Skip to content

Latest commit

 

History

History
186 lines (133 loc) · 6.2 KB

README.md

File metadata and controls

186 lines (133 loc) · 6.2 KB

admiral-docker 💀🐳

GitHub Build Status CodeQL Known Vulnerabilities

Docker Image

Docker Pulls Docker Image Size (latest by date) Platforms

This Docker project serves as the vessel for certificate transparency scanning performed by the admiral Python library.

Running

Running with Docker Compose

  1. Change the credentials in secrets

  2. Choose configuration options for admiral.yml

  3. Start the container and detach:

    docker compose up --detach

Monitoring

The following web services are started for monitoring the underlying components:

Using secrets

This composistion passes credentials and configuration options via Docker secrets. You need to modify the files listed in the secrets section below. To prevent yourself from inadvertently committing sensitive values to the repository, run git update-index --assume-unchanged src/secrets/*.

Updating your container

Docker Compose

  1. Pull the new image from Docker Hub:

    docker compose pull
  2. Recreate the running container by following the previous instructions:

    docker compose up --detach

Image tags

The images of this container are tagged with semantic versions of the admiral Python library that they containerize. It is recommended that most users use a version tag (e.g. :1.4.0).

Image:tag Description
cisagov/admiral:1.4.0 An exact release version.
cisagov/admiral:1.3 The most recent release matching the major and minor version numbers.
cisagov/admiral:1 The most recent release matching the major version number.
cisagov/admiral:edge The most recent image built from a merge into the develop branch of this repository.
cisagov/admiral:nightly A nightly build of the develop branch of this repository.
cisagov/admiral:latest The most recent release image pushed to a container registry. Pulling an image using the :latest tag should be avoided.

See the tags tab on Docker Hub for a list of all the supported tags.

Volumes

Mount point Purpose
mongo-init.js Stores the initialization script for MongoDB

Ports

The following ports are exposed by this container:

Port Purpose
5555 Celery Flower
6379 Redis
8081 Redis Commander
8083 Mongo Express

Environment variables

Required

There are no required environment variables.

Optional

Name Purpose Default
ADMIRAL_CONFIG_FILE Celery configuration admiral.yml
ADMIRAL_CONFIG_SECTION Configuration section to use dev-mode
ADMIRAL_WORKER_NAME Worker names dev
CISA_HOME Home folder /home/cisa
CISA_GROUP Group identifier cisa

Secrets

Filename Purpose
admiral.yml Celery configuration
mongo.yml MongoDB configuration
mongo-root-passwd.txt MongoDB root password
redis.conf Redis configuration
sslmate-api-key.txt API key for SSLMate's Certificate Transparency Search API

Building from source

Build the image locally using this git repository as the build context:

docker build \
  --build-arg VERSION=0.0.1 \
  --tag cisagov/admiral:1.4.0 \
  https://github.com/cisagov/admiral-docker.git#develop

Cross-platform builds

To create images that are compatible with other platforms, you can use the buildx feature of Docker:

  1. Copy the project to your machine using the Code button above or the command line:

    git clone https://github.com/cisagov/admiral-docker.git
    cd example
  2. Create the Dockerfile-x file with buildx platform support:

    ./buildx-dockerfile.sh
  3. Build the image using buildx:

    docker buildx build \
      --file Dockerfile-x \
      --platform linux/amd64 \
      --build-arg VERSION=0.0.1 \
      --output type=docker \
      --tag cisagov/admiral:1.4.0 .

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.