Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add OpenTracing to all Debian and Alpine based images
Browse files Browse the repository at this point in the history
lucacome committed Apr 7, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent ae4cb94 commit d2ba998
Showing 6 changed files with 51 additions and 74 deletions.
14 changes: 7 additions & 7 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -159,13 +159,13 @@ jobs:
echo "::set-output name=matrix::{\"images\": \
[{\"image\": \"debian\", \"marker\": \"ingresses\"}, \
{\"image\": \"alpine\", \"marker\":\"vsr\"}, \
{\"image\": \"alpine-opentracing\", \"marker\":\"policies\"}, \
{\"image\": \"opentracing\", \"marker\": \"vs\"}, \
{\"image\": \"alpine\", \"marker\":\"policies\"}, \
{\"image\": \"debian\", \"marker\": \"vs\"}, \
{\"image\": \"ubi\", \"marker\": \"ts\"}, \
{\"image\": \"debian-plus\", \"marker\": \"vs\"}, \
{\"image\": \"debian-plus\", \"marker\": \"ts\"}, \
{\"image\": \"alpine-plus\", \"marker\":\"ingresses\"}, \
{\"image\": \"opentracing-plus\", \"marker\": \"vsr\"}, \
{\"image\": \"alpine-plus\", \"marker\": \"vsr\"}, \
{\"image\": \"ubi-plus\", \"marker\": \"policies\"}], \
\"k8s\": [\"${{ needs.checks.outputs.k8s_latest }}\"]}"
else
@@ -310,7 +310,7 @@ jobs:
strategy:
fail-fast: false
matrix:
image: [debian, alpine, opentracing, alpine-opentracing]
image: [debian, alpine]
platforms: ["linux/arm, linux/arm64, linux/amd64, linux/ppc64le, linux/s390x"]
include:
- image: ubi
@@ -360,7 +360,7 @@ jobs:
nginx/nginx-ingress
ghcr.io/nginxinc/kubernetes-ingress
public.ecr.aws/nginx/nginx-ingress
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }},onlatest=true
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }},onlatest=true
tags: |
type=edge
type=ref,event=pr
@@ -434,7 +434,7 @@ jobs:
strategy:
fail-fast: false
matrix:
image: [debian-plus, alpine-plus, opentracing-plus]
image: [debian-plus, alpine-plus]
platforms: ["linux/arm64, linux/amd64"]
target: [goreleaser]
include:
@@ -485,7 +485,7 @@ jobs:
${{ startsWith(github.ref, 'refs/heads/release') && 'gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/staging/nginx-ic/nginx-plus-ingress' || '' }}
${{ startsWith(github.ref, 'refs/tags/') && contains(matrix.target, 'aws') && '709825985650.dkr.ecr.us-east-1.amazonaws.com/nginx/nginx-plus-ingress' || '' }}
gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic/nginx-plus-ingress
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.image, 'opentracing') && '-ot' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true
flavor: suffix=${{ contains(matrix.image, 'ubi') && '-ubi' || '' }}${{ contains(matrix.image, 'alpine') && '-alpine' || '' }}${{ contains(matrix.target, 'aws') && '-mktpl' || '' }},onlatest=true
tags: |
type=edge
type=ref,event=branch,enable=${{ startsWith(github.ref, 'refs/heads/release') }}
16 changes: 6 additions & 10 deletions Makefile
Original file line number Diff line number Diff line change
@@ -134,19 +134,15 @@ openshift-image-nap-dos-plus: build ## Create Docker image for Ingress Controlle
$(DOCKER_CMD) $(PLUS_ARGS) --secret id=rhel_license,src=rhel_license --build-arg BUILD_OS=ubi-plus-nap --build-arg NAP_MODULES=waf,dos

.PHONY: alpine-image-opentracing
alpine-image-opentracing: build ## Create Docker image for Ingress Controller (Alpine with OpenTracing)
$(DOCKER_CMD) --build-arg BUILD_OS=alpine-opentracing
alpine-image-opentracing:
@echo "OpenTracing is now included in all Alpine based images"

.PHONY: debian-image-opentracing
debian-image-opentracing: build ## Create Docker image for Ingress Controller (Debian with OpenTracing)
$(DOCKER_CMD) --build-arg BUILD_OS=opentracing

.PHONY: debian-image-opentracing-plus
debian-image-opentracing-plus: build ## Create Docker image for Ingress Controller (Debian with OpenTracing and NGINX Plus)
$(DOCKER_CMD) $(PLUS_ARGS) --build-arg BUILD_OS=opentracing-plus
.PHONY: debian-image-opentracing debian-image-opentracing-plus
debian-image-opentracing debian-image-opentracing-plus:
@echo "OpenTracing is now included in all Debian based images"

.PHONY: all-images ## Create all the Docker images for Ingress Controller
all-images: alpine-image alpine-image-plus debian-image debian-image-plus debian-image-nap-plus debian-image-dos-plus debian-image-nap-dos-plus debian-image-opentracing debian-image-opentracing-plus openshift-image openshift-image-plus openshift-image-nap-plus openshift-image-dos-plus openshift-image-nap-dos-plus
all-images: alpine-image alpine-image-plus debian-image debian-image-plus debian-image-nap-plus debian-image-dos-plus debian-image-nap-dos-plus openshift-image openshift-image-plus openshift-image-nap-plus openshift-image-dos-plus openshift-image-nap-dos-plus

.PHONY: push
push: ## Docker push to PREFIX and TAG
64 changes: 25 additions & 39 deletions build/Dockerfile
Original file line number Diff line number Diff line change
@@ -4,24 +4,38 @@ ARG NGINX_PLUS_VERSION=r26
ARG DOWNLOAD_TAG=edge
ARG DEBIAN_VERSION=bullseye-slim


############################################# Base images containing libs for Opentracing #############################################
FROM opentracing/nginx-opentracing:nginx-1.21.6 as opentracing-lib
FROM opentracing/nginx-opentracing:nginx-1.21.6-alpine as alpine-opentracing-lib


############################################# Base image for Debian #############################################
FROM nginx:1.21.6 AS debian

RUN apt-get update \
RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
apt-get update \
&& apt-get install --no-install-recommends --no-install-suggests -y libcap2-bin \
# temp fix for CVE-2018-25032
&& apt-get install -y zlib1g \
&& rm -rf /var/lib/apt/lists/* \
&& cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
&& ldconfig \
&& echo $NGINX_VERSION > nginx_version


############################################# Base image for Alpine #############################################
# docker.io/library/nginx is a temporary workaround for Dependabot to see this as different from the one used in Debian
FROM docker.io/library/nginx:1.21.6-alpine AS alpine

RUN apk add --no-cache libcap \
RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
apk add --no-cache libcap libstdc++ \
# Temp fix for CVE-2022-0778 and CVE-2018-25032
&& apk upgrade --no-cache libretls zlib
&& apk upgrade --no-cache libretls zlib \
&& cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
&& ldconfig /usr/local/lib/


############################################# Base image for Alpine with NGINX Plus #############################################
@@ -30,9 +44,12 @@ ARG NGINX_PLUS_VERSION

RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
--mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ot/ \
wget -nv -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub \
&& printf "%s\n" "https://pkgs.nginx.com/plus/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
&& apk add --no-cache libcap nginx-plus~${NGINX_PLUS_VERSION#r} nginx-plus-module-njs~${NGINX_PLUS_VERSION#r}
&& apk add --no-cache libcap nginx-plus~${NGINX_PLUS_VERSION#r} nginx-plus-module-njs~${NGINX_PLUS_VERSION#r} nginx-plus-module-opentracing~${NGINX_PLUS_VERSION#r} libcurl \
&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& ldconfig /usr/local/lib/


############################################# Base image for Debian with NGINX Plus #############################################
@@ -44,6 +61,7 @@ ARG BUILD_OS
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
--mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
apt-get update \
&& apt-get install --no-install-recommends --no-install-suggests -y ca-certificates gnupg curl apt-transport-https libcap2-bin \
# temp fix for CVE-2018-25032
@@ -54,8 +72,10 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
&& printf "%s\n" "Acquire::https::pkgs.nginx.com::User-Agent \"k8s-ic-$IC_VERSION${BUILD_OS##debian-plus}-apt\";" >> /etc/apt/apt.conf.d/90pkgs-nginx \
&& printf "%s\n" "deb https://pkgs.nginx.com/plus/${NGINX_PLUS_VERSION^^}/debian ${DEBIAN_VERSION} nginx-plus" > /etc/apt/sources.list.d/nginx-plus.list \
&& apt-get update \
&& apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs \
&& apt-get install --no-install-recommends --no-install-suggests -y nginx-plus nginx-plus-module-njs nginx-plus-module-opentracing libcurl4 \
&& apt-get purge --auto-remove -y apt-transport-https gnupg curl \
&& cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& ldconfig \
&& rm -rf /var/lib/apt/lists/*


@@ -172,40 +192,6 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
# RUN update-ca-trust extract


############################################# Base images containing libs for Opentracing #############################################
FROM opentracing/nginx-opentracing:nginx-1.21.6 as opentracing-lib
FROM opentracing/nginx-opentracing:nginx-1.21.6-alpine as alpine-opentracing-lib


############################################# Build image for Alpine with Opentracing #############################################
FROM alpine as alpine-opentracing

RUN --mount=type=bind,from=alpine-opentracing-lib,target=/tmp/ cp -av /tmp/usr/local/lib/libopentracing.so* /tmp/usr/local/lib/libjaegertracing*so* /tmp/usr/local/lib/libzipkin*so* /tmp/usr/local/lib/libdd*so* /tmp/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& cp -av /tmp/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
&& ldconfig /usr/local/lib/


############################################# Build image for Debian with Opentracing #############################################
FROM debian as opentracing

RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ cp -av /tmp/usr/local/lib/libopentracing.so* /tmp/usr/local/lib/libjaegertracing*so* /tmp/usr/local/lib/libzipkin*so* /tmp/usr/local/lib/libdd*so* /tmp/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& cp -av /tmp/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
&& ldconfig


############################################# Build image for Opentracing with NGINX Plus #############################################
FROM debian-plus as opentracing-plus

RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
apt-get update \
&& apt-get install --no-install-recommends --no-install-suggests -y libcurl4 nginx-plus-module-opentracing \
&& rm -rf /var/lib/apt/lists/*

RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ cp -av /tmp/usr/local/lib/libjaegertracing*so* /tmp/usr/local/lib/libzipkin*so* /tmp/usr/local/lib/libdd*so* /tmp/usr/local/lib/libyaml*so* /usr/local/lib/ \
&& ldconfig


############################################# Create common files, permissions and setcap #############################################
FROM ${BUILD_OS} as common

Original file line number Diff line number Diff line change
@@ -85,8 +85,6 @@ Below you can find some of the most useful targets in the **Makefile**:
* **debian-image-nap-plus**: for building a debian-based image with NGINX Plus and the [appprotect](/nginx-app-protect/) module.
* **debian-image-dos-plus**: for building a debian-based image with NGINX Plus and the [appprotect-dos](/nginx-app-protect-dos/) module.
* **debian-image-nap-dos-plus**: for building a debian-based image with NGINX Plus appprotect and appprotect-dos modules.
* **debian-image-opentracing**: for building a debian-based image with NGINX, [opentracing](https://github.com/opentracing-contrib/nginx-opentracing) module and the [Jaeger](https://www.jaegertracing.io/) tracer.
* **debian-image-opentracing-plus**: for building a debian-based image with NGINX Plus, [opentracing](https://github.com/opentracing-contrib/nginx-opentracing) module and the [Jaeger](https://www.jaegertracing.io/) tracer.
* **openshift-image**: for building an ubi-based image with NGINX for [Openshift](https://www.openshift.com/) clusters.
* **openshift-image-plus**: for building an ubi-based image with NGINX Plus for [Openshift](https://www.openshift.com/) clusters.
* **openshift-image-nap-plus**: for building an ubi-based image with NGINX Plus and the [appprotect](/nginx-app-protect/) module for [Openshift](https://www.openshift.com/) clusters.
Loading

0 comments on commit d2ba998

Please sign in to comment.