7
Alvin Huang's avatar
vault-enterprise-fips 1.10.5 initial commit
Alvin Huang committed
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 

FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}

COPY vault.zip /tmp
COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh

RUN dnf update -y && \
  dnf install -y unzip && \
  dnf clean all && \
  unzip -d /bin /tmp/vault.zip && \
  chmod +x /bin/vault && \
  chmod 755 /usr/local/bin/docker-entrypoint.sh && \
  rm /tmp/vault.zip && \
  groupadd -g 1001 vault && \
  useradd -r -u 1001 -m -s /sbin/nologin -g vault vault && \
  mkdir -p /vault/logs && \
  mkdir -p /vault/file && \
  mkdir -p /vault/config && \
  chown -R vault:vault /vault

EXPOSE 8200
USER vault

HEALTHCHECK --interval=5m --timeout=30s --start-period=1m --retries=3 \
  CMD curl -f http://localhost:8200/v1/sys/health?standbyok=true || exit 1

ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["vault"]

UNCLASSIFIED - NO CUI