Migrate to alpine linux
This commit is contained in:
Manuel Alejandro de Brito Fontes
parent
fbdd924a45
commit
025d4eaceb
6 changed files with 12 additions and 12 deletions
2
Makefile
2
Makefile
|
|
@ -77,7 +77,7 @@ export E2E_CHECK_LEAKS
|
||||||
export SLOW_E2E_THRESHOLD
|
export SLOW_E2E_THRESHOLD
|
||||||
|
|
||||||
# Set default base image dynamically for each arch
|
# Set default base image dynamically for each arch
|
||||||
BASEIMAGE?=quay.io/kubernetes-ingress-controller/nginx-$(ARCH):23612cfde79b6ae7af4d30c3a7aaac0dcb5e6a27
|
BASEIMAGE?=quay.io/kubernetes-ingress-controller/nginx-$(ARCH):4cad1304ef05799cd5b7eae5d2f49e36d12c5b21
|
||||||
|
|
||||||
ifeq ($(ARCH),arm)
|
ifeq ($(ARCH),arm)
|
||||||
QEMUARCH=arm
|
QEMUARCH=arm
|
||||||
|
|
|
||||||
|
|
@ -30,8 +30,8 @@ spec:
|
||||||
- ALL
|
- ALL
|
||||||
add:
|
add:
|
||||||
- NET_BIND_SERVICE
|
- NET_BIND_SERVICE
|
||||||
# www-data -> 33
|
# www-data -> 101
|
||||||
runAsUser: 33
|
runAsUser: 101
|
||||||
env:
|
env:
|
||||||
- name: POD_NAME
|
- name: POD_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|
|
||||||
|
|
@ -232,8 +232,8 @@ spec:
|
||||||
- ALL
|
- ALL
|
||||||
add:
|
add:
|
||||||
- NET_BIND_SERVICE
|
- NET_BIND_SERVICE
|
||||||
# www-data -> 33
|
# www-data -> 101
|
||||||
runAsUser: 33
|
runAsUser: 101
|
||||||
env:
|
env:
|
||||||
- name: POD_NAME
|
- name: POD_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|
|
||||||
|
|
@ -43,8 +43,8 @@ spec:
|
||||||
- ALL
|
- ALL
|
||||||
add:
|
add:
|
||||||
- NET_BIND_SERVICE
|
- NET_BIND_SERVICE
|
||||||
# www-data -> 33
|
# www-data -> 101
|
||||||
runAsUser: 33
|
runAsUser: 101
|
||||||
env:
|
env:
|
||||||
- name: POD_NAME
|
- name: POD_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ spec:
|
||||||
runAsUser:
|
runAsUser:
|
||||||
rule: 'MustRunAsNonRoot'
|
rule: 'MustRunAsNonRoot'
|
||||||
ranges:
|
ranges:
|
||||||
- min: 33
|
- min: 101
|
||||||
max: 65535
|
max: 65535
|
||||||
seLinux:
|
seLinux:
|
||||||
rule: 'RunAsAny'
|
rule: 'RunAsAny'
|
||||||
|
|
|
||||||
|
|
@ -25,21 +25,21 @@ CROSS_BUILD_COPY qemu-QEMUARCH-static /usr/bin/
|
||||||
|
|
||||||
WORKDIR /etc/nginx
|
WORKDIR /etc/nginx
|
||||||
|
|
||||||
RUN clean-install \
|
RUN apk add -U --no-cache \
|
||||||
diffutils \
|
diffutils \
|
||||||
libcap2-bin
|
libcap
|
||||||
|
|
||||||
COPY --chown=www-data:www-data . /
|
COPY --chown=www-data:www-data . /
|
||||||
|
|
||||||
# Fix permission during the build to avoid issues at runtime
|
# Fix permission during the build to avoid issues at runtime
|
||||||
# with volumes (custom templates)
|
# with volumes (custom templates)
|
||||||
RUN bash -eu -c ' \
|
RUN bash -xeu -c ' \
|
||||||
writeDirs=( \
|
writeDirs=( \
|
||||||
|
/etc/ingress-controller \
|
||||||
/etc/ingress-controller/ssl \
|
/etc/ingress-controller/ssl \
|
||||||
/etc/ingress-controller/auth \
|
/etc/ingress-controller/auth \
|
||||||
/var/log \
|
/var/log \
|
||||||
/var/log/nginx \
|
/var/log/nginx \
|
||||||
/tmp \
|
|
||||||
); \
|
); \
|
||||||
for dir in "${writeDirs[@]}"; do \
|
for dir in "${writeDirs[@]}"; do \
|
||||||
mkdir -p ${dir}; \
|
mkdir -p ${dir}; \
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue