This repository houses a Dockerfile for building the official clair-jwt container image.
This image executes clair behind jwtproxy, which is how secure Quay Enterprise installations are configured. cfssl is used to generate certificates internal certificates used with jwtproxy.
For more information, see the documentation for setting up Clair with Quay.
By providing the build-arg GIT_TAG, you can specify what branch/tag of Clair you wish to build.
alpine:
make alpine GIT_TAG=v2.0.9It produces quay.io/coreos/clair-jwt:v2.0.9-alpine
centOS:
make centos7-build-env centos7 GIT_TAG=v2.0.9It produces quay.io/coreos/clair-jwt:v2.0.9-centos7
For RHEL image a subscription key is needed, please refer to Registration Assistant to get it.
The RHEL Dockerfile is temporary AND The subscription key may be included in the layer blob, and therefore DO NOT expose the built image to external world.
rhel:
make centos7-build-env rhel7 GIT_TAG=v2.0.9 SUBSCRIPTION_KEY=<your key name>.pemIt produces quay.io/coreos/clair-jwt:v2.0.9-rhel7
The command make centos7-build-env produces a build environment, tagged as quay.io/coreos/clair-jwt:<version>-centos7-build-env for the centos and rhel based images.