From 991f95f6bfeac41514909c2d01e6bc908c626094 Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Sun, 23 Jun 2019 22:29:11 -0400 Subject: [PATCH] Migrate to openresty --- Makefile | 2 +- internal/ingress/controller/util.go | 2 +- rootfs/Dockerfile | 21 ++++++++++++++------- rootfs/etc/nginx/template/nginx.tmpl | 4 ++-- 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index 184c311a8..3508557c7 100644 --- a/Makefile +++ b/Makefile @@ -70,7 +70,7 @@ IMAGE = $(REGISTRY)/$(IMGNAME) MULTI_ARCH_IMG = $(IMAGE)-$(ARCH) # Set default base image dynamically for each arch -BASEIMAGE?=quay.io/kubernetes-ingress-controller/nginx-$(ARCH):0.87 +BASEIMAGE?=quay.io/kubernetes-ingress-controller/nginx-$(ARCH):0.88 ifeq ($(ARCH),arm64) QEMUARCH=aarch64 diff --git a/internal/ingress/controller/util.go b/internal/ingress/controller/util.go index bfbb338fe..b19145c4b 100644 --- a/internal/ingress/controller/util.go +++ b/internal/ingress/controller/util.go @@ -73,7 +73,7 @@ func rlimitMaxNumFiles() int { } const ( - defBinary = "/usr/sbin/nginx" + defBinary = "/usr/local/openresty/nginx/sbin/nginx" cfgPath = "/etc/nginx/nginx.conf" ) diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index d6d522fb2..717558927 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -24,6 +24,13 @@ RUN clean-install \ COPY --chown=www-data:www-data . / +RUN cp /usr/local/openresty/nginx/conf/mime.types /etc/nginx/mime.types +RUN ln -s /usr/local/openresty/nginx/modules /etc/nginx/modules + +# Add LuaRocks paths +ENV LUA_PATH="/usr/local/openresty/site/lualib/?.ljbc;/usr/local/openresty/site/lualib/?/init.ljbc;/usr/local/openresty/lualib/?.ljbc;/usr/local/openresty/lualib/?/init.ljbc;/usr/local/openresty/site/lualib/?.lua;/usr/local/openresty/site/lualib/?/init.lua;/usr/local/openresty/lualib/?.lua;/usr/local/openresty/lualib/?/init.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.lua;/usr/local/lib/lua/?.lua;/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;;" +ENV LUA_CPATH="/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;/usr/local/openresty/site/lualib/?.so;/usr/local/openresty/lualib/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;;" + # Fix permission during the build to avoid issues at runtime # with volumes (custom templates) RUN bash -eu -c ' \ @@ -42,16 +49,16 @@ RUN bash -eu -c ' \ RUN setcap cap_net_bind_service=+ep /nginx-ingress-controller \ && setcap -v cap_net_bind_service=+ep /nginx-ingress-controller -RUN setcap cap_net_bind_service=+ep /usr/sbin/nginx \ - && setcap -v cap_net_bind_service=+ep /usr/sbin/nginx - -# Create symlinks to redirect nginx logs to stdout and stderr docker log collector -# This only works if nginx is started with CMD or ENTRYPOINT -RUN ln -sf /dev/stdout /var/log/nginx/access.log -RUN ln -sf /dev/stderr /var/log/nginx/error.log +RUN setcap cap_net_bind_service=+ep /usr/local/openresty/nginx/sbin/nginx \ + && setcap -v cap_net_bind_service=+ep /usr/local/openresty/nginx/sbin/nginx USER www-data +# Create symlinks to redirect nginx logs to stdout and stderr docker log collector +RUN ln -sf /dev/stdout /usr/local/openresty/nginx/logs/access.log \ + && ln -sf /dev/stderr /usr/local/openresty/nginx/logs/error.log \ + && ln -s /usr/local/openresty/nginx/logs/* /var/log/nginx + ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD ["/nginx-ingress-controller"] diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index f012957af..b3cf12f9b 100755 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -48,8 +48,8 @@ events { } http { - lua_package_cpath "/usr/local/lib/lua/?.so;/usr/lib/lua-platform-path/lua/5.1/?.so;;"; - lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;/usr/local/lib/lua/?.lua;;"; + lua_package_path "/usr/local/openresty/site/lualib/?.ljbc;/usr/local/openresty/site/lualib/?/init.ljbc;/usr/local/openresty/lualib/?.ljbc;/usr/local/openresty/lualib/?/init.ljbc;/usr/local/openresty/site/lualib/?.lua;/usr/local/openresty/site/lualib/?/init.lua;/usr/local/openresty/lualib/?.lua;/usr/local/openresty/lualib/?/init.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.lua;/usr/local/lib/lua/?.lua;;"; + lua_package_cpath "/usr/local/openresty/site/lualib/?.so;/usr/local/openresty/lualib/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;;"; {{ buildLuaSharedDictionaries $servers $all.Cfg.DisableLuaRestyWAF }}