diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a4859d078..532672bdb9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -177,7 +177,8 @@ jobs: run: | nkg_prefix=$(echo ${{ steps.meta.outputs.tags }} | cut -d ":" -f 1) nkg_tag=$(echo ${{ steps.meta.outputs.tags }} | cut -d ":" -f 2) - yq -i "with(.spec.template.spec.containers[0]; .image = \"${nkg_prefix}:${nkg_tag}\" | .imagePullPolicy = \"Never\")" deploy/manifests/deployment.yaml + make update-nkg-manifest NKG_PREFIX=${nkg_prefix} NKG_TAG=${nkg_tag} + working-directory: ./conformance - name: Build Docker Image uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 @@ -205,7 +206,7 @@ jobs: - name: Deploy Kubernetes id: k8s run: | - kind create cluster --image kindest/node:v1.27.1 --kubeconfig kube-${{ github.run_id }} + make create-kind-cluster KIND_KUBE_CONFIG=kube-${{ github.run_id }} echo "KUBECONFIG=kube-${{ github.run_id }}" >> "$GITHUB_ENV" working-directory: ./conformance @@ -213,7 +214,7 @@ jobs: run: | nkg_prefix=$(echo ${{ steps.meta.outputs.tags }} | cut -d ":" -f 1) nkg_tag=$(echo ${{ steps.meta.outputs.tags }} | cut -d ":" -f 2) - make install-nkg-local-build NKG_PREFIX=${nkg_prefix} NKG_TAG=${nkg_tag} BUILD_NKG=false + make install-nkg-local-no-build NKG_PREFIX=${nkg_prefix} NKG_TAG=${nkg_tag} working-directory: ./conformance - name: Run conformance tests diff --git a/Makefile b/Makefile index 9b893be60e..0571eb4711 100644 --- a/Makefile +++ b/Makefile @@ -46,7 +46,8 @@ deps: ## Add missing and remove unused modules, verify deps and download them to .PHONY: create-kind-cluster create-kind-cluster: ## Create a kind cluster - kind create cluster --image kindest/node:v1.27.1 + $(eval KIND_IMAGE=$(shell grep -m1 'FROM kindest/node' NKG_TAG= to preferred values. * Navigate to `deploy/manifests` and update values in `deployment.yaml` as specified in below code-block. @@ -71,10 +77,8 @@ this option, the following step *must* be completed manually *before* the build .. . ``` - -#### *Option 2* Install Nginx Kubernetes Gateway from edge to configured kind cluster -Instead of the above command, you can skip the build NKG image step and prepare the environment to instead -use the `edge` image +#### *Option 3* Install Nginx Kubernetes Gateway from edge to configured kind cluster +You can also skip the build NKG image step and prepare the environment to instead use the `edge` image ```bash $ make install-nkg-edge diff --git a/conformance/tests/Dockerfile b/conformance/tests/Dockerfile index 672872bbdc..023907417d 100644 --- a/conformance/tests/Dockerfile +++ b/conformance/tests/Dockerfile @@ -1,4 +1,6 @@ # syntax=docker/dockerfile:1.5 +# this is here so we can grab the latest version of kind and have dependabot keep it up to date +FROM kindest/node:v1.27.3 FROM golang:1.20 diff --git a/deploy/manifests/deployment.yaml b/deploy/manifests/deployment.yaml index 80b408a1d4..67df73870d 100644 --- a/deploy/manifests/deployment.yaml +++ b/deploy/manifests/deployment.yaml @@ -16,71 +16,71 @@ spec: shareProcessNamespace: true serviceAccountName: nginx-gateway volumes: - - name: nginx - emptyDir: { } - - name: nginx-conf - configMap: - name: nginx-conf - - name: var-lib-nginx - emptyDir: { } - - name: njs-modules - configMap: - name: njs-modules - initContainers: - - image: busybox:1.36 - name: set-permissions - command: [ 'sh', '-c', 'rm -r /etc/nginx/conf.d /etc/nginx/secrets; mkdir /etc/nginx/conf.d /etc/nginx/secrets && chown 1001:0 /etc/nginx/conf.d /etc/nginx/secrets' ] - volumeMounts: - - name: nginx - mountPath: /etc/nginx - containers: - - image: ghcr.io/nginxinc/nginx-kubernetes-gateway:edge - imagePullPolicy: Always - name: nginx-gateway - volumeMounts: - name: nginx - mountPath: /etc/nginx - securityContext: - runAsUser: 1001 - capabilities: - drop: - - ALL - add: - - KILL - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - args: - - static-mode - - --gateway-ctlr-name=k8s-gateway.nginx.org/nginx-gateway-controller - - --gatewayclass=nginx - - image: nginx:1.25 - imagePullPolicy: Always - name: nginx - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - volumeMounts: - - name: nginx - mountPath: /etc/nginx + emptyDir: {} - name: nginx-conf - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf + configMap: + name: nginx-conf - name: var-lib-nginx - mountPath: /var/lib/nginx + emptyDir: {} - name: njs-modules - mountPath: /usr/lib/nginx/modules/njs - securityContext: - capabilities: - drop: - - ALL - add: - - CHOWN - - NET_BIND_SERVICE - - SETGID - - SETUID - - DAC_OVERRIDE + configMap: + name: njs-modules + initContainers: + - image: busybox:1.36 + name: set-permissions + command: ['sh', '-c', 'rm -r /etc/nginx/conf.d /etc/nginx/secrets; mkdir /etc/nginx/conf.d /etc/nginx/secrets && chown 1001:0 /etc/nginx/conf.d /etc/nginx/secrets'] + volumeMounts: + - name: nginx + mountPath: /etc/nginx + containers: + - image: nginx-kubernetes-gateway:edge + imagePullPolicy: Never + name: nginx-gateway + volumeMounts: + - name: nginx + mountPath: /etc/nginx + securityContext: + runAsUser: 1001 + capabilities: + drop: + - ALL + add: + - KILL + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + args: + - static-mode + - --gateway-ctlr-name=k8s-gateway.nginx.org/nginx-gateway-controller + - --gatewayclass=nginx + - image: nginx:1.25 + imagePullPolicy: Always + name: nginx + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + volumeMounts: + - name: nginx + mountPath: /etc/nginx + - name: nginx-conf + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + - name: var-lib-nginx + mountPath: /var/lib/nginx + - name: njs-modules + mountPath: /usr/lib/nginx/modules/njs + securityContext: + capabilities: + drop: + - ALL + add: + - CHOWN + - NET_BIND_SERVICE + - SETGID + - SETUID + - DAC_OVERRIDE