Setup

Setting up the development environment

Setup

Environment

  • Ubuntu 20.04 with Linux Kernel ≥ 5.11

  • CPU: Intel Xeon E-2288G

  • Docker (>= 20.10.21) & Docker-Compose

Prepare SSH Keys

To access a private GitHub repository in Dockerfile, you need to configure your SSH keys:

# do not enter passphrase
ssh-keygen -t ed25519 -C "[email protected]"
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
cp ~/.ssh/id_ed25519 .

Then, you need to add the content in ~/.ssh/id_ed25519.pub to GitHub SSH keys by clicking the New SSH keys button.

Prepare Cert Files

To establish a TLS connection, we need a CA and a client cert for mutual authentication. We store them in the cert directory:

  • Generate cert/ca.key:

-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIIYNTGhDVj0XKpNhlaHZhv8R8kZopjQg+3lLUiKWJpe2oAoGCCqGSM49
AwEHoUQDQgAEbVU0oGETuO9OYCGAPIyyN5i3RrFZqWBaBPBCFj8VsjoAMOagumK+
FxY7ULghfAjmAmvEERHmA2U0fcb6rHWU9A==
-----END EC PRIVATE KEY-----

  • Generate cert/ca.crt:

-----BEGIN CERTIFICATE-----
MIIB5DCCAYugAwIBAgIJAKiaGxooa8n+MAoGCCqGSM49BAMCME8xCzAJBgNVBAYT
AlVTMQswCQYDVQQIDAJDQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
THRkMRAwDgYDVQQDDAdNZXNhVEVFMB4XDTE4MDkwNjIxNDA0MloXDTI4MDkwMzIx
NDA0MlowTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMSEwHwYDVQQKDBhJbnRl
cm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB01lc2FURUUwWTATBgcqhkjO
PQIBBggqhkjOPQMBBwNCAARtVTSgYRO4705gIYA8jLI3mLdGsVmpYFoE8EIWPxWy
OgAw5qC6Yr4XFjtQuCF8COYCa8QREeYDZTR9xvqsdZT0o1AwTjAdBgNVHQ4EFgQU
rPy6Pz/NV6jhmu7gK8EtWCnSiUowHwYDVR0jBBgwFoAUrPy6Pz/NV6jhmu7gK8Et
WCnSiUowDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBCrqD8MQpzw6h5
YzUgaOSirSRHP4ttNq6e5r0QWMbeqAIgPqY/wh+deICX84whZExBgKEMnAHA23X5
KHk00RMV/vY=
-----END CERTIFICATE-----

  • Generate client private key:

 openssl ecparam -genkey -name prime256v1 -out cert/client.key

  • Export keys to pkcs8 in unencrypted format:

openssl pkcs8 -topk8 -nocrypt -in cert/client.key -out cert/client.pkcs8

  • Generate client CSR:

openssl req -new -SHA256 -key cert/client.key -nodes -out cert/client.csr

  • Generate client cert:

openssl x509 -req -extfile <(printf "subjectAltName=DNS:localhost,DNS:www.example.com") -days 3650 -in cert/client.csr -CA cert/ca.crt -CAkey cert/ca.key -CAcreateserial -out cert/client.crt

Pull Docker Images

  • public.ecr.aws/clique/clique-sibyl-base:1.0.0

  • public.ecr.aws/clique/clique-sibyl-mtls-base:1.0.0

  • public.ecr.aws/clique/clique-sibyl-dcsv2-base:1.0.0

  • public.ecr.aws/clique/clique-sibyl-dcsv2-mtls-base:1.0.0

Browse our container registry for the latest version.

PreviousIntroducing SibylNextBuild a custom Data Connector

Last updated