41 lines
1.4 KiB
Docker
41 lines
1.4 KiB
Docker
ARG OATHKEEPER_VERSION=v0.40.9
|
|
FROM oryd/oathkeeper:${OATHKEEPER_VERSION}
|
|
|
|
# Switch to root to install packages
|
|
USER root
|
|
|
|
# Install additional tools including gettext for envsubst and su-exec for user switching
|
|
RUN apk add --no-cache curl wget gettext su-exec
|
|
|
|
# Set working directory
|
|
WORKDIR /etc/oathkeeper
|
|
|
|
# Copy configuration templates
|
|
COPY config/oathkeeper.yml /etc/oathkeeper/oathkeeper.yml.template
|
|
COPY config/access-rules/django.yml /etc/oathkeeper/access-rules/django.yml.template
|
|
COPY config/access-rules/kratos-public.yml /etc/oathkeeper/access-rules/kratos-public.yml.template
|
|
COPY config/access-rules/kratos-admin.yml /etc/oathkeeper/access-rules/kratos-admin.yml.template
|
|
COPY config/id_token.jwks.json /etc/oathkeeper/id_token.jwks.json
|
|
|
|
# Copy entrypoint script
|
|
COPY scripts/entrypoint.sh /entrypoint.sh
|
|
RUN chmod +x /entrypoint.sh
|
|
|
|
# Validate configuration at build time (optional)
|
|
RUN oathkeeper help serve || true
|
|
|
|
# NOTE: Keep as root user so entrypoint can write configs
|
|
# Entrypoint will switch to ory user after processing templates
|
|
|
|
# Expose ports
|
|
EXPOSE 4455 4456
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
|
CMD curl -f -s http://localhost:4456/health/ready > /dev/null || exit 1
|
|
|
|
# Use entrypoint to process templates
|
|
ENTRYPOINT ["/entrypoint.sh"]
|
|
|
|
# Default command
|
|
CMD ["serve", "proxy", "--config", "/etc/oathkeeper/oathkeeper.yml"] |