-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
38 lines (28 loc) · 847 Bytes
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
ARG GOLANG_VERSION="1.20"
FROM golang:${GOLANG_VERSION}-alpine AS build
ENV GO111MODULE=on
WORKDIR /build
COPY go.mod ./
COPY go.sum ./
RUN set -eux; \
go mod download; \
apk add --no-cache --purge --upgrade make
COPY . .
RUN make bin/anubis-authz
FROM alpine
# Indicates basic authorization is enforced
ARG AUTHORIZER=anubis
# Indicates basic auditor type is used (log to console)
ARG AUDITOR=basic
# Indicates audit logs are streamed to STDOUT
ARG AUDITOR_HOOK=""
ENV AUTHORIZER=${AUTHORIZER}
ENV AUDITOR=${AUDITOR}
ENV AUDITOR_HOOK=${AUDITOR_HOOK}
COPY authz/policy-anubis.yaml /var/lib/anubis/policy.yaml
VOLUME /run/docker/plugins/
COPY --from=build /build/bin/anubis-authz /usr/bin/anubis-authz
RUN adduser -D -u 1001 anubis
USER anubis
ENTRYPOINT ["/usr/bin/anubis-authz"]
CMD ["--policy", "/var/lib/anubis/policy.yaml"]