search

tellerops / teller

Cloud native secrets management for developers - never leave your command line for secrets.
https://github.com/tellerops/teller
Apache License 2.0
2.67k stars 179 forks source link

Alpine docker image support #297

Open r2DoesInc opened 3 weeks ago

r2DoesInc commented 3 weeks ago

When using the linux binary I am unable to run teller-cli on an alpine based image. 

$  docker run -it alpine
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
ec99f8b99825: Pull complete 
Digest: sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0
Status: Downloaded newer image for alpine:latest

# wget https://github.com/tellerops/teller/releases/download/v2.0.7/teller-x86_64-linux.tar.xz
Connecting to github.com (140.82.114.4:443)
Connecting to objects.githubusercontent.com (185.199.109.133:443)
saving to 'teller-x86_64-linux.tar.xz'
teller-x86_64-linux. 100% |**************************************************************************************************************************************************************| 5769k  0:00:00 ETA
'teller-x86_64-linux.tar.xz' saved

# tar -xf teller-x86_64-linux.tar.xz 
# cd teller-x86_64-linux/
# ./teller
/bin/sh: ./teller: not found
r2DoesInc commented 3 weeks ago

I can confirm the the issue is related to missing glibc.

I have been able make progress using https://github.com/sgerrand/alpine-pkg-glibc

r2DoesInc commented 2 weeks ago

Using the following Dockerfile I have been able to build and use Teller on alpine.

FROM rust:alpine

ARG GLIBC_VERSION=2.34-r0
ARG TELLER_VERSION=2.0.7

RUN wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \
   wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk && \
   wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-bin-${GLIBC_VERSION}.apk && \
   apk --allow-untrusted add glibc-${GLIBC_VERSION}.apk --force-overwrite && \
   apk --allow-untrusted add glibc-bin-${GLIBC_VERSION}.apk --force-overwrite 

RUN apk add openssl-dev protoc git curl musl-dev
RUN git clone https://github.com/tellerops/teller.git
RUN sed -i 's/\.with_native_roots()/\.with_native_roots()?/g' teller/teller-providers/src/providers/google_secretmanager.rs
RUN cd teller/teller-cli && RUSTFLAGS="-Ctarget-feature=-crt-static" cargo install --path . 
RUN cp /usr/local/cargo/bin/teller /usr/local/bin/teller

There are a few things here.

https://github.com/tellerops/teller/issues/295

I cannot build the project currently, I needed to apply a fix for the above issue.

We also need to use glibc-for-alpine, as I was not able to get things to run without it.

The project itself needed to be statically linked linked during the ubild process with the rust flag.