Dockerfile 2.03 KB
Newer Older
1
2
ARG CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX
FROM ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/ubuntu:focal
Sandro Mathys's avatar
Sandro Mathys committed
3
4
5
6
7
8
9

ENV DEBIAN_FRONTEND=noninteractive

# https://pkg.switch.ch/switchaai/SWITCHaai-swdistrib.gpg
# https://packages.cloud.google.com/apt/doc/apt-key.gpg
COPY SWITCHaai-swdistrib.gpg kubernetes-archive-keyring.gpg /usr/share/keyrings/

Sandro Mathys's avatar
Sandro Mathys committed
10
# ca-certificates is required to access the kubernetes repo, thus the double dip
Sandro Mathys's avatar
Sandro Mathys committed
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
RUN echo "deb [signed-by=/usr/share/keyrings/SWITCHaai-swdistrib.gpg] http://pkg.switch.ch/switchaai/ubuntu focal main" > /etc/apt/sources.list.d/SWITCHaai-swdistrib.list&& \
    echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list&& \
    apt-get update&& \
    apt-get install -y --no-install-recommends ca-certificates&& \
    apt-get update&& \
    apt-get install -y --no-install-recommends apache2 shibboleth libapache2-mod-shib openssl kubectl&& \
    apt-get clean&& \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*&& \
    rm -rf /etc/apache2/conf-available&& \
    rm -rf /etc/apache2/conf-enabled&& \
    rm -rf /etc/apache2/mods-available&& \
    rm -rf /etc/apache2/mods-enabled&& \
    rm -rf /etc/apache2/sites-available&& \
    rm -rf /etc/apache2/sites-enabled&& \
    rm -rf /etc/apache2/apache2.conf&& \
    rm -rf /etc/apache2/ports.conf&& \
    rm -f /etc/shibboleth/attribute-map.xml&& \
    rm -f /etc/shibboleth/attribute-policy.xml&& \
    rm -f /etc/shibboleth/shibboleth2.xml&& \
    rm -f /etc/shibboleth/example-*&& \
    rm -f /etc/shibboleth/*.logger&& \
    rm -rf /var/log/*&& \
    ln -sf /usr/lib/apache2/modules /etc/apache2/modules&& \
Sandro Mathys's avatar
Sandro Mathys committed
34
35
36
37
38
39
    ln -sf /dev/shm /etc/apache2/run

# https://www.switch.ch/aai/guides/sp/configuration/#setupprofile
# NOTE: attribute-map.xml was manually edited to include all "local attributes" (which are
#       commented out in the donloaded file) and all attributes enabled by "edu-ID only" mode.
COPY attribute-map.xml attribute-policy.xml SWITCHaaiRootCA.crt.pem /etc/shibboleth/