From ce3271edadc87f48997919e4c8ce94a34bb7090e Mon Sep 17 00:00:00 2001 From: Dean Coakley Date: Fri, 31 Jan 2020 14:54:56 +0000 Subject: [PATCH] Add multistage docker builds * Convert spaces in Dockerfiles to tabs * Add multi stage docker builds --- .gitignore | 3 - .travis.yml | 4 +- Makefile | 32 ++-- build/Dockerfile | 25 +++- build/DockerfileForAlpine | 25 +++- build/DockerfileForPlus | 104 +++++++------ build/DockerfileWithOpentracing | 139 ++++++++++-------- build/DockerfileWithOpentracingForPlus | 114 ++++++++------ .../building-ingress-controller-image.md | 10 +- 9 files changed, 276 insertions(+), 180 deletions(-) diff --git a/.gitignore b/.gitignore index 5606b93b65..c96973cf9f 100644 --- a/.gitignore +++ b/.gitignore @@ -39,8 +39,5 @@ cmd/nginx-ingress/nginx-ingress # Default certificate and key default.pem -# Dockerfiles for building -/Dockerfile - # IntelliJ IDEA .idea diff --git a/.travis.yml b/.travis.yml index 34fbc1ca1e..f3da017b22 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,7 +6,7 @@ go: - "1.13" script: - echo "Building ingress controller commit:${TRAVIS_COMMIT}" -- make BUILD_IN_CONTAINER=0 container; +- make container BUILD_IN_CONTAINER=0 DOCKER_BUILDKIT=0; - echo "Helm smoke test" - cd ${TRAVIS_BUILD_DIR} && wget -O helm.tar.gz ${helm_download} && tar xzfv helm.tar.gz -C ./ --strip-components=1 linux-amd64/helm @@ -20,4 +20,4 @@ before_install: && ./fossa init && GO111MODULE=on FOSSA_API_KEY=${fossapush} ./fossa analyze -t kubernetes-ingress -b ${TRAVIS_BRANCH}; fi - echo "Checking ingress controller for linting errors" && wget -O - -q ${golangci_lint} | sh -s v1.17.1 -- export PATH="$PATH:./bin" && make lint +- export PATH="$PATH:./bin" && make lint \ No newline at end of file diff --git a/Makefile b/Makefile index 591cf93a79..b3b16691dd 100644 --- a/Makefile +++ b/Makefile @@ -4,8 +4,6 @@ VERSION = edge TAG = $(VERSION) PREFIX = nginx/nginx-ingress -DOCKER_TEST_RUN = docker run --rm -v $(shell pwd):/go/src/github.com/nginxinc/kubernetes-ingress -w /go/src/github.com/nginxinc/kubernetes-ingress -DOCKER_BUILD_RUN = docker run --rm -v $(shell pwd):/go/src/github.com/nginxinc/kubernetes-ingress -w /go/src/github.com/nginxinc/kubernetes-ingress/cmd/nginx-ingress/ GOLANG_CONTAINER = golang:1.13 DOCKERFILEPATH = build DOCKERFILE = Dockerfile # note, this can be overwritten e.g. can be DOCKERFILE=DockerFileForPlus @@ -15,27 +13,20 @@ PUSH_TO_GCR = GENERATE_DEFAULT_CERT_AND_KEY = DOCKER_BUILD_OPTIONS = -GIT_COMMIT=$(shell git rev-parse --short HEAD) +GIT_COMMIT = $(shell git rev-parse --short HEAD) -nginx-ingress: -ifeq ($(BUILD_IN_CONTAINER),1) - $(DOCKER_BUILD_RUN) -e CGO_ENABLED=0 -e GO111MODULE=on -e GOFLAGS='-mod=vendor' $(GOLANG_CONTAINER) go build -installsuffix cgo -ldflags "-w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress -else - CGO_ENABLED=0 GO111MODULE=on GOFLAGS='-mod=vendor' GOOS=linux go build -installsuffix cgo -ldflags "-w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o nginx-ingress github.com/nginxinc/kubernetes-ingress/cmd/nginx-ingress -endif +export DOCKER_BUILDKIT = 1 lint: golangci-lint run test: -ifeq ($(BUILD_IN_CONTAINER),1) - $(DOCKER_TEST_RUN) -e GO111MODULE=on -e GOFLAGS='-mod=vendor' $(GOLANG_CONTAINER) go test ./... -else +ifneq ($(BUILD_IN_CONTAINER),1) GO111MODULE=on GOFLAGS='-mod=vendor' go test ./... endif verify-codegen: -ifneq ($(BUILD_IN_CONTAINER), 1) +ifneq ($(BUILD_IN_CONTAINER),1) ./hack/verify-codegen.sh endif @@ -47,9 +38,17 @@ ifeq ($(GENERATE_DEFAULT_CERT_AND_KEY),1) ./build/generate_default_cert_and_key.sh endif -container: test verify-codegen nginx-ingress certificate-and-key - cp $(DOCKERFILEPATH)/$(DOCKERFILE) ./Dockerfile - docker build $(DOCKER_BUILD_OPTIONS) --build-arg IC_VERSION=$(VERSION)-$(GIT_COMMIT) -f Dockerfile -t $(PREFIX):$(TAG) . +binary: +ifneq ($(BUILD_IN_CONTAINER),1) + CGO_ENABLED=0 GO111MODULE=on GOFLAGS='-mod=vendor' GOOS=linux go build -installsuffix cgo -ldflags "-w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o nginx-ingress github.com/nginxinc/kubernetes-ingress/cmd/nginx-ingress +endif + +container: test verify-codegen binary certificate-and-key +ifeq ($(BUILD_IN_CONTAINER),1) + docker build $(DOCKER_BUILD_OPTIONS) --build-arg IC_VERSION=$(VERSION)-$(GIT_COMMIT) --build-arg GIT_COMMIT=$(GIT_COMMIT) --build-arg VERSION=$(VERSION) --build-arg GOLANG_CONTAINER=$(GOLANG_CONTAINER) --target container -f $(DOCKERFILEPATH)/$(DOCKERFILE) -t $(PREFIX):$(TAG) . +else + docker build $(DOCKER_BUILD_OPTIONS) --build-arg IC_VERSION=$(VERSION)-$(GIT_COMMIT) --target local -f $(DOCKERFILEPATH)/$(DOCKERFILE) -t $(PREFIX):$(TAG) . +endif push: container ifeq ($(PUSH_TO_GCR),1) @@ -60,4 +59,3 @@ endif clean: rm -f nginx-ingress - rm -f Dockerfile diff --git a/build/Dockerfile b/build/Dockerfile index 28cad0e9ed..b22ab0dcb7 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,4 +1,6 @@ -FROM nginx:1.17.7 +ARG GOLANG_CONTAINER=golang:latest + +FROM nginx:1.17.7 AS base # forward nginx access and error logs to stdout and stderr of the ingress # controller process @@ -19,7 +21,9 @@ RUN mkdir -p /var/lib/nginx \ && rm /etc/nginx/conf.d/* \ && rm -rf /var/lib/apt/lists/* -COPY nginx-ingress internal/configs/version1/nginx.ingress.tmpl internal/configs/version1/nginx.tmpl internal/configs/version2/nginx.virtualserver.tmpl / +COPY internal/configs/version1/nginx.ingress.tmpl \ + internal/configs/version1/nginx.tmpl \ + internal/configs/version2/nginx.virtualserver.tmpl / # Uncomment the line below if you would like to add the default.pem to the image # and use it as a certificate and key for the default server @@ -28,3 +32,20 @@ COPY nginx-ingress internal/configs/version1/nginx.ingress.tmpl internal/configs USER nginx ENTRYPOINT ["/nginx-ingress"] + + +FROM base AS local +COPY nginx-ingress / + + +FROM $GOLANG_CONTAINER AS builder +ARG VERSION +ARG GIT_COMMIT +WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/cmd/nginx-ingress +COPY . /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/ +RUN CGO_ENABLED=0 GOFLAGS='-mod=vendor' \ + go build -installsuffix cgo -ldflags "-w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o /nginx-ingress + + +FROM base AS container +COPY --from=builder /nginx-ingress / diff --git a/build/DockerfileForAlpine b/build/DockerfileForAlpine index 67437c843c..2da87e7d0d 100644 --- a/build/DockerfileForAlpine +++ b/build/DockerfileForAlpine @@ -1,4 +1,6 @@ -FROM nginx:1.17.7-alpine +ARG GOLANG_CONTAINER=golang:latest + +FROM nginx:1.17.7-alpine AS base # forward nginx access and error logs to stdout and stderr of the ingress # controller process @@ -18,7 +20,9 @@ RUN mkdir -p /etc/nginx/secrets \ && rm /etc/nginx/conf.d/* \ && rm -rf /var/cache/apk/* -COPY nginx-ingress internal/configs/version1/nginx.ingress.tmpl internal/configs/version1/nginx.tmpl internal/configs/version2/nginx.virtualserver.tmpl / +COPY internal/configs/version1/nginx.ingress.tmpl \ + internal/configs/version1/nginx.tmpl \ + internal/configs/version2/nginx.virtualserver.tmpl / # Uncomment the line below if you would like to add the default.pem to the image # and use it as a certificate and key for the default server @@ -27,3 +31,20 @@ COPY nginx-ingress internal/configs/version1/nginx.ingress.tmpl internal/configs USER nginx ENTRYPOINT ["/nginx-ingress"] + + +FROM base AS local +COPY nginx-ingress / + + +FROM $GOLANG_CONTAINER AS builder +ARG VERSION +ARG GIT_COMMIT +WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/cmd/nginx-ingress +COPY . /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/ +RUN CGO_ENABLED=0 GOFLAGS='-mod=vendor' \ + go build -installsuffix cgo -ldflags "-w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o /nginx-ingress + + +FROM base AS container +COPY --from=builder /nginx-ingress / \ No newline at end of file diff --git a/build/DockerfileForPlus b/build/DockerfileForPlus index 5077dd5232..d681c3b352 100644 --- a/build/DockerfileForPlus +++ b/build/DockerfileForPlus @@ -1,4 +1,6 @@ -FROM debian:stretch-slim +ARG GOLANG_CONTAINER=golang:latest + +FROM debian:stretch-slim AS base LABEL maintainer="NGINX Docker Maintainers " @@ -7,61 +9,62 @@ ARG IC_VERSION # Download certificate and key from the customer portal (https://cs.nginx.com) # and copy to the build context -COPY nginx-repo.crt /etc/ssl/nginx/ -COPY nginx-repo.key /etc/ssl/nginx/ +COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/ # Make sure the certificate and key have correct permissions RUN chmod 644 /etc/ssl/nginx/* # Install NGINX Plus RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 libcap2-bin \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - echo "Acquire::https::plus-pkgs.nginx.com::Verify-Peer \"true\";" >> /etc/apt/apt.conf.d/90nginx \ - && echo "Acquire::https::plus-pkgs.nginx.com::Verify-Host \"true\";" >> /etc/apt/apt.conf.d/90nginx \ - && echo "Acquire::https::plus-pkgs.nginx.com::SslCert \"/etc/ssl/nginx/nginx-repo.crt\";" >> /etc/apt/apt.conf.d/90nginx \ - && echo "Acquire::https::plus-pkgs.nginx.com::SslKey \"/etc/ssl/nginx/nginx-repo.key\";" >> /etc/apt/apt.conf.d/90nginx \ - && echo "Acquire::https::plus-pkgs.nginx.com::User-Agent \"k8s-ic-$IC_VERSION-apt\";" >> /etc/apt/apt.conf.d/90nginx \ - && printf "deb https://plus-pkgs.nginx.com/debian stretch nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \ - && apt-get update && apt-get install -y nginx-plus=${NGINX_PLUS_VERSION} \ - && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \ - && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \ - && apt-get remove --purge --auto-remove -y gnupg1 \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /etc/ssl/nginx \ - && rm /etc/apt/apt.conf.d/90nginx /etc/apt/sources.list.d/nginx-plus.list + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 libcap2-bin \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + echo "Acquire::https::plus-pkgs.nginx.com::Verify-Peer \"true\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::Verify-Host \"true\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::SslCert \"/etc/ssl/nginx/nginx-repo.crt\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::SslKey \"/etc/ssl/nginx/nginx-repo.key\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::User-Agent \"k8s-ic-$IC_VERSION-apt\";" >> /etc/apt/apt.conf.d/90nginx \ + && printf "deb https://plus-pkgs.nginx.com/debian stretch nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \ + && apt-get update && apt-get install -y nginx-plus=${NGINX_PLUS_VERSION} \ + && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \ + && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \ + && apt-get remove --purge --auto-remove -y gnupg1 \ + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /etc/ssl/nginx \ + && rm /etc/apt/apt.conf.d/90nginx /etc/apt/sources.list.d/nginx-plus.list # forward nginx access and error logs to stdout and stderr of the ingress # controller process RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \ - && ln -sf /proc/1/fd/1 /var/log/nginx/stream-access.log \ - && ln -sf /proc/1/fd/2 /var/log/nginx/error.log + && ln -sf /proc/1/fd/1 /var/log/nginx/stream-access.log \ + && ln -sf /proc/1/fd/2 /var/log/nginx/error.log -RUN mkdir -p /var/lib/nginx \ - && mkdir -p /etc/nginx/secrets \ - && chown -R nginx:0 /etc/nginx \ - && chown -R nginx:0 /var/cache/nginx \ - && chown -R nginx:0 /var/lib/nginx/ \ - && apt-get remove --purge -y libcap2-bin \ - && rm /etc/nginx/conf.d/* +RUN mkdir -p /var/lib/nginx \ + && mkdir -p /etc/nginx/secrets \ + && chown -R nginx:0 /etc/nginx \ + && chown -R nginx:0 /var/cache/nginx \ + && chown -R nginx:0 /var/lib/nginx/ \ + && apt-get remove --purge -y libcap2-bin \ + && rm /etc/nginx/conf.d/* EXPOSE 80 443 -COPY nginx-ingress internal/configs/version1/nginx-plus.ingress.tmpl internal/configs/version1/nginx-plus.tmpl internal/configs/version2/nginx-plus.virtualserver.tmpl / +COPY internal/configs/version1/nginx-plus.ingress.tmpl \ + internal/configs/version1/nginx-plus.tmpl \ + internal/configs/version2/nginx-plus.virtualserver.tmpl / # Uncomment the line below if you would like to add the default.pem to the image # and use it as a certificate and key for the default server @@ -69,4 +72,21 @@ COPY nginx-ingress internal/configs/version1/nginx-plus.ingress.tmpl internal/co USER nginx -ENTRYPOINT ["/nginx-ingress"] \ No newline at end of file +ENTRYPOINT ["/nginx-ingress"] + + +FROM base AS local +COPY nginx-ingress / + + +FROM $GOLANG_CONTAINER AS builder +ARG VERSION +ARG GIT_COMMIT +WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/cmd/nginx-ingress +COPY . /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/ +RUN CGO_ENABLED=0 GOFLAGS='-mod=vendor' \ + go build -installsuffix cgo -ldflags "-w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o /nginx-ingress + + +FROM base AS container +COPY --from=builder /nginx-ingress / diff --git a/build/DockerfileWithOpentracing b/build/DockerfileWithOpentracing index 74dbaf9c86..1bce08c223 100644 --- a/build/DockerfileWithOpentracing +++ b/build/DockerfileWithOpentracing @@ -1,70 +1,71 @@ ARG NGINX_VERSION=1.17.7 ARG OPENTRACING_CPP_VERSION=1.5.1 +ARG GOLANG_CONTAINER=golang:latest FROM nginx:${NGINX_VERSION} AS opentracing-builder ARG OPENTRACING_CPP_VERSION RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y \ - libcurl4-openssl-dev \ - build-essential \ - cmake \ - git \ - ca-certificates \ - pkg-config \ - wget \ - libz-dev \ - automake \ - autogen \ - autoconf \ - libtool \ - libpcre3 \ - libpcre3-dev \ - && tempDir="$(mktemp -d)" \ - && chmod 777 "$tempDir" \ - && git clone https://github.com/opentracing-contrib/nginx-opentracing src \ - && cd "$tempDir" \ - && git clone -b v$OPENTRACING_CPP_VERSION https://github.com/opentracing/opentracing-cpp.git \ - && cd opentracing-cpp \ - && mkdir .build && cd .build \ - && cmake -DCMAKE_BUILD_TYPE=Release \ - -DBUILD_TESTING=OFF .. \ - && make && make install \ - && cd "$tempDir" \ - && NGINX_VERSION_BUILD=`nginx -v 2>&1` && NGINX_VERSION_BUILD=${NGINX_VERSION_BUILD#*nginx/} \ - && DEBIAN_VERSION="$(cat /etc/os-release | grep CODENAME | cut -f2 -d '=')" \ - && echo "deb-src http://nginx.org/packages/mainline/debian/ $DEBIAN_VERSION nginx" >> /etc/apt/sources.list \ - && apt-get update \ - && apt-get build-dep -y nginx=${NGINX_VERSION_BUILD} \ - && wget -O nginx-release-${NGINX_VERSION_BUILD}.tar.gz https://github.com/nginx/nginx/archive/release-${NGINX_VERSION_BUILD}.tar.gz \ - && tar zxf nginx-release-${NGINX_VERSION_BUILD}.tar.gz \ - && cd nginx-release-${NGINX_VERSION_BUILD} \ - && auto/configure \ - --with-compat \ - --add-dynamic-module=/src/opentracing \ - --with-debug \ - && make modules \ - && cp objs/ngx_http_opentracing_module.so /ngx_http_opentracing_module.so + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y \ + libcurl4-openssl-dev \ + build-essential \ + cmake \ + git \ + ca-certificates \ + pkg-config \ + wget \ + libz-dev \ + automake \ + autogen \ + autoconf \ + libtool \ + libpcre3 \ + libpcre3-dev \ + && tempDir="$(mktemp -d)" \ + && chmod 777 "$tempDir" \ + && git clone https://github.com/opentracing-contrib/nginx-opentracing src \ + && cd "$tempDir" \ + && git clone -b v$OPENTRACING_CPP_VERSION https://github.com/opentracing/opentracing-cpp.git \ + && cd opentracing-cpp \ + && mkdir .build && cd .build \ + && cmake -DCMAKE_BUILD_TYPE=Release \ + -DBUILD_TESTING=OFF .. \ + && make && make install \ + && cd "$tempDir" \ + && NGINX_VERSION_BUILD=`nginx -v 2>&1` && NGINX_VERSION_BUILD=${NGINX_VERSION_BUILD#*nginx/} \ + && DEBIAN_VERSION="$(cat /etc/os-release | grep CODENAME | cut -f2 -d '=')" \ + && echo "deb-src http://nginx.org/packages/mainline/debian/ $DEBIAN_VERSION nginx" >> /etc/apt/sources.list \ + && apt-get update \ + && apt-get build-dep -y nginx=${NGINX_VERSION_BUILD} \ + && wget -O nginx-release-${NGINX_VERSION_BUILD}.tar.gz https://github.com/nginx/nginx/archive/release-${NGINX_VERSION_BUILD}.tar.gz \ + && tar zxf nginx-release-${NGINX_VERSION_BUILD}.tar.gz \ + && cd nginx-release-${NGINX_VERSION_BUILD} \ + && auto/configure \ + --with-compat \ + --add-dynamic-module=/src/opentracing \ + --with-debug \ + && make modules \ + && cp objs/ngx_http_opentracing_module.so /ngx_http_opentracing_module.so FROM debian:stretch-slim AS tracer-downloader ARG JAEGER_VERSION=v0.4.2 RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates apt-transport-https wget \ - && wget https://github.com/jaegertracing/jaeger-client-cpp/releases/download/${JAEGER_VERSION}/libjaegertracing_plugin.linux_amd64.so -O /usr/local/lib/libjaegertracing_plugin.so + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates apt-transport-https wget \ + && wget https://github.com/jaegertracing/jaeger-client-cpp/releases/download/${JAEGER_VERSION}/libjaegertracing_plugin.linux_amd64.so -O /usr/local/lib/libjaegertracing_plugin.so # Final Image -FROM nginx:${NGINX_VERSION} +FROM nginx:${NGINX_VERSION} AS base ARG OPENTRACING_CPP_VERSION # forward nginx access and error logs to stdout and stderr of the ingress # controller process RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \ - && ln -sf /proc/1/fd/1 /var/log/nginx/stream-access.log \ - && ln -sf /proc/1/fd/2 /var/log/nginx/error.log + && ln -sf /proc/1/fd/1 /var/log/nginx/stream-access.log \ + && ln -sf /proc/1/fd/2 /var/log/nginx/error.log COPY --from=opentracing-builder /ngx_http_opentracing_module.so /usr/lib/nginx/modules/ngx_http_opentracing_module.so COPY --from=opentracing-builder /usr/local/lib/libopentracing.so.${OPENTRACING_CPP_VERSION} /usr/local/lib/libopentracing.so.1 @@ -74,19 +75,21 @@ COPY --from=tracer-downloader /usr/local/lib/libjaegertracing_plugin.so /usr/loc RUN ldconfig RUN mkdir -p /var/lib/nginx \ - && mkdir -p /etc/nginx/secrets \ - && apt-get update \ - && apt-get install -y libcap2-bin \ - && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \ - && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \ - && chown -R nginx:0 /etc/nginx \ - && chown -R nginx:0 /var/cache/nginx \ - && chown -R nginx:0 /var/lib/nginx \ - && apt-get remove --purge -y libcap2-bin \ - && rm /etc/nginx/conf.d/* \ - && rm -rf /var/lib/apt/lists/* - -COPY nginx-ingress internal/configs/version1/nginx.ingress.tmpl internal/configs/version1/nginx.tmpl internal/configs/version2/nginx.virtualserver.tmpl / + && mkdir -p /etc/nginx/secrets \ + && apt-get update \ + && apt-get install -y libcap2-bin \ + && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \ + && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \ + && chown -R nginx:0 /etc/nginx \ + && chown -R nginx:0 /var/cache/nginx \ + && chown -R nginx:0 /var/lib/nginx \ + && apt-get remove --purge -y libcap2-bin \ + && rm /etc/nginx/conf.d/* \ + && rm -rf /var/lib/apt/lists/* + +COPY internal/configs/version1/nginx.ingress.tmpl \ + internal/configs/version1/nginx.tmpl \ + internal/configs/version2/nginx.virtualserver.tmpl / # Uncomment the line below if you would like to add the default.pem to the image # and use it as a certificate and key for the default server @@ -95,3 +98,19 @@ COPY nginx-ingress internal/configs/version1/nginx.ingress.tmpl internal/configs USER nginx ENTRYPOINT ["/nginx-ingress"] + +FROM base AS local +COPY nginx-ingress / + + +FROM $GOLANG_CONTAINER AS builder +ARG VERSION +ARG GIT_COMMIT +WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/cmd/nginx-ingress +COPY . /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/ +RUN CGO_ENABLED=0 GOFLAGS='-mod=vendor' \ + go build -installsuffix cgo -ldflags "-w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o /nginx-ingress + + +FROM base AS container +COPY --from=builder /nginx-ingress / diff --git a/build/DockerfileWithOpentracingForPlus b/build/DockerfileWithOpentracingForPlus index 8a15cd06a8..ff5b80ac3c 100644 --- a/build/DockerfileWithOpentracingForPlus +++ b/build/DockerfileWithOpentracingForPlus @@ -1,13 +1,15 @@ +ARG GOLANG_CONTAINER=golang:latest + FROM debian:stretch-slim AS tracer-downloader ARG JAEGER_VERSION=v0.4.2 RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates apt-transport-https wget \ - && wget https://github.com/jaegertracing/jaeger-client-cpp/releases/download/${JAEGER_VERSION}/libjaegertracing_plugin.linux_amd64.so -O /usr/local/lib/libjaegertracing_plugin.so + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates apt-transport-https wget \ + && wget https://github.com/jaegertracing/jaeger-client-cpp/releases/download/${JAEGER_VERSION}/libjaegertracing_plugin.linux_amd64.so -O /usr/local/lib/libjaegertracing_plugin.so # Final Image -FROM debian:stretch-slim +FROM debian:stretch-slim AS base LABEL maintainer="NGINX Docker Maintainers " ENV NGINX_PLUS_VERSION 20-1~stretch @@ -17,67 +19,68 @@ ARG IC_VERSION # Download certificate and key from the customer portal (https://cs.nginx.com) # and copy to the build context -COPY nginx-repo.crt /etc/ssl/nginx/ -COPY nginx-repo.key /etc/ssl/nginx/ +COPY nginx-repo.crt nginx-repo.key /etc/ssl/nginx/ # Make sure the certificate and key have correct permissions RUN chmod 644 /etc/ssl/nginx/* # Install NGINX Plus RUN set -x \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 libcap2-bin \ - && \ - NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ - found=''; \ - for server in \ - ha.pool.sks-keyservers.net \ - hkp://keyserver.ubuntu.com:80 \ - hkp://p80.pool.sks-keyservers.net:80 \ - pgp.mit.edu \ - ; do \ - echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ - apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ - done; \ - test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ - echo "Acquire::https::plus-pkgs.nginx.com::Verify-Peer \"true\";" >> /etc/apt/apt.conf.d/90nginx \ - && echo "Acquire::https::plus-pkgs.nginx.com::Verify-Host \"true\";" >> /etc/apt/apt.conf.d/90nginx \ - && echo "Acquire::https::plus-pkgs.nginx.com::SslCert \"/etc/ssl/nginx/nginx-repo.crt\";" >> /etc/apt/apt.conf.d/90nginx \ - && echo "Acquire::https::plus-pkgs.nginx.com::SslKey \"/etc/ssl/nginx/nginx-repo.key\";" >> /etc/apt/apt.conf.d/90nginx \ - && echo "Acquire::https::plus-pkgs.nginx.com::User-Agent \"k8s-ic-$IC_VERSION-apt\";" >> /etc/apt/apt.conf.d/90nginx \ - && printf "deb https://plus-pkgs.nginx.com/debian stretch nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \ - && apt-get update && apt-get install -y \ - nginx-plus=${NGINX_PLUS_VERSION} \ - # Install OpenTracing module - nginx-plus-module-opentracing=${NGINX_OPENTRACING_MODULE_VERSION} \ - && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \ - && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \ - && apt-get remove --purge --auto-remove -y gnupg1 \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /etc/ssl/nginx \ - && rm /etc/apt/apt.conf.d/90nginx /etc/apt/sources.list.d/nginx-plus.list + && apt-get update \ + && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 libcap2-bin \ + && \ + NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ + apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ + echo "Acquire::https::plus-pkgs.nginx.com::Verify-Peer \"true\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::Verify-Host \"true\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::SslCert \"/etc/ssl/nginx/nginx-repo.crt\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::SslKey \"/etc/ssl/nginx/nginx-repo.key\";" >> /etc/apt/apt.conf.d/90nginx \ + && echo "Acquire::https::plus-pkgs.nginx.com::User-Agent \"k8s-ic-$IC_VERSION-apt\";" >> /etc/apt/apt.conf.d/90nginx \ + && printf "deb https://plus-pkgs.nginx.com/debian stretch nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \ + && apt-get update && apt-get install -y \ + nginx-plus=${NGINX_PLUS_VERSION} \ + # Install OpenTracing module + nginx-plus-module-opentracing=${NGINX_OPENTRACING_MODULE_VERSION} \ + && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx \ + && setcap 'cap_net_bind_service=+ep' /usr/sbin/nginx-debug \ + && apt-get remove --purge --auto-remove -y gnupg1 \ + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /etc/ssl/nginx \ + && rm /etc/apt/apt.conf.d/90nginx /etc/apt/sources.list.d/nginx-plus.list # forward nginx access and error logs to stdout and stderr of the ingress # controller process RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \ - && ln -sf /proc/1/fd/1 /var/log/nginx/stream-access.log \ - && ln -sf /proc/1/fd/2 /var/log/nginx/error.log + && ln -sf /proc/1/fd/1 /var/log/nginx/stream-access.log \ + && ln -sf /proc/1/fd/2 /var/log/nginx/error.log # Edit the line below to use a different tracer COPY --from=tracer-downloader /usr/local/lib/libjaegertracing_plugin.so /usr/local/lib/libjaegertracing_plugin.so RUN mkdir -p /var/lib/nginx \ - && mkdir -p /etc/nginx/secrets \ - && chown -R nginx:0 /etc/nginx \ - && chown -R nginx:0 /var/cache/nginx \ - && chown -R nginx:0 /var/lib/nginx/ \ - && apt-get remove --purge -y libcap2-bin \ - && rm /etc/nginx/conf.d/* + && mkdir -p /etc/nginx/secrets \ + && chown -R nginx:0 /etc/nginx \ + && chown -R nginx:0 /var/cache/nginx \ + && chown -R nginx:0 /var/lib/nginx/ \ + && apt-get remove --purge -y libcap2-bin \ + && rm /etc/nginx/conf.d/* EXPOSE 80 443 -COPY nginx-ingress internal/configs/version1/nginx-plus.ingress.tmpl internal/configs/version1/nginx-plus.tmpl internal/configs/version2/nginx-plus.virtualserver.tmpl / +COPY internal/configs/version1/nginx-plus.ingress.tmpl \ + internal/configs/version1/nginx-plus.tmpl \ + internal/configs/version2/nginx-plus.virtualserver.tmpl / # Uncomment the line below if you would like to add the default.pem to the image # and use it as a certificate and key for the default server @@ -85,4 +88,21 @@ COPY nginx-ingress internal/configs/version1/nginx-plus.ingress.tmpl internal/co USER nginx -ENTRYPOINT ["/nginx-ingress"] \ No newline at end of file +ENTRYPOINT ["/nginx-ingress"] + + +FROM base AS local +COPY nginx-ingress / + + +FROM $GOLANG_CONTAINER AS builder +ARG VERSION +ARG GIT_COMMIT +WORKDIR /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/cmd/nginx-ingress +COPY . /go/src/github.com/nginxinc/kubernetes-ingress/nginx-ingress/ +RUN CGO_ENABLED=0 GOFLAGS='-mod=vendor' \ + go build -installsuffix cgo -ldflags "-w -X main.version=${VERSION} -X main.gitCommit=${GIT_COMMIT}" -o /nginx-ingress + + +FROM base AS container +COPY --from=builder /nginx-ingress / diff --git a/docs-web/installation/building-ingress-controller-image.md b/docs-web/installation/building-ingress-controller-image.md index 6ae03e3b46..0b9f156163 100644 --- a/docs-web/installation/building-ingress-controller-image.md +++ b/docs-web/installation/building-ingress-controller-image.md @@ -5,7 +5,7 @@ This document explains how to build an Ingress Controller image. Note that for N ## Prerequisites Before you can build the image, make sure that the following software is installed on your machine: -* [Docker](https://www.docker.com/products/docker) +* [Docker](https://www.docker.com/products/docker) v18.09+ * [GNU Make](https://www.gnu.org/software/make/) * [git](https://git-scm.com/) * [OpenSSL](https://www.openssl.org/), optionally, if you would like to generate a self-signed certificate and a key for the default server. @@ -31,7 +31,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c $ make PREFIX=myregistry.example.com/nginx-ingress ``` `myregistry.example.com/nginx-ingress` defines the repo in your private registry where the image will be pushed. Substitute that value with the repo in your private registry. - + As the result, the image **myregistry.example.com/nginx-ingress:edge** is built and pushed to the registry. Note that the tag `edge` comes from the `VERSION` variable, defined in the Makefile. * For NGINX Plus, first, make sure that the certificate (`nginx-repo.crt`) and the key (`nginx-repo.key`) of your license are located in the root of the project: @@ -45,7 +45,7 @@ We build the image using the make utility and the provided `Makefile`. Let’s c $ make DOCKERFILE=DockerfileForPlus PREFIX=myregistry.example.com/nginx-plus-ingress ``` `myregistry.example.com/nginx-plus-ingress` defines the repo in your private registry where the image will be pushed. Substitute that value with the repo in your private registry. - + As the result, the image **myregistry.example.com/nginx-plus-ingress:edge** is built and pushed to the registry. Note that the tag `edge` comes from the `VERSION` variable, defined in the Makefile. Next you will find the details about available Makefile targets and variables. @@ -53,8 +53,8 @@ Next you will find the details about available Makefile targets and variables. ### Makefile Targets The **Makefile** we provide has the following targets: -* **test**: runs unit tests. -* **nginx-ingress**: creates the controller binary. +* **test**: runs unit tests (ignored when `BUILD_IN_CONTAINER` is `1`). +* **binary**: creates the controller binary using local golang environment (ignored when `BUILD_IN_CONTAINER` is `1`). * **container**: builds a Docker image. * **push**: pushes the image to the private Docker registry. * **all** (the default target): executes the four targets above in the order listed. If one of the targets fails, the execution process stops, reporting an error.