mirror of https://github.com/minio/minio.git
build containers to ship FIPS compatible MinIO
This commit is contained in:
parent
cdeccb5510
commit
3383a311b8
|
@ -0,0 +1,47 @@
|
||||||
|
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
|
||||||
|
|
||||||
|
ARG TARGETARCH
|
||||||
|
|
||||||
|
ARG RELEASE
|
||||||
|
|
||||||
|
LABEL name="MinIO" \
|
||||||
|
vendor="MinIO Inc <dev@min.io>" \
|
||||||
|
maintainer="MinIO Inc <dev@min.io>" \
|
||||||
|
version="${RELEASE}" \
|
||||||
|
release="${RELEASE}" \
|
||||||
|
summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \
|
||||||
|
description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
|
||||||
|
|
||||||
|
ENV MINIO_ACCESS_KEY_FILE=access_key \
|
||||||
|
MINIO_SECRET_KEY_FILE=secret_key \
|
||||||
|
MINIO_ROOT_USER_FILE=access_key \
|
||||||
|
MINIO_ROOT_PASSWORD_FILE=secret_key \
|
||||||
|
MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
|
||||||
|
MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
|
||||||
|
|
||||||
|
COPY dockerscripts/verify-minio.sh /usr/bin/verify-minio.sh
|
||||||
|
COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
|
||||||
|
COPY CREDITS /licenses/CREDITS
|
||||||
|
COPY LICENSE /licenses/LICENSE
|
||||||
|
|
||||||
|
RUN \
|
||||||
|
microdnf update --nodocs && \
|
||||||
|
microdnf install curl ca-certificates shadow-utils util-linux iproute iputils --nodocs && \
|
||||||
|
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||||
|
microdnf install minisign --nodocs && \
|
||||||
|
curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips -o /usr/bin/minio && \
|
||||||
|
curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips.sha256sum -o /usr/bin/minio.sha256sum && \
|
||||||
|
curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips.minisig -o /usr/bin/minio.minisig && \
|
||||||
|
microdnf clean all && \
|
||||||
|
chmod +x /usr/bin/minio && \
|
||||||
|
chmod +x /usr/bin/docker-entrypoint.sh && \
|
||||||
|
chmod +x /usr/bin/verify-minio.sh && \
|
||||||
|
/usr/bin/verify-minio.sh
|
||||||
|
|
||||||
|
EXPOSE 9000
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
|
||||||
|
|
||||||
|
VOLUME ["/data"]
|
||||||
|
|
||||||
|
CMD ["minio"]
|
|
@ -25,4 +25,16 @@ docker buildx build --push --no-cache \
|
||||||
|
|
||||||
docker buildx prune -f
|
docker buildx prune -f
|
||||||
|
|
||||||
|
docker buildx build --push --no-cache \
|
||||||
|
--build-arg RELEASE="${release}" -t "minio/minio:${release}.fips" \
|
||||||
|
--platform=linux/amd64 -f Dockerfile.release.fips .
|
||||||
|
|
||||||
|
docker buildx prune -f
|
||||||
|
|
||||||
|
docker buildx build --push --no-cache \
|
||||||
|
--build-arg RELEASE="${release}" -t "quay.io/minio/minio:${release}.fips" \
|
||||||
|
--platform=linux/amd64 -f Dockerfile.release.fips .
|
||||||
|
|
||||||
|
docker buildx prune -f
|
||||||
|
|
||||||
sudo sysctl net.ipv6.conf.wlp59s0.disable_ipv6=0
|
sudo sysctl net.ipv6.conf.wlp59s0.disable_ipv6=0
|
||||||
|
|
Loading…
Reference in New Issue