DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Release nginx 0.29

Browse source
This commit is contained in:
Manuel de Brito Fontes 2017-11-12 00:34:40 -03:00
parent 27108da170
commit 811829de60
6 changed files with 84 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
images/nginx-slim/README.md
View file

@ -1,25 +0,0 @@
nginx 1.13.x base image using [ubuntu-slim](https://github.com/kubernetes/ingress-nginx/tree/master/images/ubuntu-slim)
nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server.
This custom nginx image contains:
- [stream](http://nginx.org/en/docs/stream/ngx_stream_core_module.html) tcp support for upstreams
- nginx stats [nginx-module-vts](https://github.com/vozlt/nginx-module-vts)
- [Dynamic TLS record sizing](https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/)
**How to use this image:**
This image does provides a default configuration file with no backend servers.
*Using docker*
```console
docker run -v /some/nginx.con:/etc/nginx/nginx.conf:ro quay.io/kubernetes-ingress-controller/nginx-slim:0.28
```
*Creating a replication controller*
```console
kubectl create -f ./rc.yaml
```

6
images/nginx-slim/Dockerfile → images/nginx/Dockerfile
View file

@ -17,9 +17,11 @@ FROM BASEIMAGE
CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/ CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/
COPY build.sh /tmp COPY build.sh /
RUN /tmp/build.sh RUN clean-install bash
RUN /build.sh
# Create symlinks to redirect nginx logs to stdout and stderr docker log collector # Create symlinks to redirect nginx logs to stdout and stderr docker log collector
# This only works if nginx is started with CMD or ENTRYPOINT # This only works if nginx is started with CMD or ENTRYPOINT

16
images/nginx-slim/Makefile → images/nginx/Makefile
View file

@ -13,12 +13,12 @@
# limitations under the License. # limitations under the License.
# 0.0.0 shouldn't clobber any released builds # 0.0.0 shouldn't clobber any released builds
TAG ?= 0.28 TAG ?= 0.29
REGISTRY ?= quay.io/kubernetes-ingress-controller REGISTRY ?= quay.io/kubernetes-ingress-controller
ARCH ?= $(shell go env GOARCH) ARCH ?= $(shell go env GOARCH)
DOCKER ?= gcloud docker -- DOCKER ?= gcloud docker --
ALL_ARCH = amd64 arm arm64 ppc64le ALL_ARCH = amd64 arm arm64 ppc64le s390x
SED_I?=sed -i SED_I?=sed -i
GOHOSTOS ?= $(shell go env GOHOSTOS) GOHOSTOS ?= $(shell go env GOHOSTOS)
@ -28,22 +28,25 @@ endif
QEMUVERSION=v2.9.1 QEMUVERSION=v2.9.1
IMGNAME = nginx-slim IMGNAME = nginx
IMAGE = $(REGISTRY)/$(IMGNAME) IMAGE = $(REGISTRY)/$(IMGNAME)
MULTI_ARCH_IMG = $(IMAGE)-$(ARCH) MULTI_ARCH_IMG = $(IMAGE)-$(ARCH)
# Set default base image dynamically for each arch # Set default base image dynamically for each arch
BASEIMAGE?=quay.io/kubernetes-ingress-controller/ubuntu-slim-$(ARCH):0.14 BASEIMAGE?=gcr.io/google-containers/debian-base-$(ARCH):0.3
ifeq ($(ARCH),arm) ifeq ($(ARCH),arm)
QEMUARCH=arm QEMUARCH=arm
endif endif
ifeq ($(ARCH),arm64) ifeq ($(ARCH),arm64)
QEMUARCH=aarch64 QEMUARCH=aarch64
endif endif
ifeq ($(ARCH),ppc64le) ifeq ($(ARCH),ppc64le)
QEMUARCH=ppc64le QEMUARCH=ppc64le
endif endif
ifeq ($(ARCH),s390x)
QEMUARCH=s390x
endif
TEMP_DIR := $(shell mktemp -d) TEMP_DIR := $(shell mktemp -d)
@ -62,7 +65,6 @@ all-container: $(addprefix sub-container-,$(ALL_ARCH))
all-push: $(addprefix sub-push-,$(ALL_ARCH)) all-push: $(addprefix sub-push-,$(ALL_ARCH))
container: .container-$(ARCH) container: .container-$(ARCH)
.container-$(ARCH): .container-$(ARCH):
cp ./* $(TEMP_DIR) cp ./* $(TEMP_DIR)

36
images/nginx/README.md Normal file
View file

@ -0,0 +1,36 @@
nginx 1.13.x base image using [debian-base](https://github.com/kubernetes/kubernetes/tree/master/build/debian-base)
nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server.
This custom nginx image contains:
- [stream](http://nginx.org/en/docs/stream/ngx_stream_core_module.html) tcp support for upstreams
- nginx stats [nginx-module-vts](https://github.com/vozlt/nginx-module-vts)
- [Dynamic TLS record sizing](https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/)
- [ngx_devel_kit](https://github.com/simpl/ngx_devel_kit)
- [set-misc-nginx-module](https://github.com/openresty/set-misc-nginx-module)
- [headers-more-nginx-module](https://github.com/openresty/headers-more-nginx-module)
- [nginx-sticky-module-ng](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng)
- [nginx-http-auth-digest](https://github.com/atomx/nginx-http-auth-digest)
- [ngx_http_substitutions_filter_module](https://github.com/yaoweibin/ngx_http_substitutions_filter_module)
- [nginx-opentracing](https://github.com/opentracing-contrib/nginx-opentracing)
- [opentracing-cpp](https://github.com/opentracing/opentracing-cpp)
- [zipkin-cpp-opentracing](https://github.com/rnburn/zipkin-cpp-opentracing)
- [ModSecurity-nginx](https://github.com/SpiderLabs/ModSecurity-nginx) (only supported in x86_64)
- [brotli](https://github.com/google/brotli) (not supported in s390x)
**How to use this image:**
This image does provides a default configuration file with no backend servers.
*Using docker*
```console
docker run -v /some/nginx.con:/etc/nginx/nginx.conf:ro quay.io/kubernetes-ingress-controller/nginx:0.29
```
*Creating a replication controller*
```console
kubectl create -f ./rc.yaml
```

45
images/nginx-slim/build.sh → images/nginx/build.sh
View file

@ -24,8 +24,8 @@ export NDK_VERSION=0.3.0
export VTS_VERSION=0.1.15 export VTS_VERSION=0.1.15
export SETMISC_VERSION=0.31 export SETMISC_VERSION=0.31
export STICKY_SESSIONS_VERSION=08a395c66e42 export STICKY_SESSIONS_VERSION=08a395c66e42
export MORE_HEADERS_VERSION=0.32 export MORE_HEADERS_VERSION=0.33
export NGINX_DIGEST_AUTH=7955af9c77598c697ac292811914ce1e2b3b824c export NGINX_DIGEST_AUTH=519dc2a4907bc6d9c48f95b3cf6a0151aaf44b40
export NGINX_SUBSTITUTIONS=bc58cb11844bc42735bbaef7085ea86ace46d05b export NGINX_SUBSTITUTIONS=bc58cb11844bc42735bbaef7085ea86ace46d05b
export NGINX_OPENTRACING_VERSION=0.1.1 export NGINX_OPENTRACING_VERSION=0.1.1
export OPENTRACING_CPP_VERSION=1.0.0 export OPENTRACING_CPP_VERSION=1.0.0
@ -34,7 +34,7 @@ export MODSECURITY=a2a5858d249222938c2f5e48087a922c63d7f9d8
export BUILD_PATH=/tmp/build export BUILD_PATH=/tmp/build
ARCH=$(uname -p) ARCH=$(uname -m)
get_src() get_src()
{ {
@ -48,15 +48,12 @@ get_src()
rm -rf "$f" rm -rf "$f"
} }
mkdir "$BUILD_PATH"
cd "$BUILD_PATH"
if [[ ${ARCH} == "ppc64le" ]]; then if [[ ${ARCH} == "ppc64le" ]]; then
apt-get update && apt-get install --no-install-recommends -y software-properties-common clean-install software-properties-common
fi fi
# install required packages to build # install required packages to build
apt-get update && apt-get install --no-install-recommends -y \ clean-install \
bash \ bash \
build-essential \ build-essential \
curl ca-certificates \ curl ca-certificates \
@ -78,7 +75,7 @@ apt-get update && apt-get install --no-install-recommends -y \
libcurl4-openssl-dev \ libcurl4-openssl-dev \
procps \ procps \
git g++ pkgconf flex bison doxygen libyajl-dev liblmdb-dev libgeoip-dev libtool dh-autoreconf libxml2 libpcre++-dev libxml2-dev \ git g++ pkgconf flex bison doxygen libyajl-dev liblmdb-dev libgeoip-dev libtool dh-autoreconf libxml2 libpcre++-dev libxml2-dev \
linux-headers-generic || exit 1 || exit 1
mkdir -p /etc/nginx mkdir -p /etc/nginx
@ -89,6 +86,9 @@ wget -O /etc/nginx/GeoLiteCity.dat.gz https://geolite.maxmind.com/download/geoip
gunzip /etc/nginx/GeoIP.dat.gz gunzip /etc/nginx/GeoIP.dat.gz
gunzip /etc/nginx/GeoLiteCity.dat.gz gunzip /etc/nginx/GeoLiteCity.dat.gz
mkdir --verbose -p "$BUILD_PATH"
cd "$BUILD_PATH"
# download, verify and extract the source files # download, verify and extract the source files
get_src 8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8 \ get_src 8512fc6f986a20af293b61f33b0e72f64a72ea5b1acbcc790c4c4e2d6f63f8f8 \
"http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz" "http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz"
@ -102,13 +102,13 @@ get_src 97946a68937b50ab8637e1a90a13198fe376d801dc3e7447052e43c28e9ee7de \
get_src 5112a054b1b1edb4c0042a9a840ef45f22abb3c05c68174e28ebf483164fb7e1 \ get_src 5112a054b1b1edb4c0042a9a840ef45f22abb3c05c68174e28ebf483164fb7e1 \
"https://github.com/vozlt/nginx-module-vts/archive/v$VTS_VERSION.tar.gz" "https://github.com/vozlt/nginx-module-vts/archive/v$VTS_VERSION.tar.gz"
get_src c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 \ get_src a3dcbab117a9c103bc1ea5200fc00a7b7d2af97ff7fd525f16f8ac2632e30fbf \
"https://github.com/openresty/headers-more-nginx-module/archive/v$MORE_HEADERS_VERSION.tar.gz" "https://github.com/openresty/headers-more-nginx-module/archive/v$MORE_HEADERS_VERSION.tar.gz"
get_src 53e440737ed1aff1f09fae150219a45f16add0c8d6e84546cb7d80f73ebffd90 \ get_src 53e440737ed1aff1f09fae150219a45f16add0c8d6e84546cb7d80f73ebffd90 \
"https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/$STICKY_SESSIONS_VERSION.tar.gz" "https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/$STICKY_SESSIONS_VERSION.tar.gz"
get_src 9b1d0075df787338bb607f14925886249bda60b6b3156713923d5d59e99a708b \ get_src 5ea7093cedea1a17b3c890015f83fc72346627400a9e6e3cec9c4b21297ecb61 \
"https://github.com/atomx/nginx-http-auth-digest/archive/$NGINX_DIGEST_AUTH.tar.gz" "https://github.com/atomx/nginx-http-auth-digest/archive/$NGINX_DIGEST_AUTH.tar.gz"
get_src 618551948ab14cac51d6e4ad00452312c7b09938f59ebff4f93875013be31f2d \ get_src 618551948ab14cac51d6e4ad00452312c7b09938f59ebff4f93875013be31f2d \
@ -147,13 +147,15 @@ make install
cd "$BUILD_PATH" cd "$BUILD_PATH"
# Get Brotli source and deps if [[ ${ARCH} != "s390x" ]]; then
git clone https://github.com/google/ngx_brotli.git # Get Brotli source and deps
cd ngx_brotli && git submodule update --init git clone --depth=1 https://github.com/google/ngx_brotli.git
cd ngx_brotli && git submodule update --init
fi
if [[ ${ARCH} == "x86_64" ]]; then if [[ ${ARCH} == "x86_64" ]]; then
# build modsecurity library # build modsecurity library
cd "$BUILD_PATH"
git clone https://github.com/SpiderLabs/ModSecurity git clone https://github.com/SpiderLabs/ModSecurity
cd ModSecurity/ cd ModSecurity/
git checkout -b v3/master origin/v3/master git checkout -b v3/master origin/v3/master
@ -209,7 +211,6 @@ WITH_MODULES="--add-module=$BUILD_PATH/ngx_devel_kit-$NDK_VERSION \
--add-module=$BUILD_PATH/nginx-goodies-nginx-sticky-module-ng-$STICKY_SESSIONS_VERSION \ --add-module=$BUILD_PATH/nginx-goodies-nginx-sticky-module-ng-$STICKY_SESSIONS_VERSION \
--add-module=$BUILD_PATH/nginx-http-auth-digest-$NGINX_DIGEST_AUTH \ --add-module=$BUILD_PATH/nginx-http-auth-digest-$NGINX_DIGEST_AUTH \
--add-module=$BUILD_PATH/ngx_http_substitutions_filter_module-$NGINX_SUBSTITUTIONS \ --add-module=$BUILD_PATH/ngx_http_substitutions_filter_module-$NGINX_SUBSTITUTIONS \
--add-module=$BUILD_PATH/ngx_brotli \
--add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/opentracing \ --add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/opentracing \
--add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/zipkin" --add-dynamic-module=$BUILD_PATH/nginx-opentracing-$NGINX_OPENTRACING_VERSION/zipkin"
@ -217,6 +218,10 @@ if [[ ${ARCH} == "x86_64" ]]; then
WITH_MODULES+=" --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx-$MODSECURITY" WITH_MODULES+=" --add-dynamic-module=$BUILD_PATH/ModSecurity-nginx-$MODSECURITY"
fi fi
if [[ ${ARCH} != "s390x" ]]; then
WITH_MODULES+=" --add-module=$BUILD_PATH/ngx_brotli"
fi
./configure \ ./configure \
--prefix=/usr/share/nginx \ --prefix=/usr/share/nginx \
--conf-path=/etc/nginx/nginx.conf \ --conf-path=/etc/nginx/nginx.conf \
@ -261,19 +266,17 @@ apt-mark unmarkauto \
apt-get remove -y --purge \ apt-get remove -y --purge \
build-essential \ build-essential \
gcc-5 \ gcc-6 \
cpp-5 \ cpp-6 \
libgeoip-dev \ libgeoip-dev \
libpcre3-dev \ libpcre3-dev \
libssl-dev \ libssl-dev \
zlib1g-dev \ zlib1g-dev \
libaio-dev \ libaio-dev \
linux-libc-dev \ linux-libc-dev \
perl-modules-5.22 \
cmake \ cmake \
wget \ wget \
git g++ pkgconf flex bison doxygen libyajl-dev liblmdb-dev libgeoip-dev libtool dh-autoreconf libpcre++-dev libxml2-dev \ git g++ pkgconf flex bison doxygen libyajl-dev liblmdb-dev libgeoip-dev libtool dh-autoreconf libpcre++-dev libxml2-dev
linux-headers-generic
apt-get autoremove -y apt-get autoremove -y

19
images/nginx-slim/rc.yaml → images/nginx/rc.yaml
View file

@ -1,34 +1,37 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: nginxslimsvc name: nginxsvc
labels: labels:
app: nginxslim app: nginx
spec: spec:
type: NodePort type: NodePort
ports: ports:
- port: 80 - port: 80
protocol: TCP protocol: TCP
name: http name: http
- port: 443
protocol: TCP
name: https
selector: selector:
app: nginxslim app: nginx
--- ---
apiVersion: v1 apiVersion: v1
kind: ReplicationController kind: ReplicationController
metadata: metadata:
name: nginxslim name: nginx
spec: spec:
replicas: 1 replicas: 1
selector: selector:
app: nginxslim app: nginx
template: template:
metadata: metadata:
labels: labels:
app: nginxslim app: nginx
name: frontend name: frontend
spec: spec:
containers: containers:
- name: nginxslim - name: nginx
image: quay.io/kubernetes-ingress-controller/nginx-slim:0.28 image: quay.io/kubernetes-ingress-controller/nginx:0.29
ports: ports:
- containerPort: 80 - containerPort: 80