diff --git a/build/openshift/Dockerfile b/build/openshift/Dockerfile new file mode 100644 index 0000000000..a4ffcc2d25 --- /dev/null +++ b/build/openshift/Dockerfile @@ -0,0 +1,62 @@ +ARG GOLANG_CONTAINER=registry.access.redhat.com/ubi8/go-toolset:latest + +FROM registry.access.redhat.com/ubi8/ubi:8.1 AS base + +ENV NGINX_VERSION=1.17.9 + +RUN set -x \ + && groupadd --system --gid 101 nginx \ + && useradd --system --gid nginx --no-create-home --home-dir /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \ + && echo "[nginx]" >> /etc/yum.repos.d/nginx.repo \ + && echo "name=nginx repo" >> /etc/yum.repos.d/nginx.repo \ + && echo "baseurl=https://nginx.org/packages/mainline/rhel/8/\$basearch/" >> /etc/yum.repos.d/nginx.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/nginx.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/nginx.repo \ + && echo "module_hotfixes=true" >> /etc/yum.repos.d/nginx.repo \ + && yum update -y \ + && yum install -y nginx-${NGINX_VERSION} \ + && nginx \ + && mkdir -p /var/lib/nginx \ + && mkdir -p /etc/nginx/secrets \ + && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \ + && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \ + && chown -R nginx:0 /etc/nginx \ + && chown -R nginx:0 /var/cache/nginx \ + && chown -R nginx:0 /var/lib/nginx \ + && rm /etc/yum.repos.d/nginx.repo \ + && rm /etc/nginx/conf.d/* + +# forward nginx access and error logs to stdout and stderr of the ingress +# controller process +RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \ + && ln -sf /proc/1/fd/1 /var/log/nginx/stream-access.log \ + && ln -sf /proc/1/fd/2 /var/log/nginx/error.log + +COPY internal/configs/version1/nginx.ingress.tmpl \ + internal/configs/version1/nginx.tmpl \ + internal/configs/version2/nginx.virtualserver.tmpl / + +# Uncomment the line below if you would like to add the default.pem to the image +# and use it as a certificate and key for the default server +# ADD default.pem /etc/nginx/secrets/default + +USER nginx + +ENTRYPOINT ["/nginx-ingress"] + + +FROM base AS local +COPY nginx-ingress / + + +FROM $GOLANG_CONTAINER AS builder +ARG VERSION +ARG GIT_COMMIT +WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/cmd/nginx-ingress +COPY . /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/ +RUN CGO_ENABLED=0 GOFLAGS='-mod=vendor' \ + go build -installsuffix cgo -ldflags "-w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o /nginx-ingress + + +FROM base AS container +COPY --from=builder /nginx-ingress / diff --git a/docs-web/installation/building-ingress-controller-image.md b/docs-web/installation/building-ingress-controller-image.md index e1402a912a..f73cb64eec 100644 --- a/docs-web/installation/building-ingress-controller-image.md +++ b/docs-web/installation/building-ingress-controller-image.md @@ -71,6 +71,7 @@ The **Makefile** contains the following main variables for you to customize (eit 1. `DockerfileForPlus`, for building an debian-based image with NGINX Plus. 1. `DockerfileWithOpentracing`, for building a debian-based image with NGINX, [opentracing](https://github.com/opentracing-contrib/nginx-opentracing) module and the [Jaeger](https://www.jaegertracing.io/) tracer. 1. `DockerfileWithOpentracingForPlus`, for building a debian-based image with NGINX Plus, [opentracing](https://github.com/opentracing-contrib/nginx-opentracing) module and the [Jaeger](https://www.jaegertracing.io/) tracer. + 1. `openshift/Dockerfile`, for building an ubi-based image with NGINX for [Openshift](https://www.openshift.com/) clusters. 1. `openshift/DockerfileForPlus`, for building an ubi-based image with NGINX Plus for [Openshift](https://www.openshift.com/) clusters. * **GENERATE_DEFAULT_CERT_AND_KEY** - The Ingress controller requires a certificate and a key for the default HTTP/HTTPS server. You can reference them in a TLS Secret in a command-line argument to the Ingress controller. As an alternative, you can add a file in the PEM format with your certificate and key to the image as `/etc/nginx/secrets/default`. Optionally, you can generate a self-signed certificate and a key during the build process. Set `GENERATE_DEFAULT_CERT_AND_KEY` to `1` to generate a certificate and a key in the `default.pem` file. Note that you must add the `ADD` instruction in the Dockerfile to copy the cert and the key to the image. The default value of `GENERATE_DEFAULT_CERT_AND_KEY` is `0`. * **DOCKER_BUILD_OPTIONS** -- the [options](https://docs.docker.com/engine/reference/commandline/build/#options) for the `docker build` command. For example, `--pull`.