Create the full-blown bootstrap/control container #2884
Assignees
Labels
3-high
priority denoting release-blocking issues
enhancement
New feature or request
security-services
Milestone
Comments
bnevis-i
added
enhancement
3 tasks
3 tasks
jim-wang-intel
added a commit
to jim-wang-intel/edgex-go
that referenced
this issue
Jan 21, 2021
…tallation Closes: edgexfoundry#2884 The scurity container bootstrapping initiates with security-bootstrapper service, in which it bootstraps the pre-seeded secrets and credentials. The security-bootstrapper starts with seeding the vault_wait_install.sh script (contains the dockerize utility) to be available for other containers that needs to wait for the intended done-listener is issued and connected. The other containers in the security bootstrapping process currently are: - Redis bootstrapping - Consul bootstrapping - Kong bootstrapping - Postgres bootstrapping The dockerize utility is used on those above containers to wait for that security-bootstrapper tcp listener done signal and then those container can proceed to start up. Security-bootstrapper's entrypoint script is also for other edgex-core-services to wait for the intended port to be ready. The majority of edgex-core-services are converted to alpine-based image to facilitate the ability to use entrypoint scripts. Also remove unused environment flag: SECRETSTORE_SETUP_DONE_FLAG from secretstore_setup's entrypoint script That env flag will also needed to be cleaned up on the docker-compose file All timeout for dockerize wait-timeout in one central place. Also add the consul local config for disabling the auto check upate as currently consul is not running in SSL mode. Add lib/pq into Attribution.txt Run security-bootstrapper executeable as non-root user, $$EDGEX_USER All env. variables of entrypoint scripts are populated from the env files of compose builder in developer-scripts Signed-off-by: Jim Wang <[email protected]>
lenny-goodell
pushed a commit
that referenced
this issue
Jan 22, 2021
…tallation (#2970) Closes: #2884 The scurity container bootstrapping initiates with security-bootstrapper service, in which it bootstraps the pre-seeded secrets and credentials. The security-bootstrapper starts with seeding the vault_wait_install.sh script (contains the dockerize utility) to be available for other containers that needs to wait for the intended done-listener is issued and connected. The other containers in the security bootstrapping process currently are: - Redis bootstrapping - Consul bootstrapping - Kong bootstrapping - Postgres bootstrapping The dockerize utility is used on those above containers to wait for that security-bootstrapper tcp listener done signal and then those container can proceed to start up. Security-bootstrapper's entrypoint script is also for other edgex-core-services to wait for the intended port to be ready. The majority of edgex-core-services are converted to alpine-based image to facilitate the ability to use entrypoint scripts. Also remove unused environment flag: SECRETSTORE_SETUP_DONE_FLAG from secretstore_setup's entrypoint script That env flag will also needed to be cleaned up on the docker-compose file All timeout for dockerize wait-timeout in one central place. Also add the consul local config for disabling the auto check upate as currently consul is not running in SSL mode. Add lib/pq into Attribution.txt Run security-bootstrapper executeable as non-root user, $$EDGEX_USER All env. variables of entrypoint scripts are populated from the env files of compose builder in developer-scripts Signed-off-by: Jim Wang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a subtask for implementation of the secure bootstrapping ADR.
Create the full-blown bootstrap/control container and start moving bootstrapping logic into it.
The text was updated successfully, but these errors were encountered: