2

我需要在 Hasura Docker Image 中安装 awscli 和 jq 库。我尝试使用 yum、apt-get 或 apk 命令来安装依赖项,但它们都不起作用。

Docker 镜像:https ://hub.docker.com/r/hasura/graphql-engine/

如何在 Hasura Docker Image 中安装这些依赖项?任何帮助表示赞赏。

Dockerfile:

FROM hasura/graphql-engine:latest

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

CMD ["./entrypoint.sh"]

入口点.sh:

#!/bin/sh
set -o errexit -o nounset -o pipefail

DB_HOST=${DB_HOST:-postgres}
DB_PORT=${DB_PORT:-5432}

if [ -z "${DB_NAME}" ]; then
   echo "Must provide DB_NAME environment variable. Exiting...."
   exit 1
fi

if [ -z "${DB_USER}" ]; then
   echo "Must provide DB_USER environment variable. Exiting...."
   exit 1
fi

if [ -z "${DB_PASSWORD}" ]; then
   echo "Must provide DB_PASSWORD environment variable. Exiting...."
   exit 1
fi

export HASURA_GRAPHQL_DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}


/bin/graphql-engine  serve

DB_PASSWORD使用 KMS 加密,所以我想在设置环境变量之前使用 aws cli 解密 entrypoint.sh 文件中的密码:HASURA_GRAPHQL_DATABASE_URL

4

1 回答 1

5

在 Hasura 团队支持的帮助下,我能够自定义 Hasura Docker Image。

这是 github 问题的链接:https ://github.com/hasura/graphql-engine/issues/2729

Dockerfile:

FROM hasura/graphql-engine:v1.0.0-beta.4 as base

FROM python:3.7-slim-stretch

RUN apt-get -y update \
    && apt-get install -y --no-install-recommends libpq-dev jq \
    && rm -rf /var/lib/apt/lists/* \
    && rm -rf /usr/share/doc/ \
    && rm -rf /usr/share/man/ \
    && rm -rf /usr/share/locale/ \
    && pip install awscli

# copy hausra binary from base container
COPY --from=base /bin/graphql-engine /bin/graphql-engine

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
CMD ["/entrypoint.sh"]

入口点.sh:

#!/bin/bash
set -e

DB_HOST=${DB_HOST:-postgres}
DB_PORT=${DB_PORT:-5432}
AWS_REGION=${AWS_REGION:-us-east-1}
DB_PASSWORD_ENCYPTED=${DB_PASSWORD_ENCYPTED:-false}

if [ -z "${DB_NAME}" ]; then
   echo "Must provide DB_NAME environment variable. Exiting...."
   exit 1
fi

if [ -z "${DB_USER}" ]; then
   echo "Must provide DB_USER environment variable. Exiting...."
   exit 1
fi

if [ -z "${DB_PASSWORD}" ]; then
   echo "Must provide DB_PASSWORD environment variable. Exiting...."
   exit 1
fi

if [ ${DB_PASSWORD_ENCYPTED} == "true" ]
then
    echo "loading KMS credentials"
    decrypted_value_base64=$( \
        aws --region ${AWS_REGION} kms decrypt \
          --ciphertext-blob fileb://<(echo "${DB_PASSWORD}" | base64 -d) \
          --query Plaintext \
          --output text
    )
    decrypted_value=$(echo $decrypted_value_base64 | base64 -d)
    export HASURA_GRAPHQL_DATABASE_URL=postgres://${DB_USER}:${decrypted_value}@${DB_HOST}:${DB_PORT}/${DB_NAME}
else
    export HASURA_GRAPHQL_DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}
fi

/bin/graphql-engine  serve
于 2019-08-15T14:58:37.693 回答