DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Turn image from scratch to optimize usage

Browse source
This commit is contained in:
Ricardo Katz 2024-01-26 17:13:45 -03:00
parent f40668a641
commit 8a51622ee0
7 changed files with 50 additions and 198 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.github/workflows/ci.yaml vendored
View file

@ -164,7 +164,7 @@ jobs:
- changes - changes
- build - build
if: | if: |
(needs.changes.outputs.charts == 'true') (needs.changes.outputs.charts == 'true') || (needs.changes.outputs.baseimage == 'true')
strategy: strategy:
matrix: matrix:
@ -236,6 +236,7 @@ jobs:
KIND_CLUSTER_NAME: kind KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true SKIP_IMAGE_CREATION: true
SKIP_INGRESS_IMAGE_CREATION: true
run: | run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind kind get kubeconfig > $HOME/.kube/kind-config-kind
make kind-e2e-chart-tests make kind-e2e-chart-tests
@ -246,7 +247,7 @@ jobs:
- changes - changes
- build - build
if: | if: |
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true')
strategy: strategy:
matrix: matrix:
k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]
@ -260,7 +261,7 @@ jobs:
- changes - changes
- build - build
if: | if: |
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true')
strategy: strategy:
matrix: matrix:
k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]
@ -275,7 +276,7 @@ jobs:
- changes - changes
- build - build
if: | if: |
(needs.changes.outputs.go == 'true') (needs.changes.outputs.go == 'true') || (needs.changes.outputs.baseimage == 'true')
strategy: strategy:
matrix: matrix:
k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0] k8s: [v1.26.6, v1.27.3, v1.28.0, v1.29.0]

36
.github/workflows/images.yaml vendored
View file

@ -36,6 +36,7 @@ jobs:
kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }} kube-webhook-certgen: ${{ steps.filter.outputs.kube-webhook-certgen }}
ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }} ext-auth-example-authsvc: ${{ steps.filter.outputs.ext-auth-example-authsvc }}
nginx: ${{ steps.filter.outputs.nginx }} nginx: ${{ steps.filter.outputs.nginx }}
nginx125: ${{ steps.filter.outputs.nginx125 }}
opentelemetry: ${{ steps.filter.outputs.opentelemetry }} opentelemetry: ${{ steps.filter.outputs.opentelemetry }}
steps: steps:
@ -66,6 +67,8 @@ jobs:
- 'images/nginx/**' - 'images/nginx/**'
opentelemetry: opentelemetry:
- 'images/opentelemetry/**' - 'images/opentelemetry/**'
nginx125:
- 'images/nginx-1.25/TAG'
#### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here) #### TODO: Make the below jobs 'less dumb' and use the job name as parameter (the github.job context does not work here)
cfssl: cfssl:
@ -199,3 +202,36 @@ jobs:
- name: image build - name: image build
run: | run: |
cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build cd images/opentelemetry && make NGINX_VERSION=${{ matrix.nginx }} build
nginx125:
permissions:
contents: write
packages: write
runs-on: ubuntu-latest
needs: changes
if: |
(github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.nginx125 == 'true')
env:
PLATFORMS: linux/amd64,linux/arm,linux/arm64
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with:
version: latest
platforms: ${{ env.PLATFORMS }}
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: build-image
run: |
export TAG=$(cat images/nginx-1.25/TAG)
cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push --load -t ingressnginx/nginx-1.25:${TAG} .

167
.github/workflows/nginx125.yaml vendored
View file

@ -1,167 +0,0 @@
name: NGINX v1.25 Image
on:
pull_request:
branches:
- "kdsajdoiasjdoasijads"
paths:
- 'images/nginx-1.25/**'
push:
branches:
- main
paths:
- 'images/nginx-1.25/**'
permissions:
contents: read
jobs:
changes:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
outputs:
nginx: ${{ steps.filter.outputs.nginx }}
tag: ${{ steps.filter.outputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
nginx:
- 'images/nginx-1.25/**'
tag:
- 'images/nginx-1.25/TAG'
build:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
needs: changes
if: |
(github.event_name != 'push' && github.ref != 'refs/heads/main' && needs.changes.outputs.nginx == 'true')
env:
PLATFORMS: linux/amd64
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Go
id: go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.21.5'
check-latest: true
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with:
version: latest
platforms: ${{ env.PLATFORMS }}
- name: Prepare Host
run: |
curl -LO https://dl.k8s.io/release/v1.27.3/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
- name: build-image
run: |
cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --load -t nginx-1.25:1.0.0-dev .
- name: load-image
run: |
make clean-image build
make -C test/e2e-image image
docker build \
--platform linux \
--no-cache \
--build-arg BASE_IMAGE="nginx-1.25:1.0.0-dev" \
--build-arg VERSION="0.0.1-${{ github.sha }}" \
--build-arg TARGETARCH="amd64" \
--build-arg COMMIT_SHA="git-${{ github.sha }}" \
--build-arg BUILD_ID=""UNSET"" \
-t ingress-controller/controller:1.0.0-dev rootfs
docker save \
nginx-ingress-controller:e2e \
ingress-controller/controller:1.0.0-dev \
nginx-1.25:1.0.0-dev \
| gzip > docker.tar.gz
- name: cache
uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
with:
name: docker.tar.gz
path: docker.tar.gz
retention-days: 2
e2e-test:
name: Kubernetes
runs-on: ubuntu-latest
needs:
- build
strategy:
matrix:
k8s: [v1.27.3, v1.28.0, v1.29.0]
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: cache
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
with:
name: docker.tar.gz
- name: Create Kubernetes ${{ matrix.k8s }} cluster
id: kind
run: |
kind create cluster --image=kindest/node:${{ matrix.k8s }} --config test/e2e/kind.yaml
- name: Load images from cache
run: |
echo "loading docker images..."
gzip -dc docker.tar.gz | docker load
- name: Run e2e tests
env:
KIND_CLUSTER_NAME: kind
SKIP_CLUSTER_CREATION: true
SKIP_IMAGE_CREATION: true
SKIP_OPENTELEMETRY_TESTS: true
run: |
kind get kubeconfig > $HOME/.kube/kind-config-kind
make NGINX_BASE_IMAGE="nginx-1.25:1.0.0-dev" kind-e2e-test
push:
permissions:
contents: write
packages: write
runs-on: ubuntu-latest
needs: changes
if: |
(github.event_name == 'push' && github.ref == 'refs/heads/main' && needs.changes.outputs.tag == 'true')
env:
PLATFORMS: linux/amd64,linux/arm,linux/arm64,linux/s390x
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with:
version: latest
platforms: ${{ env.PLATFORMS }}
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: build-image
run: |
export TAG=$(cat images/nginx-1.25/TAG)
cd images/nginx-1.25/rootfs && docker buildx build --platform=${{ env.PLATFORMS }} --push --load -t ingressnginx/nginx-1.25:${TAG} .

2
images/nginx-1.25/rootfs/build.sh
View file

@ -491,8 +491,6 @@ make
make modules make modules
make install make install
# TODO: Ricardo Move to the right place
export OPENTELEMETRY_CONTRIB_COMMIT=aaa51e2297bcb34297f3c7aa44fa790497d2f7f3 export OPENTELEMETRY_CONTRIB_COMMIT=aaa51e2297bcb34297f3c7aa44fa790497d2f7f3
cd "$BUILD_PATH" cd "$BUILD_PATH"

7
rootfs/Dockerfile
View file

@ -14,7 +14,7 @@
ARG BASE_IMAGE ARG BASE_IMAGE
FROM ${BASE_IMAGE} FROM ${BASE_IMAGE} as builder
ARG TARGETARCH ARG TARGETARCH
ARG VERSION ARG VERSION
@ -83,6 +83,9 @@ USER www-data
RUN ln -sf /dev/stdout /var/log/nginx/access.log \ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log && ln -sf /dev/stderr /var/log/nginx/error.log
ENTRYPOINT ["/usr/bin/dumb-init", "--"] FROM scratch
COPY --from=builder / /
USER www-data
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["/nginx-ingress-controller"] CMD ["/nginx-ingress-controller"]

6
rootfs/Dockerfile-chroot
View file

@ -23,7 +23,7 @@ RUN apk update \
&& apk upgrade \ && apk upgrade \
&& /chroot.sh && /chroot.sh
FROM alpine:3.19.0 FROM alpine:3.19.0 as builder
ARG TARGETARCH ARG TARGETARCH
ARG VERSION ARG VERSION
@ -116,10 +116,12 @@ RUN mkdir -p /chroot/modules_mount \
&& mkdir -p modules_mount \ && mkdir -p modules_mount \
&& ln -s /modules_mount /chroot/modules_mount && ln -s /modules_mount /chroot/modules_mount
FROM scratch
USER www-data USER www-data
EXPOSE 80 443 EXPOSE 80 443
COPY --from=builder / /
ENTRYPOINT ["/usr/bin/dumb-init", "--"] ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["/nginx-ingress-controller"] CMD ["/nginx-ingress-controller"]

21
test/e2e/settings/opentelemetry.go
View file

@ -39,12 +39,6 @@ const (
var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() { var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
f := framework.NewDefaultFramework("enable-opentelemetry") f := framework.NewDefaultFramework("enable-opentelemetry")
/*shouldSkip := false
skip, ok := os.LookupEnv("SKIP_OPENTELEMETRY_TESTS")
if ok && skip == enable {
shouldSkip = true
}*/
ginkgo.BeforeEach(func() { ginkgo.BeforeEach(func() {
f.NewEchoDeployment() f.NewEchoDeployment()
}) })
@ -53,9 +47,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
}) })
ginkgo.It("should not exists opentelemetry directive", func() { ginkgo.It("should not exists opentelemetry directive", func() {
/*if shouldSkip {
ginkgo.Skip("skipped")
}*/
config := map[string]string{} config := map[string]string{}
config[enableOpentelemetry] = disable config[enableOpentelemetry] = disable
f.SetNginxConfigMapData(config) f.SetNginxConfigMapData(config)
@ -69,9 +60,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
}) })
ginkgo.It("should exists opentelemetry directive when is enabled", func() { ginkgo.It("should exists opentelemetry directive when is enabled", func() {
/*if shouldSkip {
ginkgo.Skip("skipped")
}*/
config := map[string]string{} config := map[string]string{}
config[enableOpentelemetry] = enable config[enableOpentelemetry] = enable
config[opentelemetryConfig] = opentelemetryConfigPath config[opentelemetryConfig] = opentelemetryConfigPath
@ -86,9 +74,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
}) })
ginkgo.It("should include opentelemetry_trust_incoming_spans on directive when enabled", func() { ginkgo.It("should include opentelemetry_trust_incoming_spans on directive when enabled", func() {
/*if shouldSkip {
ginkgo.Skip("skipped")
}*/
config := map[string]string{} config := map[string]string{}
config[enableOpentelemetry] = enable config[enableOpentelemetry] = enable
config[opentelemetryConfig] = opentelemetryConfigPath config[opentelemetryConfig] = opentelemetryConfigPath
@ -104,9 +89,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
}) })
ginkgo.It("should not exists opentelemetry_operation_name directive when is empty", func() { ginkgo.It("should not exists opentelemetry_operation_name directive when is empty", func() {
/*if shouldSkip {
ginkgo.Skip("skipped")
}*/
config := map[string]string{} config := map[string]string{}
config[enableOpentelemetry] = enable config[enableOpentelemetry] = enable
config[opentelemetryConfig] = opentelemetryConfigPath config[opentelemetryConfig] = opentelemetryConfigPath
@ -122,9 +104,6 @@ var _ = framework.IngressNginxDescribe("Configure Opentelemetry", func() {
}) })
ginkgo.It("should exists opentelemetry_operation_name directive when is configured", func() { ginkgo.It("should exists opentelemetry_operation_name directive when is configured", func() {
/*if shouldSkip {
ginkgo.Skip("skipped")
}*/
config := map[string]string{} config := map[string]string{}
config[enableOpentelemetry] = enable config[enableOpentelemetry] = enable
config[opentelemetryConfig] = opentelemetryConfigPath config[opentelemetryConfig] = opentelemetryConfigPath