Skip to content

Commit

Permalink
Add OpenTracing to all Debian and Alpine based images (#2581)
Browse files Browse the repository at this point in the history
Co-authored-by: Jodie Putrino <[email protected]>
  • Loading branch information
lucacome and jputrino authored Apr 22, 2022
1 parent 888f52c commit 8706d5d
Show file tree
Hide file tree
Showing 6 changed files with 53 additions and 74 deletions.
14 changes: 7 additions & 7 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -159,13 +159,13 @@ jobs:
echo "::set-output name=matrix::{\"images\": \
[{\"image\": \"debian\", \"marker\": \"ingresses\"}, \
{\"image\": \"alpine\", \"marker\":\"vsr\"}, \
{\"image\": \"alpine-opentracing\", \"marker\":\"policies\"}, \
{\"image\": \"opentracing\", \"marker\": \"vs\"}, \
{\"image\": \"alpine\", \"marker\":\"policies\"}, \
{\"image\": \"debian\", \"marker\": \"vs\"}, \
{\"image\": \"ubi\", \"marker\": \"ts\"}, \
{\"image\": \"debian-plus\", \"marker\": \"vs\"}, \
{\"image\": \"debian-plus\", \"marker\": \"ts\"}, \
{\"image\": \"alpine-plus\", \"marker\":\"ingresses\"}, \
{\"image\": \"opentracing-plus\", \"marker\": \"vsr\"}, \
{\"image\": \"alpine-plus\", \"marker\": \"vsr\"}, \
{\"image\": \"ubi-plus\", \"marker\": \"policies\"}], \
\"k8s\": [\"${{ needs.checks.outputs.k8s_latest }}\"]}"
else
Expand Down Expand Up @@ -347,7 +347,7 @@ jobs:
strategy:
fail-fast: false
matrix:
image: [debian, alpine, opentracing, alpine-opentracing]
image: [debian, alpine]
platforms: ["linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"]
include:
- image: ubi
Expand Down Expand Up @@ -397,7 +397,7 @@ jobs:
nginx/nginx-ingress
ghcr.io/nginxinc/kubernetes-ingress
public.ecr.aws/nginx/nginx-ingress
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }},onlatest=true
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }},onlatest=true
tags: |
type=edge
type=ref,event=pr
Expand Down Expand Up @@ -472,7 +472,7 @@ jobs:
strategy:
fail-fast: false
matrix:
image: [debian-plus, alpine-plus, opentracing-plus]
image: [debian-plus, alpine-plus]
platforms: ["linux/arm64, linux/amd64"]
target: [goreleaser]
include:
Expand Down Expand Up @@ -523,7 +523,7 @@ jobs:
${{ startsWith(github.ref, 'refs/heads/release') && 'gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic/nginx-plus-ingress' || '' }}
${{ startsWith(github.ref, 'refs/tags/') && contains(matrix.target, 'aws') && '709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress' || '' }}
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true
tags: |
type=edge
type=ref,event=branch,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
Expand Down
16 changes: 6 additions & 10 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -139,19 +139,15 @@ openshift-image openshift-image-plus openshift-image-nap-plus openshift-image-do
@$(MAKE) $(subst openshift,ubi,$(MAKECMDGOALS)) $(MAKEFLAGS)

.PHONY: alpine-image-opentracing
alpine-image-opentracing: build ## Create Docker image for Ingress Controller (Alpine with OpenTracing)
$(DOCKER_CMD) --build-arg BUILD_OS=alpine-opentracing
alpine-image-opentracing:
@echo "OpenTracing is now included in all Alpine based images"

.PHONY: debian-image-opentracing
debian-image-opentracing: build ## Create Docker image for Ingress Controller (Debian with OpenTracing)
$(DOCKER_CMD) --build-arg BUILD_OS=opentracing

.PHONY: debian-image-opentracing-plus
debian-image-opentracing-plus: build ## Create Docker image for Ingress Controller (Debian with OpenTracing and NGINX Plus)
$(DOCKER_CMD) $(PLUS_ARGS) --build-arg BUILD_OS=opentracing-plus
.PHONY: debian-image-opentracing debian-image-opentracing-plus
debian-image-opentracing debian-image-opentracing-plus:
@echo "OpenTracing is now included in all Debian based images"

.PHONY: all-images ## Create all the Docker images for Ingress Controller
all-images: alpine-image alpine-image-plus debian-image debian-image-plus debian-image-nap-plus debian-image-dos-plus debian-image-nap-dos-plus debian-image-opentracing debian-image-opentracing-plus ubi-image ubi-image-plus ubi-image-nap-plus ubi-image-dos-plus ubi-image-nap-dos-plus
all-images: alpine-image alpine-image-plus debian-image debian-image-plus debian-image-nap-plus debian-image-dos-plus debian-image-nap-dos-plus ubi-image ubi-image-plus ubi-image-nap-plus ubi-image-dos-plus ubi-image-nap-dos-plus

.PHONY: push
push: ## Docker push to PREFIX and TAG
Expand Down
64 changes: 25 additions & 39 deletions build/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,38 @@ ARG NGINX_PLUS_VERSION=r26
ARG DOWNLOAD_TAG=edge
ARG DEBIAN_VERSION=bullseye-slim


############################################# Base images containing libs for Opentracing #############################################
FROM opentracing/nginx-opentracing:nginx-1.21.6 as opentracing-lib
FROM opentracing/nginx-opentracing:nginx-1.21.6-alpine as alpine-opentracing-lib


############################################# Base image for Debian #############################################
FROM nginx:1.21.6 AS debian

RUN apt-get update \
RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
apt-get update \
&& apt-get install --no-install-recommends --no-install-suggests -y libcap2-bin \
# temp fix for CVE-2022-1271
&& apt-get install -y gzip liblzma5 \
&& rm -rf /var/lib/apt/lists/* \
&& cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
&& ldconfig \
&& echo $NGINX_VERSION > nginx_version


############################################# Base image for Alpine #############################################
# docker.io/library/nginx is a temporary workaround for Dependabot to see this as different from the one used in Debian
FROM docker.io/library/nginx:1.21.6-alpine AS alpine

RUN apk add --no-cache libcap \
RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
apk add --no-cache libcap libstdc++ \
# temp fix for CVE-2022-1271
&& apk upgrade --no-cache xz-libs
&& apk upgrade --no-cache xz-libs \
&& cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
&& ldconfig /usr/local/lib/


############################################# Base image for Alpine with NGINX Plus #############################################
Expand All @@ -30,9 +44,12 @@ ARG NGINX_PLUS_VERSION

RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
--mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
wget -nv -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub \
&& printf "%s\n" "https://pkgs.nginx.com/plus/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
&& apk add --no-cache libcap nginx-plus~${NGINX_PLUS_VERSION#r} nginx-plus-module-njs~${NGINX_PLUS_VERSION#r}
&& apk add --no-cache libcap nginx-plus~${NGINX_PLUS_VERSION#r} nginx-plus-module-njs~${NGINX_PLUS_VERSION#r} nginx-plus-module-opentracing~${NGINX_PLUS_VERSION#r} libcurl \
&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& ldconfig /usr/local/lib/


############################################# Base image for Debian with NGINX Plus #############################################
Expand All @@ -44,6 +61,7 @@ ARG BUILD_OS
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
--mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
apt-get update \
&& apt-get install --no-install-recommends --no-install-suggests -y ca-certificates gnupg curl apt-transport-https libcap2-bin \
# temp fix for CVE-2022-1271
Expand All @@ -54,8 +72,10 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
&& printf "%s\n" "Acquire::https::pkgs.nginx.com::User-Agent \"k8s-ic-$IC_VERSION${BUILD_OS##debian-plus}-apt\";" >> /etc/apt/apt.conf.d/90pkgs-nginx \
&& printf "%s\n" "deb https://pkgs.nginx.com/plus/${NGINX_PLUS_VERSION^^}/debian ${DEBIAN_VERSION} nginx-plus" > /etc/apt/sources.list.d/nginx-plus.list \
&& apt-get update \
&& apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs \
&& apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing libcurl4 \
&& apt-get purge --auto-remove -y apt-transport-https gnupg curl \
&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& ldconfig \
&& rm -rf /var/lib/apt/lists/*


Expand Down Expand Up @@ -168,40 +188,6 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
# RUN update-ca-trust extract


############################################# Base images containing libs for Opentracing #############################################
FROM opentracing/nginx-opentracing:nginx-1.21.6 as opentracing-lib
FROM opentracing/nginx-opentracing:nginx-1.21.6-alpine as alpine-opentracing-lib


############################################# Build image for Alpine with Opentracing #############################################
FROM alpine as alpine-opentracing

RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ cp -av /tmp/usr/local/lib/libopentracing.so* /tmp/usr/local/lib/libjaegertracing*so* /tmp/usr/local/lib/libzipkin*so* /tmp/usr/local/lib/libdd*so* /tmp/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& cp -av /tmp/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
&& ldconfig /usr/local/lib/


############################################# Build image for Debian with Opentracing #############################################
FROM debian as opentracing

RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ cp -av /tmp/usr/local/lib/libopentracing.so* /tmp/usr/local/lib/libjaegertracing*so* /tmp/usr/local/lib/libzipkin*so* /tmp/usr/local/lib/libdd*so* /tmp/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& cp -av /tmp/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
&& ldconfig


############################################# Build image for Opentracing with NGINX Plus #############################################
FROM debian-plus as opentracing-plus

RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
apt-get update \
&& apt-get install --no-install-recommends --no-install-suggests -y libcurl4 nginx-plus-module-opentracing \
&& rm -rf /var/lib/apt/lists/*

RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ cp -av /tmp/usr/local/lib/libjaegertracing*so* /tmp/usr/local/lib/libzipkin*so* /tmp/usr/local/lib/libdd*so* /tmp/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& ldconfig


############################################# Create common files, permissions and setcap #############################################
FROM ${BUILD_OS} as common

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,6 @@ Below you can find some of the most useful targets in the **Makefile**:
* **debian-image-nap-plus**: for building a debian-based image with NGINX Plus and the [appprotect](/nginx-app-protect/) module.
* **debian-image-dos-plus**: for building a debian-based image with NGINX Plus and the [appprotect-dos](/nginx-app-protect-dos/) module.
* **debian-image-nap-dos-plus**: for building a debian-based image with NGINX Plus appprotect and appprotect-dos modules.
* **debian-image-opentracing**: for building a debian-based image with NGINX, [opentracing](https://github.com/opentracing-contrib/nginx-opentracing) module and the [Jaeger](https://www.jaegertracing.io/) tracer.
* **debian-image-opentracing-plus**: for building a debian-based image with NGINX Plus, [opentracing](https://github.com/opentracing-contrib/nginx-opentracing) module and the [Jaeger](https://www.jaegertracing.io/) tracer.
* **ubi-image**: for building an ubi-based image with NGINX for [Openshift](https://www.openshift.com/) clusters.
* **ubi-image-plus**: for building an ubi-based image with NGINX Plus for [Openshift](https://www.openshift.com/) clusters.
* **ubi-image-nap-plus**: for building an ubi-based image with NGINX Plus and the [appprotect](/nginx-app-protect/) module for [Openshift](https://www.openshift.com/) clusters.
Expand Down
27 changes: 12 additions & 15 deletions docs/content/technical-specifications.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,8 @@ All images include NGINX 1.21.6.
{{% table %}}
|Name | Base image | Third-party modules | DockerHub image | Architectures |
| ---| ---| ---| --- | --- |
|Alpine-based image | ``nginx:1.21.6-alpine``, which is based on ``alpine:3.15`` | | ``nginx/nginx-ingress:2.2.0-alpine`` | arm/v7, arm64, amd64, ppc64le, s390x |
|Alpine-based image with OpenTracing | ``nginx:1.21.6-alpine``, which is based on ``alpine:3.15`` | NGINX OpenTracing module, OpenTracing library, OpenTracing tracers for Jaeger, Zipkin and Datadog | ``nginx/nginx-ingress:2.2.0-alpine-ot`` | arm/v7, arm64, amd64, ppc64le, s390x |
|Debian-based image | ``nginx:1.21.6``, which is based on ``debian:bullseye-slim`` | | ``nginx/nginx-ingress:2.2.0`` | arm/v7, arm64, amd64, ppc64le, s390x |
|Debian-based image with OpenTracing | ``nginx:1.21.6``, which is based on ``debian:bullseye-slim`` | NGINX OpenTracing module, OpenTracing library, OpenTracing tracers for Jaeger, Zipkin and Datadog | ``nginx/nginx-ingress:2.2.0-ot`` | arm/v7, arm64, amd64, ppc64le, s390x |
|Alpine-based image | ``nginx:1.21.6-alpine``, which is based on ``alpine:3.15`` | NGINX OpenTracing module, OpenTracing library, OpenTracing tracers for Jaeger, Zipkin and Datadog | ``nginx/nginx-ingress:2.2.0-alpine`` | arm/v7, arm64, amd64, ppc64le, s390x |
|Debian-based image | ``nginx:1.21.6``, which is based on ``debian:bullseye-slim`` | NGINX OpenTracing module, OpenTracing library, OpenTracing tracers for Jaeger, Zipkin and Datadog | ``nginx/nginx-ingress:2.2.0`` | arm/v7, arm64, amd64, ppc64le, s390x |
|Ubi-based image | ``redhat/ubi8`` | | ``nginx/nginx-ingress:2.2.0-ubi`` | arm64, amd64, s390x |
{{% /table %}}

Expand All @@ -60,25 +58,24 @@ NGINX Plus images are available through the F5 Container registry `private-regis
{{% table %}}
|Name | Base image | Third-party modules | F5 Container Registry Image | Architectures |
| ---| ---| --- | --- | --- |
|Alpine-based image | ``alpine:3.15`` | NGINX Plus JavaScript module | `nginx-ic/nginx-plus-ingress:2.2.0-alpine` | arm64, amd64 |
|Debian-based image | ``debian:bullseye-slim`` | NGINX Plus JavaScript module | `nginx-ic/nginx-plus-ingress:2.2.0` | arm64, amd64 |
|Debian-based image with OpenTracing | ``debian:bullseye-slim`` | NGINX Plus OpenTracing module, OpenTracing tracers for Jaeger, Zipkin and Datadog; NGINX Plus JavaScript module | `nginx-ic/nginx-plus-ingress:2.2.0-ot` | arm64, amd64 |
|Debian-based image with App Protect WAF| ``debian:buster-slim`` | NGINX Plus App Protect WAF module; NGINX Plus JavaScript module | `nginx-ic-nap/nginx-plus-ingress:2.2.0` | amd64 |
|Debian-based image with App Protect DoS | ``debian:buster-slim`` | NGINX Plus App Protect DoS module; NGINX Plus JavaScript module | | amd64 |
|Debian-based image with App Protect WAF and DoS | ``debian:buster-slim`` | NGINX Plus App Protect WAF and DoS modules; NGINX Plus JavaScript module | | amd64 |
|Alpine-based image | ``alpine:3.15`` | NGINX Plus JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic/nginx-plus-ingress:2.2.0-alpine` | arm64, amd64 |
|Debian-based image | ``debian:bullseye-slim`` | NGINX Plus JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic/nginx-plus-ingress:2.2.0` | arm64, amd64 |
|Debian-based image with App Protect WAF| ``debian:buster-slim`` | NGINX Plus App Protect WAF, JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | `nginx-ic-nap/nginx-plus-ingress:2.2.0` | amd64 |
|Debian-based image with App Protect DoS | ``debian:buster-slim`` | NGINX Plus App Protect DoS, JavaScript module and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | | amd64 |
|Debian-based image with App Protect WAF and DoS | ``debian:buster-slim`` | NGINX Plus App Protect WAF, DoS, JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | | amd64 |
|Ubi-based image | ``redhat/ubi8`` | NGINX Plus JavaScript module | `nginx-ic/nginx-plus-ingress:2.2.0-ubi` | arm64, amd64, s390x |
|Ubi-based image with App Protect WAF | ``redhat/ubi8`` | NGINX Plus App Protect WAF module; NGINX Plus JavaScript module | `nginx-ic-nap/nginx-plus-ingress:2.2.0-ubi` | amd64 |
|Ubi-based image with App Protect DoS | ``redhat/ubi8`` | NGINX Plus App Protect DoS module; NGINX Plus JavaScript module | | amd64 |
|Ubi-based image with App Protect WAF and DoS | ``redhat/ubi8`` | NGINX Plus App Protect WAF and DoS modules; NGINX Plus JavaScript module | | amd64 |
|Ubi-based image with App Protect WAF | ``redhat/ubi8`` | NGINX Plus App Protect WAF and JavaScript modules | `nginx-ic-nap/nginx-plus-ingress:2.2.0-ubi` | amd64 |
|Ubi-based image with App Protect DoS | ``redhat/ubi8`` | NGINX Plus App Protect DoS and JavaScript modules | | amd64 |
|Ubi-based image with App Protect WAF and DoS | ``redhat/ubi8`` | NGINX Plus App Protect WAF, DoS and JavaScript modules | | amd64 |
{{% /table %}}

We also provide NGINX Plus images through the AWS Marketplace. Please see [Using the AWS Marketplace Ingress Controller Image](/nginx-ingress-controller/installation/using-aws-marketplace-image/) for details on how to set up the required IAM resources in your EKS cluster.

{{% table %}}
|Name | Base image | Third-party modules | AWS Marketplace Link |
| ---| ---| --- | --- |
|Debian-based image | ``debian:bullseye-slim`` | NGINX Plus JavaScript module | [NGINX Ingress Controller](https://aws.amazon.com/marketplace/pp/prodview-fx3faxl7zqeau) |
|Debian-based image with App Protect | ``debian:buster-slim`` | NGINX Plus App Protect module; NGINX Plus JavaScript module | [NGINX Ingress Controller with NGINX App Protect](https://aws.amazon.com/marketplace/pp/prodview-vnrnxbf6u3nra) |
|Debian-based image | ``debian:bullseye-slim`` | NGINX Plus JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | [NGINX Ingress Controller](https://aws.amazon.com/marketplace/pp/prodview-fx3faxl7zqeau) |
|Debian-based image with App Protect | ``debian:buster-slim`` | NGINX Plus App Protect, JavaScript and OpenTracing modules, OpenTracing tracers for Jaeger, Zipkin and Datadog | [NGINX Ingress Controller with NGINX App Protect](https://aws.amazon.com/marketplace/pp/prodview-vnrnxbf6u3nra) |
{{% /table %}}

### Custom Images
Expand Down
Loading

0 comments on commit 8706d5d

Please sign in to comment.