DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Images: Bump Alpine to v3.21. (#12481)

Browse source 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
Marco Ebert 2024-12-20 18:04:10 +01:00 committed by GitHub
parent 94e39e32cf
commit c160bfff69
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 35 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Makefile
View file

@ -110,7 +110,7 @@ clean-chroot-image: ## Removes local image
.PHONY: build .PHONY: build
build: ## Build ingress controller, debug tool and pre-stop hook. build: ## Build ingress controller, debug tool and pre-stop hook.
E2E_IMAGE=golang:$(GO_VERSION)-alpine3.20 USE_SHELL=/bin/sh build/run-in-docker.sh \ E2E_IMAGE=golang:$(GO_VERSION)-alpine3.21 USE_SHELL=/bin/sh build/run-in-docker.sh \
MAC_OS=$(MAC_OS) \ MAC_OS=$(MAC_OS) \
PKG=$(PKG) \ PKG=$(PKG) \
ARCH=$(ARCH) \ ARCH=$(ARCH) \

2
docs/examples/customization/sysctl/patch.json
View file

@ -4,7 +4,7 @@
"spec": { "spec": {
"initContainers": [{ "initContainers": [{
"name": "sysctl", "name": "sysctl",
"image": "alpine:3.20", "image": "alpine:3.21",
"securityContext": { "securityContext": {
"privileged": true "privileged": true
}, },

2
images/cfssl/rootfs/Dockerfile
View file

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
FROM alpine:3.20 FROM alpine:3.21
RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
RUN apk update \ RUN apk update \

2
images/custom-error-pages/rootfs/Dockerfile
View file

@ -14,7 +14,7 @@
ARG GOLANG_VERSION ARG GOLANG_VERSION
FROM golang:${GOLANG_VERSION}-alpine3.20 as builder FROM golang:${GOLANG_VERSION}-alpine3.21 as builder
RUN apk update \ RUN apk update \
&& apk upgrade && apk add git && apk upgrade && apk add git

2
images/ext-auth-example-authsvc/rootfs/Dockerfile
View file

@ -1,6 +1,6 @@
ARG GOLANG_VERSION ARG GOLANG_VERSION
FROM golang:${GOLANG_VERSION}-alpine3.20 as builder FROM golang:${GOLANG_VERSION}-alpine3.21 as builder
RUN mkdir /authsvc RUN mkdir /authsvc
WORKDIR /authsvc WORKDIR /authsvc
COPY . ./ COPY . ./

2
images/fastcgi-helloserver/rootfs/Dockerfile
View file

@ -13,7 +13,7 @@
# limitations under the License. # limitations under the License.
ARG GOLANG_VERSION ARG GOLANG_VERSION
FROM golang:${GOLANG_VERSION}-alpine3.20 as builder FROM golang:${GOLANG_VERSION}-alpine3.21 as builder
WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi WORKDIR /go/src/k8s.io/ingress-nginx/images/fastcgi

2
images/go-grpc-greeter-server/rootfs/Dockerfile
View file

@ -1,6 +1,6 @@
ARG GOLANG_VERSION ARG GOLANG_VERSION
FROM golang:${GOLANG_VERSION}-alpine3.20 as build FROM golang:${GOLANG_VERSION}-alpine3.21 as build
WORKDIR /go/src/greeter-server WORKDIR /go/src/greeter-server

6
images/nginx/rootfs/Dockerfile
View file

@ -11,7 +11,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
FROM alpine:3.20 as builder FROM alpine:3.21 as builder
COPY . / COPY . /
@ -21,7 +21,7 @@ RUN apk update \
&& /build.sh && /build.sh
# Use a multi-stage build # Use a multi-stage build
FROM alpine:3.20 FROM alpine:3.21
ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin
@ -66,7 +66,7 @@ RUN apk update \
); \ ); \
for dir in "${writeDirs[@]}"; do \ for dir in "${writeDirs[@]}"; do \
mkdir -p ${dir}; \ mkdir -p ${dir}; \
chown -R www-data.www-data ${dir}; \ chown -R www-data:www-data ${dir}; \
done' done'
EXPOSE 80 443 EXPOSE 80 443

17
images/nginx/rootfs/build.sh
View file

@ -414,6 +414,21 @@ Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf
Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
" > /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf " > /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
# NGINX compiles a small test program to check if an added module works as expected.
#
# ModSecurity-nginx provides 'printf("hello");' as a test, but newer versions of GCC,
# as included in Alpine 3.21, do not allow implicit declaration of function 'printf':
#
# objs/autotest.c:7:5: error: implicit declaration of function 'printf' [-Wimplicit-function-declaration]
#
# For this reason we replace 'printf("hello");' by 'msc_init();', which is always available.
#
# This fix is taken from a PR, that has been proposed to the ModSecurity-nginx project:
#
# https://github.com/owasp-modsecurity/ModSecurity-nginx/pull/275
#
sed -i "s/ngx_feature_test='printf(\"hello\");'/ngx_feature_test='msc_init();'/" $BUILD_PATH/ModSecurity-nginx/config
# build nginx # build nginx
cd "$BUILD_PATH/nginx-$NGINX_VERSION" cd "$BUILD_PATH/nginx-$NGINX_VERSION"
@ -609,7 +624,7 @@ adduser -S -D -H -u 101 -h /usr/local/nginx -s /sbin/nologin -G www-data -g www-
for dir in "${writeDirs[@]}"; do for dir in "${writeDirs[@]}"; do
mkdir -p ${dir}; mkdir -p ${dir};
chown -R www-data.www-data ${dir}; chown -R www-data:www-data ${dir};
done done
rm -rf /etc/nginx/owasp-modsecurity-crs/.git rm -rf /etc/nginx/owasp-modsecurity-crs/.git

2
images/test-runner/rootfs/Dockerfile
View file

@ -15,7 +15,7 @@ ARG BASE_IMAGE
ARG GOLANG_VERSION ARG GOLANG_VERSION
ARG ETCD_VERSION ARG ETCD_VERSION
FROM golang:${GOLANG_VERSION}-alpine3.20 as GO FROM golang:${GOLANG_VERSION}-alpine3.21 as GO
FROM registry.k8s.io/etcd:${ETCD_VERSION} as etcd FROM registry.k8s.io/etcd:${ETCD_VERSION} as etcd
FROM ${BASE_IMAGE} FROM ${BASE_IMAGE}

2
rootfs/Dockerfile
View file

@ -59,7 +59,7 @@ RUN bash -xeu -c ' \
); \ ); \
for dir in "${writeDirs[@]}"; do \ for dir in "${writeDirs[@]}"; do \
mkdir -p ${dir}; \ mkdir -p ${dir}; \
chown -R www-data.www-data ${dir}; \ chown -R www-data:www-data ${dir}; \
done' \ done' \
# LD_LIBRARY_PATH does not work so below is needed for opentelemetry/other modules # LD_LIBRARY_PATH does not work so below is needed for opentelemetry/other modules
# Put libs of newer modules under `/modules_mount/<other>/lib` and add that path below # Put libs of newer modules under `/modules_mount/<other>/lib` and add that path below

6
rootfs/Dockerfile-chroot
View file

@ -23,7 +23,7 @@ RUN apk update \
&& apk upgrade \ && apk upgrade \
&& /chroot.sh && /chroot.sh
FROM alpine:3.20 FROM alpine:3.21
ARG TARGETARCH ARG TARGETARCH
ARG VERSION ARG VERSION
@ -78,7 +78,7 @@ RUN bash -xeu -c ' \
); \ ); \
for dir in "${writeDirs[@]}"; do \ for dir in "${writeDirs[@]}"; do \
mkdir -p ${dir}; \ mkdir -p ${dir}; \
chown -R www-data.www-data ${dir}; \ chown -R www-data:www-data ${dir}; \
done' \ done' \
# LD_LIBRARY_PATH does not work so below is needed for opentelemetry/other modules # LD_LIBRARY_PATH does not work so below is needed for opentelemetry/other modules
# Put libs of newer modules under `/modules_mount/<other>/lib` and add that path below # Put libs of newer modules under `/modules_mount/<other>/lib` and add that path below
@ -103,7 +103,7 @@ RUN ln -sf /chroot/etc/nginx /etc/nginx \
&& touch /chroot/var/log/nginx/access.log \ && touch /chroot/var/log/nginx/access.log \
&& chown www-data:www-data /chroot/var/log/nginx/access.log \ && chown www-data:www-data /chroot/var/log/nginx/access.log \
&& echo "" > /chroot/etc/resolv.conf \ && echo "" > /chroot/etc/resolv.conf \
&& chown -R www-data.www-data /chroot/var/log/nginx /chroot/etc/resolv.conf \ && chown -R www-data:www-data /chroot/var/log/nginx /chroot/etc/resolv.conf \
&& mknod -m 0666 /chroot/dev/null c 1 3 \ && mknod -m 0666 /chroot/dev/null c 1 3 \
&& mknod -m 0666 /chroot/dev/random c 1 8 \ && mknod -m 0666 /chroot/dev/random c 1 8 \
&& mknod -m 0666 /chroot/dev/urandom c 1 9 \ && mknod -m 0666 /chroot/dev/urandom c 1 9 \

5
rootfs/chroot.sh
View file

@ -39,7 +39,7 @@ writeDirs=( \
for dir in "${writeDirs[@]}"; do for dir in "${writeDirs[@]}"; do
mkdir -p ${dir}; mkdir -p ${dir};
chown -R www-data.www-data ${dir}; chown -R www-data:www-data ${dir};
done done
mkdir -p /chroot/lib /chroot/proc /chroot/usr /chroot/bin /chroot/dev /chroot/run mkdir -p /chroot/lib /chroot/proc /chroot/usr /chroot/bin /chroot/dev /chroot/run
@ -47,4 +47,5 @@ cp /etc/passwd /etc/group /etc/hosts /chroot/etc/
cp -a /usr/* /chroot/usr/ cp -a /usr/* /chroot/usr/
cp -a /etc/nginx/* /chroot/etc/nginx/ cp -a /etc/nginx/* /chroot/etc/nginx/
cp -a /etc/ingress-controller/* /chroot/etc/ingress-controller/ cp -a /etc/ingress-controller/* /chroot/etc/ingress-controller/
cp /lib/ld-musl-* /lib/libcrypto* /lib/libssl* /lib/libz* /chroot/lib/ cp /lib/ld-musl-* /chroot/lib/
cp /usr/lib/libcrypto* /usr/lib/libssl* /usr/lib/libz* /chroot/usr/lib/

2
test/e2e-image/Dockerfile
View file

@ -1,7 +1,7 @@
ARG E2E_BASE_IMAGE ARG E2E_BASE_IMAGE
FROM ${E2E_BASE_IMAGE} AS BASE FROM ${E2E_BASE_IMAGE} AS BASE
FROM alpine:3.20 FROM alpine:3.21
RUN apk update \ RUN apk update \
&& apk upgrade && apk add -U --no-cache \ && apk upgrade && apk add -U --no-cache \