-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Add alternative debian based base image #7593
Conversation
@rikatz: This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rikatz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
leave some comments.
@@ -0,0 +1,24 @@ | |||
timeout: 10800s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we add license header?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cloud build files don't have license header (no idea why)
https://github.com/kubernetes/ingress-nginx/blob/main/cloudbuild.yaml
_GIT_TAG: "12345" | ||
_PULL_BASE_REF: "master" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These lines should be updated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, this is somehow the way cloudbuild understands this
export BUILD_PATH=/tmp/build | ||
|
||
# TODO: Verify and add the same libraries (but not dev) in main container | ||
apt-get install -y \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should runapt-get update
before this.
Or execute before this script, like the Dockerfile 👆
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
apt-get has a --no-install-recommends
flag, we can use it to reduce install packages.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Though I was using --no-install-recommends (actually I am, in debian image...)
Will review all again :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hum I remember now why I didn't added --no-install-recommends here: because modsecurity building is kind of annoying, and we are just using this image to copy the end result (libmodsecurity) to the other image (which is properly a busybox).
Do you think still we should do a --no-install-recommends? About the update I agree, should always update the builder image
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think still we should do a --no-install-recommends?
Based on the reasons you mentioned above, I think it is not necessary to add --no-install-recommends
flag
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we can move forward
Is the image already available for download ? I'm interested in testing it, due to the infamous musl-libc/lua nginx crashes. Thanks for your work 👏🏻 |
It's a WIP yet and we are waiting the test-infra promoter part to work. I will fix some things here and can generate an image locally, if you want to test :) |
Damn clicked wrong on button, sorry |
images/modsecurity/rootfs/Dockerfile
Outdated
@@ -0,0 +1,27 @@ | |||
# Copyright 2015 The Kubernetes Authors. All rights reserved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed the year here
images/nginx-debian/Makefile
Outdated
@@ -0,0 +1,57 @@ | |||
# Copyright 2017 The Kubernetes Authors. All rights reserved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And here
@@ -0,0 +1,68 @@ | |||
# Copyright 2015 The Kubernetes Authors. All rights reserved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And here
images/nginx-debian/rootfs/build.sh
Outdated
@@ -0,0 +1,606 @@ | |||
#!/bin/bash | |||
|
|||
# Copyright 2015 The Kubernetes Authors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also here...
@tao12345666333 the staging push job is merged. As soon as you think this is good and gets merged, we can start using the image in staging bucket to write some e2e tests and maybe release a non official debian image so folks can test :) |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
Fixes partially: #7518
This is also an attempt to optimize / solve coredumps problems in #6896
On an attempt to solve random coredump problems, and have some standard image building this PR:
The old all in one alpine image got 184Mb, while the new images got 164mb (base NGINX) and 77.9Mb (modsecurity).
Although the sum of the images grows (mostly due to glibc and not optimizing Debian Image the same way it's done in https://github.com/kubernetes/release/tree/master/images/build/debian-base/bullseye, still the reduction for the majority of users will be 20Mb (as modsecurity is going to be optional now)
Before merging this PR, we should wait for kubernetes/test-infra#23478 to get merged