Add Dockerfile for NGINX Open Source for Openshift

nginx · Mar 24, 2020 · c8f5ec9 · c8f5ec9
1 parent 2da6bf9
commit c8f5ec9
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 0 deletions.
diff --git a/build/openshift/Dockerfile b/build/openshift/Dockerfile
@@ -0,0 +1,62 @@
+ARG GOLANG_CONTAINER=registry.access.redhat.com/ubi8/go-toolset:latest
+
+FROM registry.access.redhat.com/ubi8/ubi:8.1 AS base
+
+ENV NGINX_VERSION=1.17.9
+
+RUN set -x \
+	&& groupadd --system --gid 101 nginx \
+	&& useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \
+	&& echo "[nginx]" >> /etc/yum.repos.d/nginx.repo \
+	&& echo "name=nginx repo" >> /etc/yum.repos.d/nginx.repo \
+	&& echo "baseurl=https://nginx.org/packages/mainline/rhel/8/\$basearch/" >> /etc/yum.repos.d/nginx.repo \
+	&& echo "gpgcheck=0" >> /etc/yum.repos.d/nginx.repo \
+	&& echo "enabled=1" >> /etc/yum.repos.d/nginx.repo \
+	&& echo "module_hotfixes=true" >> /etc/yum.repos.d/nginx.repo \
+	&& yum update -y \
+	&& yum install -y nginx-${NGINX_VERSION} \
+	&& nginx \
+	&& mkdir -p /var/lib/nginx \
+	&& mkdir -p /etc/nginx/secrets \
+	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \
+	&& setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \
+	&& chown -R nginx:0 /etc/nginx \
+	&& chown -R nginx:0 /var/cache/nginx \
+	&& chown -R nginx:0 /var/lib/nginx \
+	&& rm /etc/yum.repos.d/nginx.repo \
+	&& rm /etc/nginx/conf.d/*
+
+# forward nginx access and error logs to stdout and stderr of the ingress
+# controller process
+RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \
+	&& ln -sf /proc/1/fd/1 /var/log/nginx/stream-access.log \
+	&& ln -sf /proc/1/fd/2 /var/log/nginx/error.log
+
+COPY internal/configs/version1/nginx.ingress.tmpl \
+	internal/configs/version1/nginx.tmpl \
+	internal/configs/version2/nginx.virtualserver.tmpl /
+
+# Uncomment the line below if you would like to add the default.pem to the image
+# and use it as a certificate and key for the default server
+# ADD default.pem /etc/nginx/secrets/default
+
+USER nginx
+
+ENTRYPOINT ["/nginx-ingress"]
+
+
+FROM base AS local
+COPY nginx-ingress /
+
+
+FROM $GOLANG_CONTAINER AS builder
+ARG VERSION
+ARG GIT_COMMIT
+WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/cmd/nginx-ingress
+COPY . /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/
+RUN CGO_ENABLED=0 GOFLAGS='-mod=vendor' \
+	go build -installsuffix cgo -ldflags "-w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o /nginx-ingress
+
+
+FROM base AS container
+COPY --from=builder /nginx-ingress /
diff --git a/docs-web/installation/building-ingress-controller-image.md b/docs-web/installation/building-ingress-controller-image.md
@@ -71,6 +71,7 @@ The **Makefile** contains the following main variables for you to customize (eit
   1. `DockerfileForPlus`, for building an debian-based image with NGINX Plus.
   1. `DockerfileWithOpentracing`, for building a debian-based image with NGINX, [opentracing](https://github.com/opentracing-contrib/nginx-opentracing) module and the [Jaeger](https://www.jaegertracing.io/) tracer.
   1. `DockerfileWithOpentracingForPlus`, for building a debian-based image with NGINX Plus, [opentracing](https://github.com/opentracing-contrib/nginx-opentracing) module and the [Jaeger](https://www.jaegertracing.io/) tracer.
+  1. `openshift/Dockerfile`, for building an ubi-based image with NGINX for [Openshift](https://www.openshift.com/) clusters.
   1. `openshift/DockerfileForPlus`, for building an ubi-based image with NGINX Plus for [Openshift](https://www.openshift.com/) clusters.
 * **GENERATE_DEFAULT_CERT_AND_KEY** - The Ingress controller requires a certificate and a key for the default HTTP/HTTPS server. You can reference them in a TLS Secret in a command-line argument to the Ingress controller. As an alternative, you can add a file in the PEM format with your certificate and key to the image as `/etc/nginx/secrets/default`. Optionally, you can generate a self-signed certificate and a key during the build process. Set `GENERATE_DEFAULT_CERT_AND_KEY` to `1` to generate a certificate and a key in the `default.pem` file. Note that you must add the `ADD` instruction in the Dockerfile to copy the cert and the key to the image. The default value of `GENERATE_DEFAULT_CERT_AND_KEY` is `0`.
 * **DOCKER_BUILD_OPTIONS** -- the [options](https://docs.docker.com/engine/reference/commandline/build/#options) for the `docker build` command. For example, `--pull`.