Use cfssl in a multi-stage build docker image
Mostafa Gazar
Posted on December 31, 2019
CFSSL
is Cloudflare's PKI and TLS toolkit. I recently wanted to use to generate a self signed certificate in a docker file.
You can technically install cfssl
in a multitude of ways in whatever docker image you are using. There is a simpler approach though using Docker's multi-stage builds.
Let us say you have a registry image, code below:
FROM registry
LABEL maintainer="mostafa@mlstudioapp.com"
And to use cfssl
, you can do something like:
FROM cfssl/cfssl AS cfssl
WORKDIR /
# Generate certificate
COPY ca-csr.json /
RUN cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
RUN rm /ca-key.pem
FROM registry
LABEL maintainer="mostafa@mlstudioapp.com"
# Copy it to the registry
COPY --from=cfssl /ca.csr /certs/selfsigned.crt
COPY --from=cfssl /ca.pem /certs/selfsigned.key
ca-csr.json
{
"CN": "ML Sutdio CA",
"hosts": [
"mlstudio-registry.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [{
"C": "NZ",
"O": "ML Studio"
}]
}
If you found this helpful spread the word.
💖 💪 🙅 🚩
Mostafa Gazar
Posted on December 31, 2019
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.