/clair-jwt

clair behind jwtproxy in one container

Primary LanguageShellApache License 2.0Apache-2.0

clair-jwt

This repository houses a Dockerfile for building the official clair-jwt container image.

This image executes clair behind jwtproxy, which is how secure Quay Enterprise installations are configured. cfssl is used to generate certificates internal certificates used with jwtproxy.

For more information, see the documentation for setting up Clair with Quay.

Building the image

By providing the build-arg GIT_TAG, you can specify what branch/tag of Clair you wish to build.

alpine:

make alpine GIT_TAG=v2.0.9

It produces quay.io/coreos/clair-jwt:v2.0.9-alpine

centOS:

make centos7-build-env centos7 GIT_TAG=v2.0.9

It produces quay.io/coreos/clair-jwt:v2.0.9-centos7

For RHEL image a subscription key is needed, please refer to Registration Assistant to get it.

The RHEL Dockerfile is temporary AND The subscription key may be included in the layer blob, and therefore DO NOT expose the built image to external world.

rhel:

make centos7-build-env rhel7 GIT_TAG=v2.0.9 SUBSCRIPTION_KEY=<your key name>.pem

It produces quay.io/coreos/clair-jwt:v2.0.9-rhel7

The command make centos7-build-env produces a build environment, tagged as quay.io/coreos/clair-jwt:<version>-centos7-build-env for the centos and rhel based images.