Skip to content

Commit 86868f4

Browse files
ikethecoderikethecoder
committed
Merge branch 'images/sdx' of https://github.com/bcgov/aps-devops into images/sdx
2 parents d2e0d18 + e0ce640 commit 86868f4

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

sdx/image/Dockerfile

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ USER root
55

66
RUN apt-get update && apt-get -y install unzip curl
77

8-
RUN echo add trust-jwks
8+
RUN echo add trust-jwks trust-kms updates and dpop upd
99
RUN git clone -b feature/mtls https://github.com/bcgov/kong-oss-plugins.git \
1010
&& cd kong-oss-plugins \
1111
&& (cd plugins/dpop && luarocks make) \
@@ -23,6 +23,7 @@ RUN git clone -b feature/mtls https://github.com/bcgov/kong-oss-plugins.git \
2323
&& (cd plugins/response-signer && luarocks make) \
2424
&& (cd plugins/token-exchange && luarocks make) \
2525
&& (cd plugins/trust-jwks && luarocks make) \
26+
&& (cd plugins/trust-kms && luarocks make) \
2627
&& (cd plugins/trust-ledger && luarocks make) \
2728
&& (cd plugins/trust-registry && luarocks make) \
2829
&& (cd plugins/trust-sign && luarocks make) \
@@ -111,7 +112,8 @@ ENV KONG_CLIENT_SSL_CERT="/etc/secrets/sdx-edge-client-cert/tls.crt"
111112
ENV KONG_CLIENT_SSL_CERT_KEY="/etc/secrets/sdx-edge-client-cert/tls.key"
112113

113114
# Make the env var available for using in custom plugins
114-
ENV KONG_NGINX_MAIN_ENV="KONG_SIGNING_CERT; env KONG_SIGNING_CERT_KEY"
115+
# NOTE env KONG_CLIENT_SSL_CERT;env KONG_CLIENT_SSL_CERT_KEY only temporary until we add token exchange plugin
116+
ENV KONG_NGINX_MAIN_ENV="KONG_SIGNING_CERT;env KONG_SIGNING_CERT_KEY;env AWS_ACCESS_KEY_ID;env AWS_SECRET_ACCESS_KEY;env AWS_REGION;env KONG_CLIENT_SSL_CERT;env KONG_CLIENT_SSL_CERT_KEY"
115117

116118
# Client certificate to present when proxying to upstream services
117119
ENV KONG_NGINX_PROXY_PROXY_SSL_CERTIFICATE="/etc/secrets/sdx-edge-client-cert/tls.crt"
@@ -162,7 +164,7 @@ ENV KONG_REAL_IP_HEADER="X-Forwarded-For"
162164
# Plugins Configuration
163165
# ============================================
164166
# Enables bundled plugins plus custom authentication, rate limiting, and security plugins
165-
ENV KONG_PLUGINS="bundled, jwt-keycloak_1010, rate-limiting_902, pre-function_770, post-function_200, post-function_201, oidc, oidc-consumer, kong-spec-expose, jwt-keycloak, kong-upstream-jwt, bcgov-gwa-endpoint, gwa-ip-anonymity, mtls-auth, mtls-acl, openid-authzen, response-signer, dpop, token-exchange, trust-jwks, trust-ledger, trust-registry, trust-sign, trust-timestamp, trust-verify-digest, trust-verify-signature"
167+
ENV KONG_PLUGINS="bundled, jwt-keycloak_1010, rate-limiting_902, pre-function_770, post-function_200, post-function_201, oidc, oidc-consumer, kong-spec-expose, jwt-keycloak, kong-upstream-jwt, bcgov-gwa-endpoint, gwa-ip-anonymity, mtls-auth, mtls-acl, openid-authzen, response-signer, dpop, token-exchange, trust-jwks, trust-kms, trust-ledger, trust-registry, trust-sign, trust-timestamp, trust-verify-digest, trust-verify-signature"
166168

167169
# Custom Lua module search path for plugin code
168170
ENV KONG_LUA_PACKAGE_PATH="/opt/?.lua;/opt/?/init.lua;;"

0 commit comments

Comments
 (0)