DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #4862 from aledbf/update-nginx-image

Browse source 
Update nginx image
This commit is contained in:
Manuel Alejandro de Brito Fontes 2020-01-04 15:51:23 -03:00 committed by GitHub
commit b30115aba7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 25 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Makefile
View file

@ -50,7 +50,7 @@ GOBUILD_FLAGS := -v
ALL_ARCH = amd64 arm arm64
QEMUVERSION = v4.1.0-1
QEMUVERSION = v4.1.1-1
BUSTED_ARGS =-v --pattern=_test
@ -77,7 +77,7 @@ export E2E_CHECK_LEAKS
export SLOW_E2E_THRESHOLD
# Set default base image dynamically for each arch
BASEIMAGE?=quay.io/kubernetes-ingress-controller/nginx-$(ARCH):daf8634acf839708722cffc67a62e9316a2771c6
BASEIMAGE?=quay.io/kubernetes-ingress-controller/nginx-$(ARCH):422f554ba9cb291b4402306d77e218dff63ffab4
ifeq ($(ARCH),arm)
QEMUARCH=arm

4
deploy/cloud-generic/deployment.yaml
View file

@ -30,8 +30,8 @@ spec:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
# www-data -> 101
runAsUser: 101
env:
- name: POD_NAME
valueFrom:

4
deploy/static/mandatory.yaml
View file

@ -232,8 +232,8 @@ spec:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
# www-data -> 101
runAsUser: 101
env:
- name: POD_NAME
valueFrom:

4
deploy/static/with-rbac.yaml
View file

@ -43,8 +43,8 @@ spec:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 33
runAsUser: 33
# www-data -> 101
runAsUser: 101
env:
- name: POD_NAME
valueFrom:

2
docs/examples/psp/psp.yaml
View file

@ -35,7 +35,7 @@ spec:
runAsUser:
rule: 'MustRunAsNonRoot'
ranges:
- min: 33
- min: 101
max: 65535
seLinux:
rule: 'RunAsAny'

2
internal/ingress/controller/util.go
View file

@ -73,7 +73,7 @@ func rlimitMaxNumFiles() int {
}
const (
defBinary = "/usr/local/openresty/nginx/sbin/nginx"
defBinary = "/usr/local/nginx/sbin/nginx"
cfgPath = "/etc/nginx/nginx.conf"
)

21
rootfs/Dockerfile
View file

@ -25,25 +25,21 @@ CROSS_BUILD_COPY qemu-QEMUARCH-static /usr/bin/
WORKDIR /etc/nginx
RUN clean-install \
RUN apk add -U --no-cache \
diffutils \
libcap2-bin
libcap
COPY --chown=www-data:www-data . /
RUN cp /usr/local/openresty/nginx/conf/mime.types /etc/nginx/mime.types \
&& cp /usr/local/openresty/nginx/conf/fastcgi_params /etc/nginx/fastcgi_params
RUN ln -s /usr/local/openresty/nginx/modules /etc/nginx/modules
# Fix permission during the build to avoid issues at runtime
# with volumes (custom templates)
RUN bash -eu -c ' \
RUN bash -xeu -c ' \
writeDirs=( \
/etc/ingress-controller \
/etc/ingress-controller/ssl \
/etc/ingress-controller/auth \
/var/log \
/var/log/nginx \
/tmp \
); \
for dir in "${writeDirs[@]}"; do \
mkdir -p ${dir}; \
@ -53,15 +49,14 @@ RUN bash -eu -c ' \
RUN setcap cap_net_bind_service=+ep /nginx-ingress-controller \
&& setcap -v cap_net_bind_service=+ep /nginx-ingress-controller
RUN setcap cap_net_bind_service=+ep /usr/local/openresty/nginx/sbin/nginx \
&& setcap -v cap_net_bind_service=+ep /usr/local/openresty/nginx/sbin/nginx
RUN setcap cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \
&& setcap -v cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx
USER www-data
# Create symlinks to redirect nginx logs to stdout and stderr docker log collector
RUN ln -sf /dev/stdout /usr/local/openresty/nginx/logs/access.log \
&& ln -sf /dev/stderr /usr/local/openresty/nginx/logs/error.log \
&& ln -s /usr/local/openresty/nginx/logs/* /var/log/nginx
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
ENTRYPOINT ["/usr/bin/dumb-init", "--"]

3
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -600,8 +600,7 @@ http {
}
stream {
lua_package_cpath "/usr/local/lib/lua/?.so;/usr/lib/lua-platform-path/lua/5.1/?.so;;";
lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;/usr/local/lib/lua/?.lua;;";
lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;;";
lua_shared_dict tcp_udp_configuration_data 5M;

4
test/e2e/annotations/auth.go
View file

@ -214,7 +214,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Auth", func() {
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
})
It("should return status code 500 when authentication is configured with invalid content and Authorization header is sent", func() {
It("should return status code 401 when authentication is configured with invalid content and Authorization header is sent", func() {
host := "auth"
s := f.EnsureSecret(
@ -253,7 +253,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Auth", func() {
End()
Expect(errs).Should(BeEmpty())
Expect(resp.StatusCode).Should(Equal(http.StatusInternalServerError))
Expect(resp.StatusCode).Should(Equal(http.StatusUnauthorized))
})
It(`should set snippet "proxy_set_header My-Custom-Header 42;" when external auth is configured`, func() {

4
test/e2e/annotations/redirect.go
View file

@ -72,7 +72,7 @@ var _ = framework.IngressNginxDescribe("Annotations - Redirect", func() {
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(BeNumerically("==", http.StatusMovedPermanently))
Expect(resp.Header.Get("Location")).Should(Equal(redirectURL))
Expect(body).Should(ContainSubstring("openresty/"))
Expect(body).Should(ContainSubstring("nginx/"))
})
It("should respond with a custom redirect code", func() {
@ -108,6 +108,6 @@ var _ = framework.IngressNginxDescribe("Annotations - Redirect", func() {
Expect(errs).To(BeNil())
Expect(resp.StatusCode).Should(BeNumerically("==", redirectCode))
Expect(resp.Header.Get("Location")).Should(Equal(redirectURL))
Expect(body).Should(ContainSubstring("openresty/"))
Expect(body).Should(ContainSubstring("nginx/"))
})
})

2
test/e2e/settings/geoip2.go
View file

@ -37,6 +37,8 @@ var _ = framework.IngressNginxDescribe("Geoip2", func() {
})
It("should only allow requests from specific countries", func() {
Skip("GeoIP test are temporarily disabled")
f.UpdateNginxConfigMapData("use-geoip2", "true")
httpSnippetAllowingOnlyAustralia :=