diff --git a/deploy/default-backend.yaml b/deploy/default-backend.yaml index 0f752a20f..64f6f58ad 100644 --- a/deploy/default-backend.yaml +++ b/deploy/default-backend.yaml @@ -18,7 +18,7 @@ spec: # Any image is permissable as long as: # 1. It serves a 404 page at / # 2. It serves 200 on a /healthz endpoint - image: gcr.io/google_containers/defaultbackend:1.0 + image: gcr.io/google_containers/defaultbackend:1.4 livenessProbe: httpGet: path: /healthz diff --git a/docs/examples/customization/external-auth-headers/deploy/default-backend.yaml b/docs/examples/customization/external-auth-headers/deploy/default-backend.yaml index ae6227507..a16193f93 100644 --- a/docs/examples/customization/external-auth-headers/deploy/default-backend.yaml +++ b/docs/examples/customization/external-auth-headers/deploy/default-backend.yaml @@ -15,7 +15,7 @@ spec: terminationGracePeriodSeconds: 60 containers: - name: default-http-backend - image: gcr.io/google_containers/defaultbackend:1.0 + image: gcr.io/google_containers/defaultbackend:1.4 livenessProbe: httpGet: path: /healthz diff --git a/images/404-server/Makefile b/images/404-server/Makefile index e292c235c..e46815c41 100644 --- a/images/404-server/Makefile +++ b/images/404-server/Makefile @@ -15,7 +15,7 @@ # Build the default backend binary or image for amd64, arm, arm64 and ppc64le # # Usage: -# [PREFIX=gcr.io/google_containers/defaultbackend] [ARCH=amd64] [TAG=1.1] make (server|container|push) +# [PREFIX=gcr.io/google_containers/defaultbackend] [ARCH=amd64] [TAG=1.4] make (server|container|push) all: push diff --git a/images/404-server/OWNERS b/images/404-server/OWNERS index 937f1d223..89b9586b4 100644 --- a/images/404-server/OWNERS +++ b/images/404-server/OWNERS @@ -2,7 +2,11 @@ approvers: - bprashanth - luxas - mikedanese +- aledbf +- nicksardo reviewers: - bprashanth - luxas - mikedanese +- aledbf +- nicksardo diff --git a/images/nginx-slim/Makefile b/images/nginx-slim/Makefile index 6ae2c204f..3e881f7ad 100644 --- a/images/nginx-slim/Makefile +++ b/images/nginx-slim/Makefile @@ -17,6 +17,12 @@ TAG ?= 0.27 REGISTRY ?= gcr.io/google_containers ARCH ?= $(shell go env GOARCH) ALL_ARCH = amd64 arm arm64 ppc64le +SED_I?=sed -i +GOHOSTOS ?= $(shell go env GOHOSTOS) + +ifeq ($(GOHOSTOS),darwin) + SED_I=sed -i '' +endif QEMUVERSION=v2.9.1 @@ -59,18 +65,18 @@ all-push: $(addprefix sub-push-,$(ALL_ARCH)) container: .container-$(ARCH) .container-$(ARCH): cp ./* $(TEMP_DIR) - cd $(TEMP_DIR) && sed -i 's|BASEIMAGE|$(BASEIMAGE)|g' Dockerfile - cd $(TEMP_DIR) && sed -i "s|ARCH|$(QEMUARCH)|g" Dockerfile + cd $(TEMP_DIR) && $(SED_I) 's|BASEIMAGE|$(BASEIMAGE)|g' Dockerfile + cd $(TEMP_DIR) && $(SED_I) "s|ARCH|$(QEMUARCH)|g" Dockerfile ifeq ($(ARCH),amd64) # When building "normally" for amd64, remove the whole line, it has no part in the amd64 image - cd $(TEMP_DIR) && sed -i "/CROSS_BUILD_/d" Dockerfile + cd $(TEMP_DIR) && $(SED_I) "/CROSS_BUILD_/d" Dockerfile else # When cross-building, only the placeholder "CROSS_BUILD_" should be removed # Register /usr/bin/qemu-ARCH-static as the handler for ARM binaries in the kernel docker run --rm --privileged multiarch/qemu-user-static:register --reset curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/$(QEMUVERSION)/x86_64_qemu-$(QEMUARCH)-static.tar.gz | tar -xz -C $(TEMP_DIR) - cd $(TEMP_DIR) && sed -i "s/CROSS_BUILD_//g" Dockerfile + cd $(TEMP_DIR) && $(SED_I) "s/CROSS_BUILD_//g" Dockerfile endif docker build -t $(MULTI_ARCH_IMG):$(TAG) $(TEMP_DIR) diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index 506d773ad..a3a9cbbee 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -730,8 +730,11 @@ stream { # Pass the extracted client certificate to the backend {{ if not (empty $server.CertificateAuth.CAFileName) }} - proxy_set_header ssl-client-cert $ssl_client_escaped_cert; + proxy_set_header ssl-client-cert $ssl_client_raw_cert; proxy_set_header ssl-client-verify $ssl_client_verify; + {{ else }} + proxy_set_header ssl-client-cert ""; + proxy_set_header ssl-client-verify ""; {{ end }} # Allow websocket connections