Use cfssl in a multi-stage build docker image

mgazar_

Mostafa Gazar

Posted on December 31, 2019

Use cfssl in a multi-stage build docker image

CFSSL is Cloudflare's PKI and TLS toolkit. I recently wanted to use to generate a self signed certificate in a docker file.

You can technically install cfssl in a multitude of ways in whatever docker image you are using. There is a simpler approach though using Docker's multi-stage builds.


Let us say you have a registry image, code below:

FROM registry

LABEL maintainer="mostafa@mlstudioapp.com"
Enter fullscreen mode Exit fullscreen mode

And to use cfssl, you can do something like:

FROM cfssl/cfssl AS cfssl

WORKDIR /

# Generate certificate
COPY ca-csr.json /
RUN cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
RUN rm /ca-key.pem

FROM registry

LABEL maintainer="mostafa@mlstudioapp.com"

# Copy it to the registry
COPY --from=cfssl /ca.csr /certs/selfsigned.crt
COPY --from=cfssl /ca.pem /certs/selfsigned.key
Enter fullscreen mode Exit fullscreen mode

ca-csr.json

{
  "CN": "ML Sutdio CA",
  "hosts": [
    "mlstudio-registry.default.svc.cluster.local"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [{
    "C": "NZ",
    "O": "ML Studio"
  }]
}
Enter fullscreen mode Exit fullscreen mode

If you found this helpful spread the word.

💖 💪 🙅 🚩
mgazar_
Mostafa Gazar

Posted on December 31, 2019

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related