Closed wizhippo closed 1 week ago
Hi @wizhippo thank you for the PR.
In the case of Postgres and some other database images that use it, the /docker-entrypoint-initdb.d
script directory allows people to run SQL and bash scripts at a point in the execution flow that can't easily be accessed any other way.
With step-ca
, there are good options for injecting init scripts that don't require any additional logic in the entrypoint.sh:
You can build your own Dockerfile, adding a layer that runs an init script via CMD
.
You can inject an init script on the command line, eg:
docker run \
-p 9000:9000 \
-v step:/home/step \
-v ./init.d:/init.d \
-e "DOCKER_STEPCA_INIT_NAME=Smallstep" \
-e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost" \
-e "DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true" \
smallstep/step-ca \
sh -c '[ ! -f "${STEPPATH}/config/ca.json" ] && sh /init.d/script.sh ; /usr/local/bin/step-ca --password-file /home/step/secrets/password /home/step/config/ca.json'
A third option is to init and start up the CA, make whatever changes you need (to ca.json
, for example) while the CA is running, and then restart the container to pick up the changes.
None of these options require overriding or changing the entrypoint script. So, given the possibilities that already exist, I'm going to close this issue.
Name of feature:
Add /docker-entrypoint-initdb.d support like most other images.
Pain or issue this feature alleviates:
This will only run these on init and allows adding scripts that modify the setup just after first init, for example you could use it to modify ca.json and add/change datasource.
Why is this important to the project (if not answered above):
Instead of having to create/override the default entrypoint this allows to extend functionality like most other docker images
Supporting links/other PRs/issues:
May help with items like https://github.com/smallstep/certificates/issues/1875, https://github.com/smallstep/certificates/issues/807 as these could be added as init scripts.