DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

continuing to test

Browse source 
Signed-off-by: James Strong <strong.james.e@gmail.com>
This commit is contained in:
James Strong 2022-09-29 17:41:48 -04:00 committed by James Strong
parent 1d5bc6463b
commit f898307b98
Failed to extract signature
5 changed files with 56 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
distroless-build/Makefile
View file

@ -35,6 +35,8 @@ KEY ?= melange.rsa
REPO ?= packages REPO ?= packages
TEMPLATE ?= melange/nginx-templates.json TEMPLATE ?= melange/nginx-templates.json
MELANGE_OPTS ?= -k ${KEY}.pub --signing-key ${KEY} --arch ${ARCHS} MELANGE_OPTS ?= -k ${KEY}.pub --signing-key ${KEY} --arch ${ARCHS}
MELANGE_INGRESS_OPT ?= -k ${KEY}.pub --signing-key ${KEY} --arch ${ARCHS} --empty-workspace
APKO_OPTS ?= -k ${KEY}.pub --debug --build-arch ${ARCHS} ${APKO_DIR}/${FILE}.yaml
KEY ?= melange.rsa KEY ?= melange.rsa
REPO ?= $(shell pwd)/packages REPO ?= $(shell pwd)/packages
ARCHS?="amd64,arm64,arm/v6,arm/v7,s390x" ARCHS?="amd64,arm64,arm/v6,arm/v7,s390x"
@ -50,14 +52,17 @@ keygen: ## Generate Key pair for use with signing apks
melange: ## Build melange $FILE melange: ## Build melange $FILE
${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml ${MELANGE_OPTS} --template '$(shell cat ${TEMPLATE})' ${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml ${MELANGE_OPTS} --template '$(shell cat ${TEMPLATE})'
ingress-melange:
${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml ${MELANGE_INGRESS_OPT} --template '$(shell cat ${TEMPLATE})'
nginx-melange: nginx-melange:
${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml --source-dir ${MELANGE_DIR}/${FILE} ${MELANGE_OPTS} --template '$(shell cat ${TEMPLATE})' ${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml --source-dir ${MELANGE_DIR}/${FILE} ${MELANGE_OPTS} --template '$(shell cat ${TEMPLATE})'
apko-build: ## Build an apko pipeline with $KEY and $FILE apko-build: ## Build an apko pipeline with $KEY and $FILE
${APKO} build -k ${KEY}.pub --debug ${APKO_DIR}/${FILE}.yaml $(IMAGE):$(TAG) $(IMAGE)-$(TAG).tar ${APKO} build ${APKO_OPTS} $(IMAGE):$(TAG) $(IMAGE)-$(TAG).tar
apko-push: ## Push apko built container $IMAGE:$TAG to $REGISTRY apko-push: ## Push apko built container $IMAGE:$TAG to $REGISTRY
${APKO} publish -k ${KEY}.pub --debug ${APKO_DIR}/${FILE}.yaml $(IMAGE):$(TAG) ${APKO} publish ${APKO_OPTS} $(IMAGE):$(TAG)
load: ## Load apko built image into docker load: ## Load apko built image into docker
docker load < $(IMAGE)-$(TAG).tar docker load < $(IMAGE)-$(TAG).tar
@ -68,10 +73,10 @@ load: ## Load apko built image into docker
build-all: clean-packages all-packages nginx-package ingress-packages ## Fresh build of all melange pipelines and apko files, default is all $ARCHS build-all: clean-packages all-packages nginx-package ingress-packages ## Fresh build of all melange pipelines and apko files, default is all $ARCHS
nginx-test: ## Start $IMAGE:$TAG container and drop into bash shell nginx-test: ## Start $IMAGE:$TAG container and drop into bash shell
docker run --rm -it --entrypoint bash --env-file .env $(IMAGE):$(TAG) docker run --rm -it --entrypoint bash --env-file .env $(REGISTRY)/$(IMAGE):$(TAG)
shell: ## Start Alpine base container, mount PWD and drop into sh shell: ## Start Alpine base container, mount PWD and drop into sh
docker run -it --rm -v "${PWD}":/work --entrypoint sh distroless.dev/alpine-base:latest docker run -it --rm -v "${PWD}":/work --env-file .env --group-add www-data --entrypoint sh distroless.dev/alpine-base:latest
check_clean: check_clean:
@echo -n "Are you sure? [y/N] " && read ans && [ $${ans:-N} = y ] @echo -n "Are you sure? [y/N] " && read ans && [ $${ans:-N} = y ]

69
distroless-build/apko/ingress.yaml
View file

@ -44,46 +44,17 @@ accounts:
run-as: 101 run-as: 101
environments: environments:
PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/luajit/bin" PATH: "$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/luajit/bin"
LUA_PATH: "/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;" LUA_PATH: "/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;"
LUA_CPATH: "/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" LUA_CPATH: "/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;"
LUA_INCLUDE_DIR: "/usr/local/include/luajit-2.1" :u: "/usr/local/include/luajit-2.1"
LUAJIT_INC: "/usr/local/include/luajit-2.1"
LUAJIT_LIB: "/usr/local/lib" LUAJIT_LIB: "/usr/local/lib"
LUA_LIB_DIR: "/usr/local/lib/lua"
work-dir: /etc/nginx work-dir: /etc/nginx
entrypoint:
command: "/usr/bin/dumb-init --"
cmd: /nginx-ingress-controller
paths: paths:
- path: /var/log/nginx/error.log
type: symlink
source: /dev/stderr
permissions: 0o755
- path: /var/log/nginx/access.log
type: symlink
source: /dev/stdout
permissions: 0o755
recursive: true
- path: /usr/bin/nginx
type: hardlink
source: /usr/local/nginx/sbin/nginx
permissions: 0o755
recursive: true
- path: /var/lib/nginx/proxy
type: directory
permissions: 0o755
uid: 101
gid: 101
recursive: true
- path: /etc/ingress-controller/auth
type: directory
permissions: 0o755
uid: 101
gid: 101
recursive: true
- path: /usr/local/ - path: /usr/local/
type: directory type: directory
permissions: 0o755 permissions: 0o755
@ -97,12 +68,34 @@ paths:
gid: 101 gid: 101
recursive: true recursive: true
- path: /usr/local/bin/lua - path: /usr/local/bin/lua
type: hardlink type: symlink
source: /usr/local/bin/luajit source: /usr/local/bin/luajit
permissions: 0o755 permissions: 0o755
- path: /sbin/nginx uid: 101
type: hardlink gid: 101
- path: /usr/local/include/lua
type: symlink
source: /usr/local/include/luajit-2.1
uid: 101
gid: 101
permissions: 0o755
- path: /usr/include/lua5.1
type: symlink
source: /usr/local/include/luajit-2.1
uid: 101
gid: 101
permissions: 0o755
- path: /usr/local/nginx/sbin/nginx
type: symlink
source: /sbin/nginx
uid: 101
gid: 101
permissions: 0o755
- path: /usr/bin/nginx
type: symlink
source: /usr/local/nginx/sbin/nginx source: /usr/local/nginx/sbin/nginx
uid: 101
gid: 101
permissions: 0o755 permissions: 0o755
- path: /var/lib/ - path: /var/lib/
type: directory type: directory
@ -212,7 +205,3 @@ paths:
type: directory type: directory
permissions: 0o755 permissions: 0o755
recursive: true recursive: true
archs:
- amd64
- aarch64
- armv7

11
distroless-build/apko/nginx.yaml
View file

@ -5,6 +5,7 @@ contents:
packages: packages:
- alpine-baselayout-data - alpine-baselayout-data
- geoip-dev - geoip-dev
- bash
- nginx@local - nginx@local
- opentracing@local - opentracing@local
- msgpack-cpp@local - msgpack-cpp@local
@ -54,12 +55,14 @@ paths:
gid: 101 gid: 101
recursive: true recursive: true
- path: /usr/local/bin/lua - path: /usr/local/bin/lua
type: hardlink type: symlink
source: /usr/local/bin/luajit source: /usr/local/bin/luajit
permissions: 0o755 permissions: 0o755
- path: /sbin/nginx - path: /usr/local/nginx/sbin/nginx
type: hardlink type: symlink
source: /usr/local/nginx/sbin/nginx source: /sbin/nginx
uid: 101
gid: 101
permissions: 0o755 permissions: 0o755
- path: /var/lib/ - path: /var/lib/
type: directory type: directory

7
distroless-build/melange/ingress-nginx-controller.yaml
View file

@ -30,6 +30,7 @@ environment:
- git - git
- openssh-client - openssh-client
- make - make
- libcap
pipeline: pipeline:
- uses: git-checkout - uses: git-checkout
with: with:
@ -56,3 +57,9 @@ pipeline:
-X {{ .PKG }}/version.COMMIT={{ .COMMIT_SHA }} \ -X {{ .PKG }}/version.COMMIT={{ .COMMIT_SHA }} \
-X {{ .PKG }}/version.REPO={{ .REPO_INFO }}" \ -X {{ .PKG }}/version.REPO={{ .REPO_INFO }}" \
-o "${{targets.destdir}}/nginx-ingress-controller" {{ .PKG }}/cmd/nginx -o "${{targets.destdir}}/nginx-ingress-controller" {{ .PKG }}/cmd/nginx
setcap cap_net_bind_service=+ep ${{targets.destdir}}/nginx-ingress-controller \
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/nginx-ingress-controller \
&& setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/dumb-init \
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/dumb-init

5
distroless-build/melange/nginx.yaml
View file

@ -50,6 +50,7 @@ environment:
- libxslt-dev - libxslt-dev
- gd-dev - gd-dev
- geoip-dev - geoip-dev
- libcap
- perl-dev - perl-dev
- libedit-dev - libedit-dev
- mercurial - mercurial
@ -466,7 +467,9 @@ pipeline:
echo "Clean up owasp-modsecurity-crs" echo "Clean up owasp-modsecurity-crs"
rm -rf ${{targets.destdir}}/etc/nginx/owasp-modsecurity-crs/.git rm -rf ${{targets.destdir}}/etc/nginx/owasp-modsecurity-crs/.git
rm -rf ${{targets.destdir}}/etc/nginx/owasp-modsecurity-crs/util/regression-tests rm -rf ${{targets.destdir}}/etc/nginx/owasp-modsecurity-crs/util/regression-tests
setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/local/nginx/sbin/nginx \
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/local/nginx/sbin/nginx \
echo "Clean up everything else" echo "Clean up everything else"
cd ${BUILD_PATH} cd ${BUILD_PATH}
rm -rf *.tar.gz ${BUILD_PATH}/ngx_devel_kit-{{ .NDK_VERSION }} \ rm -rf *.tar.gz ${BUILD_PATH}/ngx_devel_kit-{{ .NDK_VERSION }} \