From f97239bd9752c07e9655f0a684af11aa58219092 Mon Sep 17 00:00:00 2001 From: Sebastian Kunze Date: Fri, 2 Dec 2022 13:11:02 +0100 Subject: [PATCH] strongSwan: switch base image to debian-slim (#1033) --- .../onprem/docker-images/strongswan/Dockerfile | 9 ++++++--- .../onprem/docker-images/strongswan/entrypoint.sh | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/cloud-config-container/onprem/docker-images/strongswan/Dockerfile b/modules/cloud-config-container/onprem/docker-images/strongswan/Dockerfile index 7a22d94369..8bb6165bac 100644 --- a/modules/cloud-config-container/onprem/docker-images/strongswan/Dockerfile +++ b/modules/cloud-config-container/onprem/docker-images/strongswan/Dockerfile @@ -12,10 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:latest +FROM debian:bullseye-slim -RUN set -xe \ - && apk add --no-cache strongswan bash sudo +ENV STRONGSWAN_VERSION=5.9 + +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y sudo iptables procps strongswan=${STRONGSWAN_VERSION}* \ + && rm -rf /var/lib/apt/lists/* COPY entrypoint.sh /entrypoint.sh RUN chmod 0755 /entrypoint.sh diff --git a/modules/cloud-config-container/onprem/docker-images/strongswan/entrypoint.sh b/modules/cloud-config-container/onprem/docker-images/strongswan/entrypoint.sh index e99d1ec828..bf596bc0f8 100644 --- a/modules/cloud-config-container/onprem/docker-images/strongswan/entrypoint.sh +++ b/modules/cloud-config-container/onprem/docker-images/strongswan/entrypoint.sh @@ -22,7 +22,7 @@ _stop_ipsec() { echo "Shutting down strongSwan/ipsec..." ipsec stop } -trap _stop_ipsec SIGTERM +trap _stop_ipsec TERM # Making the containter to work as a default gateway for LAN_NETWORKS iptables -t nat -A POSTROUTING -s ${LAN_NETWORKS} -o ${VPN_DEVICE} -m policy --dir out --pol ipsec -j ACCEPT