dex-k8s-authenticator/Dockerfile at master · cloud104/dex-k8s-authenticator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
ARG ARCH
FROM ${ARCH}golang:1.25.7-alpine3.23 AS build

RUN apk --no-cache add \
    alpine-sdk=~1.1 \
    bash=~5.3.3

ENV GO111MODULE=on

WORKDIR /app

COPY go.mod .
COPY go.sum .

RUN go mod download

COPY . .

RUN make build

FROM ${ARCH}alpine:3.23

# Dex connectors, such as GitHub and Google logins require root certificates.
# Proper installations should manage those certificates, but it's a bad user
# experience when this doesn't work out of the box.
#
# OpenSSL is required so wget can query HTTPS endpoints for health checking.
RUN apk --no-cache add \
    ca-certificates=~20251003 \
    openssl=~3.5.5 \
    curl=~8.17.0 \
    tini=~0.19.0

RUN mkdir -p /app/bin
COPY --from=build /app/bin/dex-k8s-authenticator /app/bin/
COPY --from=build /app/html /app/html
COPY --from=build /app/templates /app/templates

# Add any required certs/key by mounting a volume on /certs
# The entrypoint will copy them and run update-ca-certificates at startup
RUN mkdir -p /certs

WORKDIR /app

COPY entrypoint.sh /
RUN chmod a+x /entrypoint.sh

ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]

CMD ["--help"]