Last active
August 26, 2022 14:32
-
-
Save JohnPreston/07bb3b984df15a24d80bf56fb6e6c04e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ARG BASE_IMAGE=public.ecr.aws/amazoncorretto/amazoncorretto:11 | |
ARG CONNECT_IMAGE=public.ecr.aws/ews-network/confluentinc/cp-server-connect:7.2.1 | |
FROM $BASE_IMAGE as certbuild | |
ADD https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem /etc/ssl/certs/rds-combined-ca-bundle.pem | |
ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /etc/ssl/certs/aws-global.pem | |
RUN yum install perl openssl gawk -y | |
RUN awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n ".pem"}' < /etc/ssl/certs/rds-combined-ca-bundle.pem; \ | |
for CERT in rds-ca-*; do alias=$(openssl x509 -noout -text -in $CERT | perl -ne 'next unless /Subject:/; s/.*(CN=|CN = )//; print') ; echo "Importing $alias" ; keytool -import -file ${CERT} -alias "${alias}" -storepass changeit -keystore /var/opt/aws-rds.jks -noprompt ; done; \ | |
awk 'split_after == 1 {n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1}{print > "rds-ca-" n ".pem"}' < /etc/ssl/certs/aws-global.pem ;\ | |
for CERT in rds-ca-*; do alias=$(openssl x509 -noout -text -in $CERT | perl -ne 'next unless /Subject:/; s/.*(CN=|CN = )//; print') ; echo "Importing $alias" ; keytool -importcert -file ${CERT} -alias "${alias}" -storepass changeit -keystore /var/opt/aws-rds.jks -noprompt ; done; | |
FROM $CONNECT_IMAGE | |
USER root | |
ADD https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem /etc/ssl/certs/rds-combined-ca-bundle.pem | |
ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /etc/ssl/certs/aws-global.pem | |
COPY --from=certbuild /var/opt/aws-rds.jks /var/opt/aws-rds.jks | |
RUN keytool -importkeystore -srckeystore /var/opt/aws-rds.jks -cacerts -srcstorepass changeit -deststorepass changeit | |
RUN yum upgrade -y && yum clean all && rm -rfv /var/cache/yum | |
USER appuser | |
RUN confluent-hub install --no-prompt confluentinc/kafka-connect-jdbc:10.2.5 ;\ | |
confluent-hub install --no-prompt mongodb/kafka-connect-mongodb:1.5.0 ;\ | |
confluent-hub install --no-prompt confluentinc/kafka-connect-s3:latest;\ | |
confluent-hub install --no-prompt confluentinc/kafka-connect-replicator:7.2.1 | |
COPY healthcheck.sh /etc/confluent/docker/healthcheck.sh | |
COPY start.sh /etc/confluent/docker/start.sh | |
ENTRYPOINT ["/etc/confluent/docker/start.sh"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment