From f0b279792bddd7b9e7a0e4594060ae75a4555d2e Mon Sep 17 00:00:00 2001 From: Batuhan Apaydin Date: Tue, 30 Jul 2024 17:36:05 +0300 Subject: [PATCH] use latest versions of the variables, removed the old package Signed-off-by: Batuhan Apaydin --- ingress-nginx-controller-1.11.yaml | 14 +- ingress-nginx-controller.yaml | 525 ----------------------------- 2 files changed, 7 insertions(+), 532 deletions(-) delete mode 100644 ingress-nginx-controller.yaml diff --git a/ingress-nginx-controller-1.11.yaml b/ingress-nginx-controller-1.11.yaml index c0b2fc3dc4a..9deaa45b01d 100644 --- a/ingress-nginx-controller-1.11.yaml +++ b/ingress-nginx-controller-1.11.yaml @@ -2,7 +2,7 @@ package: name: ingress-nginx-controller-1.11 version: 1.11.1 - epoch: 0 + epoch: 1 description: "Ingress-NGINX Controller for Kubernetes" copyright: - license: Apache-2.0 @@ -120,16 +120,16 @@ environment: - zlib-dev vars: - NGINX_VERSION: "1.25.3" + NGINX_VERSION: "1.25.5" NDK_VERSION: "0.3.3" SETMISC_VERSION: "0.33" MORE_HEADERS_VERSION: "0.37" NGINX_DIGEST_AUTH: "1.0.0" NGINX_SUBSTITUTIONS: "e12e965ac1837ca709709f9a26f572a54d83430e" MODSECURITY_NGINX_VERSION: "1.0.3" - OWASP_MODSECURITY_CRS_VERSION: "v3.3.5" + OWASP_MODSECURITY_CRS_VERSION: "v4.4.0" LUA_NGX_VERSION: "0.10.26" - LUA_STREAM_NGX_VERSION: "0.0.14" + LUA_STREAM_NGX_VERSION: "bea8a0c0de94cede71554f53818ac0267d675d63" LUA_UPSTREAM_VERSION: "542be0893543a4e42d89f6dd85372972f5ff2a36" GEOIP2_VERSION: "a607a41a8115fecfc05b5c283c81532a3d605425" NGX_BROTLI_SHA: 63ca02abdcf79c9e788d2eedcc388d2335902e52 @@ -177,7 +177,7 @@ pipeline: - uses: fetch with: uri: https://nginx.org/download/nginx-${{vars.NGINX_VERSION}}.tar.gz - expected-sha256: 64c5b975ca287939e828303fa857d22f142b251f17808dfe41733512d9cded86 + expected-sha256: 2fe2294f8af4144e7e842eaea884182a84ee7970e11046ba98194400902bbec0 strip-components: 0 - uses: fetch @@ -215,8 +215,8 @@ pipeline: - uses: fetch with: - uri: https://github.com/openresty/stream-lua-nginx-module/archive/v${{vars.LUA_STREAM_NGX_VERSION}}.tar.gz - expected-sha256: 8e2ff6ad5f91127da3c01757e7e654f1addf9769450d9159601d2cc153953c47 + uri: https://github.com/openresty/stream-lua-nginx-module/archive/${{vars.LUA_STREAM_NGX_VERSION}}.tar.gz + expected-sha256: 0f5b5356d3dfe19ccd945ec6a2fcf2c27e1a517aefccb798f934132f09bb78fa strip-components: 0 - uses: fetch diff --git a/ingress-nginx-controller.yaml b/ingress-nginx-controller.yaml deleted file mode 100644 index 90b22d4c0c0..00000000000 --- a/ingress-nginx-controller.yaml +++ /dev/null @@ -1,525 +0,0 @@ -#nolint:valid-pipeline-fetch-digest -package: - name: ingress-nginx-controller - version: 1.11.1 - epoch: 0 - description: "Ingress-NGINX Controller for Kubernetes" - copyright: - - license: Apache-2.0 - dependencies: - runtime: - - ca-certificates-bundle - - ca-certificates - - curl - - openssh-client - - openssl - - openssl-dev - - libcrypt1 - - msgpack - - yaml-cpp - - ssdeep - - luajit - - lua-cjson - - lua-resty-balancer - - lua-resty-cache - - lua-resty-cookie - - lua-resty-core - - lua-resty-dns - - lua-resty-global-throttle - - lua-resty-http - - lua-resty-ipmatcher - - lua-resty-lock - - lua-resty-memcached - - lua-resty-redis - - lua-resty-string - - lua-resty-upload - - brotli - - gd - - libmaxminddb - - libxml2 - - libxslt - - modsecurity - - mimalloc - - pcre - -environment: - contents: - packages: - - autoconf - - automake - - bash - - bison - - brotli-dev - - busybox - - ca-certificates - - ca-certificates-bundle - - clang-15 - - cmake - - curl - - curl-dev - - doxygen - - findutils - - flex - - gcc - - gd-dev - - git - - go - - libaio-dev - - libcap - - libcap-utils - - libedit-dev - - libmaxminddb-dev - - libprotobuf - - libsrt - - libtool - - libxml2 - - libxml2-dev - - libxslt-dev - - linux-headers - - lmdb-dev - - lmdb-tools - - lua-cjson - - lua-resty-balancer - - lua-resty-cache - - lua-resty-cookie - - lua-resty-core - - lua-resty-dns - - lua-resty-global-throttle - - lua-resty-http - - lua-resty-ipmatcher - - lua-resty-lock - - lua-resty-memcached - - lua-resty-redis - - lua-resty-string - - lua-resty-upload - - luajit - - luajit-dev - - make - - mercurial - - mimalloc - - modsecurity - - msgpack - - openssh-client - - openssl - - openssl-dev - - patch - - pcre-dev - - perl-dev - - pkgconf - - python3 - - scanelf - - ssdeep - - util-linux - - wget - - wolfi-base - - yajl-dev - - yaml-cpp - - zeromq-dev - - zlib-dev - -vars: - NGINX_VERSION: "1.25.3" - NDK_VERSION: "0.3.3" - SETMISC_VERSION: "0.33" - MORE_HEADERS_VERSION: "0.37" - NGINX_DIGEST_AUTH: "1.0.0" - NGINX_SUBSTITUTIONS: "e12e965ac1837ca709709f9a26f572a54d83430e" - MODSECURITY_NGINX_VERSION: "1.0.3" - OWASP_MODSECURITY_CRS_VERSION: "v3.3.5" - LUA_NGX_VERSION: "0.10.26" - LUA_STREAM_NGX_VERSION: "0.0.14" - LUA_UPSTREAM_VERSION: "542be0893543a4e42d89f6dd85372972f5ff2a36" - GEOIP2_VERSION: "a607a41a8115fecfc05b5c283c81532a3d605425" - NGX_BROTLI_SHA: 63ca02abdcf79c9e788d2eedcc388d2335902e52 - -pipeline: - - uses: git-checkout - with: - repository: https://github.com/kubernetes/ingress-nginx - tag: controller-v${{package.version}} - expected-commit: 7b37df8f38c6f39c172b7a212c18d35bf10709a2 - - - name: Build ingress-nginx controller from source - runs: | - export PKG="k8s.io/ingress-nginx" - export COMMIT_SHA=$(git rev-parse --short HEAD) - export REPO_INFO=$(git config --get remote.origin.url)$ - - mkdir -p ${{targets.destdir}} - - export CGO_ENABLED=0 - - go build -x -v \ - -trimpath -ldflags="-buildid= -w \ - -X ${PKG}/version.RELEASE=controller-v${{package.version}} \ - -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ - -X ${PKG}/version.REPO=${REPO_INFO}" \ - -o "${{targets.destdir}}/usr/bin/nginx-dbg" ${PKG}/cmd/dbg - - go build -x -v \ - -trimpath -ldflags="-buildid= -w \ - -X ${PKG}/version.RELEASE=controller-v${{package.version}} \ - -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ - -X ${PKG}/version.REPO=${REPO_INFO}" \ - -o "${{targets.destdir}}/usr/bin/waitshutdown" ${PKG}/cmd/waitshutdown - - go build -x -v \ - -trimpath -ldflags="-buildid= -w \ - -X ${PKG}/version.RELEASE=controller-v${{package.version}} \ - -X ${PKG}/version.COMMIT=${COMMIT_SHA} \ - -X ${PKG}/version.REPO=${REPO_INFO}" \ - -o "${{targets.destdir}}/usr/bin/nginx-ingress-controller" ${PKG}/cmd/nginx - - getcap ${{targets.destdir}}/usr/bin/nginx-ingress-controller - - - uses: fetch - with: - uri: https://nginx.org/download/nginx-${{vars.NGINX_VERSION}}.tar.gz - expected-sha256: 64c5b975ca287939e828303fa857d22f142b251f17808dfe41733512d9cded86 - strip-components: 0 - - - uses: fetch - with: - uri: https://github.com/simpl/ngx_devel_kit/archive/v${{vars.NDK_VERSION}}.tar.gz - expected-sha256: faa2fcd5168b10764d35081356511d5f84db5c526a1aa4b6add2db94b6853b2b - strip-components: 0 - - - uses: fetch - with: - uri: https://github.com/openresty/set-misc-nginx-module/archive/v${{vars.SETMISC_VERSION}}.tar.gz - expected-sha256: cd5e2cc834bcfa30149e7511f2b5a2183baf0b70dc091af717a89a64e44a2985 - strip-components: 0 - - - runs: | - rm -rf v0.33.tar.gz - - - uses: fetch - with: - uri: https://github.com/openresty/headers-more-nginx-module/archive/v${{vars.MORE_HEADERS_VERSION}}.tar.gz - expected-sha256: cf6e169d6b350c06d0c730b0eaf4973394026ad40094cddd3b3a5b346577019d - strip-components: 0 - - - uses: fetch - with: - uri: https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/${{vars.NGINX_SUBSTITUTIONS}}.tar.gz - expected-sha256: da2a26aa75884e1216941c7291b6e8b7fc4dd7163700a04191b92060b61fabb3 - strip-components: 0 - - - uses: fetch - with: - uri: https://github.com/openresty/lua-nginx-module/archive/v${{vars.LUA_NGX_VERSION}}.tar.gz - expected-sha256: a75983287a2bdc5e964ace56a51b215dc2ec996639d4916cd393d6ebba94b565 - strip-components: 0 - - - uses: fetch - with: - uri: https://github.com/openresty/stream-lua-nginx-module/archive/v${{vars.LUA_STREAM_NGX_VERSION}}.tar.gz - expected-sha256: 8e2ff6ad5f91127da3c01757e7e654f1addf9769450d9159601d2cc153953c47 - strip-components: 0 - - - uses: fetch - with: - uri: https://github.com/openresty/lua-upstream-nginx-module/archive/${{vars.LUA_UPSTREAM_VERSION}}.tar.gz - expected-sha256: 41fd8c0edcd53e61ed5694ac8460043cc58fbc367acd7bb73e9c1a44c470168e - strip-components: 0 - - - uses: fetch - with: - uri: https://github.com/atomx/nginx-http-auth-digest/archive/v${{vars.NGINX_DIGEST_AUTH}}.tar.gz - expected-sha256: f09851e6309560a8ff3e901548405066c83f1f6ff88aa7171e0763bd9514762b - strip-components: 0 - - - uses: fetch - with: - uri: https://github.com/SpiderLabs/ModSecurity-nginx/archive/v${{vars.MODSECURITY_NGINX_VERSION}}.tar.gz - expected-sha256: 32a42256616cc674dca24c8654397390adff15b888b77eb74e0687f023c8751b - strip-components: 0 - - - uses: fetch - with: - uri: https://github.com/leev/ngx_http_geoip2_module/archive/${{vars.GEOIP2_VERSION}}.tar.gz - expected-sha256: b6c9c09fd43eb34a71e706ad780b2ead26549a9a9f59280fe558f5b7b980b7c6 - strip-components: 0 - - - runs: | - git clone https://github.com/google/ngx_brotli.git - cd ngx_brotli - git checkout ${{vars.NGX_BROTLI_SHA}} - git submodule init - git submodule update - - - name: Build NGINX - runs: | - export BUILD_PATH="${PWD}" - echo "BUILD_PATH $BUILD_PATH" - echo "Arch: $(uname -m)" - # improve compilation times - CORES=$(($(grep -c ^processor /proc/cpuinfo) - 1)) - - export LUAJIT_LIB="$(pkgconf --variable=libdir luajit)" - export LUAJIT_INC="$(pkgconf --variable=includedir luajit)" - export LUA_LIB_DIR="$LUAJIT_LIB/lua" - ln -s "$LUAJIT_INC" /usr/include/lua - export LUA_INCLUDE_DIR=/usr/include/luajit-2.1 - ln -s $LUA_INCLUDE_DIR /usr/include/lua5.1 - ARCH=$(uname -m) - - ls -lah ${BUILD_PATH}/lua-nginx-module-${{vars.LUA_NGX_VERSION}} - echo /usr/local/lib >> /etc/ld.so.conf - ldconfig - cat /etc/ld.so.conf - - mkdir -p ${{targets.destdir}}/etc/nginx/ - - # Lua code copied into the target - cp -ar rootfs/etc/nginx/. ${{targets.destdir}}/etc/nginx/ - - # Download owasp modsecurity crs - cd ${{targets.destdir}}/etc/nginx/ - - git clone -b ${{vars.OWASP_MODSECURITY_CRS_VERSION}} https://github.com/coreruleset/coreruleset owasp-modsecurity-crs - cd owasp-modsecurity-crs - - mv crs-setup.conf.example crs-setup.conf - mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf - mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf - - # OWASP CRS v3 rules - echo ' - Include /etc/nginx/owasp-modsecurity-crs/crs-setup.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf - Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf - ' > ${{targets.destdir}}/etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf - - - echo "::::::::::::::::::::::::::::::::::::::" - echo ":::: nginx-${{vars.NGINX_VERSION}} ::::" - echo "::::::::::::::::::::::::::::::::::::::" - - cd "$BUILD_PATH/nginx-${{vars.NGINX_VERSION}}" - - for p in $(ls $BUILD_PATH/images/nginx-1.25/rootfs/patches/*.patch); do - echo "Patching $p..." - patch -p1 $p - done - - WITH_FLAGS="--with-debug \ - --with-compat \ - --with-pcre-jit \ - --with-http_ssl_module \ - --with-http_stub_status_module \ - --with-http_realip_module \ - --with-http_auth_request_module \ - --with-http_addition_module \ - --with-http_gzip_static_module \ - --with-http_sub_module \ - --with-http_v2_module \ - --with-stream \ - --with-stream_ssl_module \ - --with-stream_realip_module \ - --with-stream_ssl_preread_module \ - --with-threads \ - --with-http_secure_link_module \ - --with-http_gunzip_module" - - WITH_MODULES=" \ - --add-module=${BUILD_PATH}/ngx_devel_kit-${{vars.NDK_VERSION}} \ - --add-module=${BUILD_PATH}/set-misc-nginx-module-${{vars.SETMISC_VERSION}} \ - --add-module=${BUILD_PATH}/headers-more-nginx-module-${{vars.MORE_HEADERS_VERSION}} \ - --add-module=${BUILD_PATH}/ngx_http_substitutions_filter_module-${{vars.NGINX_SUBSTITUTIONS}} \ - --add-module=${BUILD_PATH}/lua-nginx-module-${{vars.LUA_NGX_VERSION}} \ - --add-module=${BUILD_PATH}/stream-lua-nginx-module-${{vars.LUA_STREAM_NGX_VERSION}} \ - --add-module=${BUILD_PATH}/lua-upstream-nginx-module-${{vars.LUA_UPSTREAM_VERSION}} \ - --add-dynamic-module=${BUILD_PATH}/nginx-http-auth-digest-${{vars.NGINX_DIGEST_AUTH}} \ - --add-dynamic-module=${BUILD_PATH}/ModSecurity-nginx-${{vars.MODSECURITY_NGINX_VERSION}} \ - --add-dynamic-module=${BUILD_PATH}/ngx_http_geoip2_module-${{vars.GEOIP2_VERSION}} \ - --add-dynamic-module=${BUILD_PATH}/ngx_brotli" - - # "Combining -flto with -g is currently experimental and expected to produce unexpected results." - # https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html - CC_OPT="-g -O2 -fPIE -fstack-protector-strong \ - -Wformat \ - -Werror=format-security \ - -Wno-deprecated-declarations \ - -fno-strict-aliasing \ - -D_FORTIFY_SOURCE=2 \ - --param=ssp-buffer-size=4 \ - -DTCP_FASTOPEN=23 \ - -fPIC \ - -Wno-cast-function-type" - - LD_OPT="-fPIE -fPIC -pie -Wl,-z,relro -Wl,-z,now" - - if [[ ${ARCH} != "aarch64" ]]; then - WITH_FLAGS="${WITH_FLAGS} --with-file-aio" - fi - - if [[ ${ARCH} == "x86_64" ]]; then - CC_OPT="${CC_OPT} -m64 -mtune=generic" - fi - - echo "::::::::::::::::::::::::::::::::::::::::::::::::::::" - echo ":::: Configuring nginx-${{vars.NGINX_VERSION }} ::::" - echo "::::::::::::::::::::::::::::::::::::::::::::::::::" - - ./configure \ - --prefix=/usr \ - --conf-path=/etc/nginx/nginx.conf \ - --modules-path=/etc/nginx/modules \ - --http-log-path=/var/log/nginx/access.log \ - --error-log-path=/var/log/nginx/error.log \ - --lock-path=/var/lock/nginx.lock \ - --pid-path=/run/nginx.pid \ - --http-client-body-temp-path=/var/lib/nginx/body \ - --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ - --http-proxy-temp-path=/var/lib/nginx/proxy \ - --http-scgi-temp-path=/var/lib/nginx/scgi \ - --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ - ${WITH_FLAGS} \ - --without-mail_pop3_module \ - --without-mail_smtp_module \ - --without-mail_imap_module \ - --without-http_uwsgi_module \ - --without-http_scgi_module \ - --with-cc-opt="${CC_OPT}" \ - --with-ld-opt="${LD_OPT}" \ - --user=www-data \ - --group=www-data \ - ${WITH_MODULES} - - echo "::::::::::::::::::::::::::::::::::::::::::::::" - echo ":::: MAKE nginx-${{vars.NGINX_VERSION }} ::::" - echo "::::::::::::::::::::::::::::::::::::::::::::" - make -j$(nproc) - - echo ":::::::::::::::::::::::::::::::::::::::::::::::::" - echo ":::: MODULES nginx-${{vars.NGINX_VERSION }} ::::" - echo ":::::::::::::::::::::::::::::::::::::::::::::::::" - make DESTDIR="${{targets.destdir}}" modules - - echo "::::::::::::::::::::::::::::::::::::::::::::::::" - echo ":::: INSTALL nginx-${{vars.NGINX_VERSION }} ::::" - echo "::::::::::::::::::::::::::::::::::::::::::::::" - make DESTDIR="${{targets.destdir}}" install - - mkdir -p ${{targets.destdir}}/usr/bin - mv ${{targets.destdir}}/usr/sbin/nginx ${{targets.destdir}}/usr/bin/ - rm -rf ${{targets.destdir}}/usr/html - rm -rf ${{targets.destdir}}/usr/sbin - - echo "::::::::::::::::::::::::::::::::::::::::::::" - echo ":::::::::::::::: CLEANUP :::::::::::::::::::" - echo "::::::::::::::::::::::::::::::::::::::::::::" - - echo "Clean up owasp-modsecurity-crs" - rm -rf ${{targets.destdir}}/etc/nginx/owasp-modsecurity-crs/.git - rm -rf ${{targets.destdir}}/etc/nginx/owasp-modsecurity-crs/util/regression-tests - - - uses: strip - - - runs: | - echo "::::::::::::::::::::::::::::::::::::::::::" - echo ":::: SETCAP NGINX CONTROLLER ::::" - echo "::::::::::::::::::::::::::::::::::::::::::" - - setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx-ingress-controller \ - && setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx-ingress-controller - - echo "::::::::::::::::::::::::::::::::::::::::::" - echo ":::: SETCAP NGINX ::::" - echo "::::::::::::::::::::::::::::::::::::::::::" - - setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx \ - && setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx - - echo "::::::::::::::::::::::::::::::::::::::::::" - echo ":::: SETCAP DUMB INIT ::::" - echo "::::::::::::::::::::::::::::::::::::::::::" - - setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/dumb-init \ - && setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/dumb-init - -subpackages: - - name: ingress-nginx-controller-compat - description: Compatibility package for ingress-nginx-controller - dependencies: - runtime: - - modsecurity-config - pipeline: - - runs: | - mkdir -p ${{targets.subpkgdir}}/usr/local/bin - ln -s /usr/bin/nginx ${{targets.subpkgdir}}/usr/local/bin/nginx - - mkdir -p ${{targets.subpkgdir}}/usr/bin - ln -s /usr/bin/nginx-ingress-controller ${{targets.subpkgdir}}/nginx-ingress-controller - ln -s /usr/bin/waitshutdown ${{targets.subpkgdir}}/waitshutdown - ln -s /usr/bin/nginx-dbg ${{targets.subpkgdir}}/dbg - - mkdir -p ${{targets.subpkgdir}}/etc/nginx/modsecurity - ln -s /etc/modsecurity/modsecurity.conf-concurrent ${{targets.subpkgdir}}/etc/nginx/modsecurity/modsecurity.conf - ln -s /etc/modsecurity/unicode.mapping ${{targets.subpkgdir}}/etc/nginx/modsecurity/unicode.mapping - - mkdir -p ${{targets.subpkgdir}}/var/log/nginx - # Create symlinks to redirect nginx logs to stdout and stderr docker log collector - ln -sf /dev/stdout ${{targets.subpkgdir}}/var/log/nginx/access.log - ln -sf /dev/stderr ${{targets.subpkgdir}}/var/log/nginx/error.log - - # symlink to satisfy hard coded path to mimalloc - # https://github.com/kubernetes/ingress-nginx/blob/8f54b538d9b32649411d9e507ca38fbee55ce51c/charts/ingress-nginx/templates/controller-daemonset.yaml#L99-L100 - mkdir -p ${{targets.subpkgdir}}/usr/local/lib - ln -s /usr/lib/libmimalloc.so.1 ${{targets.subpkgdir}}/usr/local/lib/libmimalloc.so - - # This is a maintained fork of the unmaintained - # https://github.com/jet/kube-webhook-certgen/. We keep it as a - # subpackage of ingress-nginx-controller since the one use - # (kube-prometheus-stack charts) points to a hybrid tag of the - # $ingress-nginx-$kube-webhook-certgen version. # $ingress-nginx-$kube-webhook-certgen version. - - name: kube-webhook-certgen - description: Tools to help with self signed cert generation for Kubernetes test environment - pipeline: - - uses: go/build - with: - ldflags: -s -w -X 'github.com/jet/kube-webhook-certgen/core.Version=v${{package.version}}' - output: kube-webhook-certgen - modroot: ./images/kube-webhook-certgen/rootfs - packages: . - -update: - enabled: true - github: - identifier: kubernetes/ingress-nginx - strip-prefix: controller-v - tag-filter: "controller-v" - -test: - pipeline: - - runs: | - /usr/bin/nginx -v - /usr/bin/nginx-ingress-controller --version