From 8a51622ee0f21f5f99f569480e046f703c1e8ffc Mon Sep 17 00:00:00 2001 From: Ricardo Katz Date: Fri, 26 Jan 2024 17:13:45 -0300 Subject: [PATCH] Turn image from scratch to optimize usage --- .github/workflows/ci.yaml | 9 +- .github/workflows/images.yaml | 36 +++++++ .github/workflows/nginx125.yaml | 167 ----------------------------- images/nginx-1.25/rootfs/build.sh | 2 - rootfs/Dockerfile | 7 +- rootfs/Dockerfile-chroot | 6 +- test/e2e/settings/opentelemetry.go | 21 ---- 7 files changed, 50 insertions(+), 198 deletions(-) delete mode 100644 .github/workflows/nginx125.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 843294f27..2c6bef636 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -164,7 +164,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.charts == 'true') + (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: @@ -236,6 +236,7 @@ jobs: KIND_CLUSTER_NAME: kind SKIP_CLUSTER_CREATION: true SKIP_IMAGE_CREATION: true + SKIP_INGRESS_IMAGE_CREATION: true run: | kind get kubeconfig > $HOME/.kube/kind-config-kind make kind-e2e-chart-tests @@ -246,7 +247,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] @@ -260,7 +261,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] @@ -275,7 +276,7 @@ jobs: - changes - build if: | - (needs.changes.outputs.go == 'true') + (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true') strategy: matrix: k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 2e172840c..7eb07cfc3 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -36,6 +36,7 @@ jobs: kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }} ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }} nginx: ${{ steps.filter.outputs.nginx }} + nginx125: ${{ steps.filter.outputs.nginx125 }} opentelemetry: ${{ steps.filter.outputs.opentelemetry }} steps: @@ -66,6 +67,8 @@ jobs: - 'images/nginx/**' opentelemetry: - 'images/opentelemetry/**' + nginx125: + - 'images/nginx-1.25/TAG' #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here) cfssl: @@ -199,3 +202,36 @@ jobs: - name: image build run: | cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build + + nginx125: + permissions: + contents: write + packages: write + runs-on: ubuntu-latest + needs: changes + if: | + (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx125 == 'true') + env: + PLATFORMS: linux/amd64,linux/arm,linux/arm64 + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + with: + version: latest + platforms: ${{ env.PLATFORMS }} + - name: Login to GitHub Container Registry + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: build-image + run: | + export TAG=$(cat images/nginx-1.25/TAG) + cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push --load -t ingressnginx/nginx-1.25:${TAG} . + + \ No newline at end of file diff --git a/.github/workflows/nginx125.yaml b/.github/workflows/nginx125.yaml deleted file mode 100644 index 3a5b3372d..000000000 --- a/.github/workflows/nginx125.yaml +++ /dev/null @@ -1,167 +0,0 @@ -name: NGINX v1.25 Image - -on: - pull_request: - branches: - - "kdsajdoiasjdoasijads" - paths: - - 'images/nginx-1.25/**' - push: - branches: - - main - paths: - - 'images/nginx-1.25/**' - -permissions: - contents: read - -jobs: - changes: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - outputs: - nginx: ${{ steps.filter.outputs.nginx }} - tag: ${{ steps.filter.outputs.tag }} - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - id: filter - with: - token: ${{ secrets.GITHUB_TOKEN }} - filters: | - nginx: - - 'images/nginx-1.25/**' - tag: - - 'images/nginx-1.25/TAG' - - build: - permissions: - contents: read # for dorny/paths-filter to fetch a list of changed files - pull-requests: read # for dorny/paths-filter to read pull requests - runs-on: ubuntu-latest - needs: changes - if: | - (github.event_name != 'push' && github.ref != 'refs/heads/main' && needs.changes.outputs.nginx == 'true') - env: - PLATFORMS: linux/amd64 - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Set up Go - id: go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: '1.21.5' - check-latest: true - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - with: - version: latest - platforms: ${{ env.PLATFORMS }} - - name: Prepare Host - run: | - curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl - chmod +x ./kubectl - sudo mv ./kubectl /usr/local/bin/kubectl - - name: build-image - run: | - cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t nginx-1.25:1.0.0-dev . - - name: load-image - run: | - make clean-image build - make -C test/e2e-image image - docker build \ - --platform linux \ - --no-cache \ - --build-arg BASE_IMAGE="nginx-1.25:1.0.0-dev" \ - --build-arg VERSION="0.0.1-${{ github.sha }}" \ - --build-arg TARGETARCH="amd64" \ - --build-arg COMMIT_SHA="git-${{ github.sha }}" \ - --build-arg BUILD_ID=""UNSET"" \ - -t ingress-controller/controller:1.0.0-dev rootfs - docker save \ - nginx-ingress-controller:e2e \ - ingress-controller/controller:1.0.0-dev \ - nginx-1.25:1.0.0-dev \ - | gzip > docker.tar.gz - - name: cache - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 - with: - name: docker.tar.gz - path: docker.tar.gz - retention-days: 2 - - e2e-test: - name: Kubernetes - runs-on: ubuntu-latest - needs: - - build - strategy: - matrix: - k8s: [v1.27.3, v1.28.0, v1.29.0] - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: cache - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 - with: - name: docker.tar.gz - - - name: Create Kubernetes ${{ matrix.k8s }} cluster - id: kind - run: | - kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml - - - name: Load images from cache - run: | - echo "loading docker images..." - gzip -dc docker.tar.gz | docker load - - - name: Run e2e tests - env: - KIND_CLUSTER_NAME: kind - SKIP_CLUSTER_CREATION: true - SKIP_IMAGE_CREATION: true - SKIP_OPENTELEMETRY_TESTS: true - run: | - kind get kubeconfig > $HOME/.kube/kind-config-kind - make NGINX_BASE_IMAGE="nginx-1.25:1.0.0-dev" kind-e2e-test - - push: - permissions: - contents: write - packages: write - runs-on: ubuntu-latest - needs: changes - if: | - (github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.tag == 'true') - env: - PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - with: - version: latest - platforms: ${{ env.PLATFORMS }} - - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: build-image - run: | - export TAG=$(cat images/nginx-1.25/TAG) - cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push --load -t ingressnginx/nginx-1.25:${TAG} . - diff --git a/images/nginx-1.25/rootfs/build.sh b/images/nginx-1.25/rootfs/build.sh index 649c608a5..c759ff026 100755 --- a/images/nginx-1.25/rootfs/build.sh +++ b/images/nginx-1.25/rootfs/build.sh @@ -491,8 +491,6 @@ make make modules make install - -# TODO: Ricardo Move to the right place export OPENTELEMETRY_CONTRIB_COMMIT=aaa51e2297bcb34297f3c7aa44fa790497d2f7f3 cd "$BUILD_PATH" diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 86517c6c1..b3b98c0a9 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -14,7 +14,7 @@ ARG BASE_IMAGE -FROM ${BASE_IMAGE} +FROM ${BASE_IMAGE} as builder ARG TARGETARCH ARG VERSION @@ -83,6 +83,9 @@ USER www-data RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log -ENTRYPOINT ["/usr/bin/dumb-init", "--"] +FROM scratch +COPY --from=builder / / +USER www-data +ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["/nginx-ingress-controller"] diff --git a/rootfs/Dockerfile-chroot b/rootfs/Dockerfile-chroot index a210aa7bf..4af8dade5 100644 --- a/rootfs/Dockerfile-chroot +++ b/rootfs/Dockerfile-chroot @@ -23,7 +23,7 @@ RUN apk update \ && apk upgrade \ && /chroot.sh -FROM alpine:3.19.0 +FROM alpine:3.19.0 as builder ARG TARGETARCH ARG VERSION @@ -116,10 +116,12 @@ RUN mkdir -p /chroot/modules_mount \ && mkdir -p modules_mount \ && ln -s /modules_mount /chroot/modules_mount +FROM scratch + USER www-data EXPOSE 80 443 - +COPY --from=builder / / ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["/nginx-ingress-controller"] diff --git a/test/e2e/settings/opentelemetry.go b/test/e2e/settings/opentelemetry.go index b7b0ca87e..b5fc6ff4e 100644 --- a/test/e2e/settings/opentelemetry.go +++ b/test/e2e/settings/opentelemetry.go @@ -39,12 +39,6 @@ const ( var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { f := framework.NewDefaultFramework("enable-opentelemetry") - /*shouldSkip := false - skip, ok := os.LookupEnv("SKIP_OPENTELEMETRY_TESTS") - if ok && skip == enable { - shouldSkip = true - }*/ - ginkgo.BeforeEach(func() { f.NewEchoDeployment() }) @@ -53,9 +47,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should not exists opentelemetry directive", func() { - /*if shouldSkip { - ginkgo.Skip("skipped") - }*/ config := map[string]string{} config[enableOpentelemetry] = disable f.SetNginxConfigMapData(config) @@ -69,9 +60,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should exists opentelemetry directive when is enabled", func() { - /*if shouldSkip { - ginkgo.Skip("skipped") - }*/ config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath @@ -86,9 +74,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should include opentelemetry_trust_incoming_spans on directive when enabled", func() { - /*if shouldSkip { - ginkgo.Skip("skipped") - }*/ config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath @@ -104,9 +89,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should not exists opentelemetry_operation_name directive when is empty", func() { - /*if shouldSkip { - ginkgo.Skip("skipped") - }*/ config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath @@ -122,9 +104,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { }) ginkgo.It("should exists opentelemetry_operation_name directive when is configured", func() { - /*if shouldSkip { - ginkgo.Skip("skipped") - }*/ config := map[string]string{} config[enableOpentelemetry] = enable config[opentelemetryConfig] = opentelemetryConfigPath