Merge pull request #90 from galal-hussein/add_chroot_support

Add chroot image support
rancher · Apr 22, 2022 · ed481d5 · ed481d5
2 parents eb73b4f + f295483
commit ed481d5
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 22 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -219,6 +219,21 @@ steps:
     when:
       event:
         - tag
+  - name: push-manifest-chroot
+    image: plugins/manifest:1.0.2
+    settings:
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      platforms:
+        - linux/amd64
+        - linux/s390x
+      target: "rancher/nginx-ingress-controller-chroot:${DRONE_TAG}"
+      template: "rancher/nginx-ingress-controller-chroot:${DRONE_TAG}-ARCH"
+    when:
+      event:
+        - tag
 
 volumes:
   - name: docker

diff --git a/Makefile b/Makefile
@@ -240,3 +240,14 @@ release: ensure-buildx clean
 		--build-arg COMMIT_SHA="$(COMMIT_SHA)" \
 		--build-arg BUILD_ID="$(BUILD_ID)" \
 		-t $(REGISTRY)/nginx-ingress-controller:$(TAG)-$(PLATFORMS) rootfs
+
+	@docker buildx build \
+			--no-cache \
+			--push \
+			--progress plain \
+			--platform $(subst $(SPACE),$(COMMA),$(PLATFORMS)) \
+			--build-arg BASE_IMAGE="$(BASE_IMAGE)" \
+			--build-arg VERSION="$(TAG)" \
+			--build-arg COMMIT_SHA="$(COMMIT_SHA)" \
+			--build-arg BUILD_ID="$(BUILD_ID)" \
+			-t $(REGISTRY)/nginx-ingress-controller-chroot:$(TAG)-$(PLATFORMS) rootfs -f rootfs/Dockerfile.chroot
diff --git a/rootfs/Dockerfile.chroot b/rootfs/Dockerfile.chroot
@@ -19,11 +19,7 @@ FROM ${BASE_IMAGE} as chroot
 # This intermediary image will be used only to copy all the required files to the chroot
 # TODO: Simplify in a future to a single Dockerfile
 COPY chroot.sh /chroot.sh
-RUN apk update \
-  && apk upgrade \
-  && /chroot.sh
-
-FROM alpine:3.14.6
+RUN /chroot.sh
 
 ARG TARGETARCH
 ARG VERSION
@@ -45,22 +41,14 @@ ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1
 ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;"
 ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin
 
-RUN apk update \
-  && apk upgrade \
-  && apk add -U --no-cache \
+RUN microdnf install -y \
      bash \
      curl \
      openssl \
      ca-certificates \
-     dumb-init \
      tzdata \
      diffutils \
-     util-linux \
-  && ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \
-  && adduser -S -D -H -u 101 -h /usr/local/nginx \
-    -s /sbin/nologin -G www-data -g www-data www-data 
-
-COPY --from=chroot /chroot /chroot
+     util-linux 
 
 COPY --chown=www-data:www-data etc /chroot/etc
 
@@ -82,16 +70,14 @@ RUN bash -xeu -c ' \
     chown -R www-data.www-data ${dir}; \
   done'
 
-RUN apk add --no-cache libcap \
-  && setcap    cap_sys_chroot,cap_net_bind_service=+ep /nginx-ingress-controller \
+RUN setcap    cap_sys_chroot,cap_net_bind_service=+ep /nginx-ingress-controller \
   && setcap -v cap_sys_chroot,cap_net_bind_service=+ep /nginx-ingress-controller \
   && setcap    cap_sys_chroot,cap_net_bind_service=+ep /usr/bin/unshare \
   && setcap -v cap_sys_chroot,cap_net_bind_service=+ep /usr/bin/unshare \
   && setcap    cap_net_bind_service=+ep /chroot/usr/local/nginx/sbin/nginx \
   && setcap -v cap_net_bind_service=+ep /chroot/usr/local/nginx/sbin/nginx \
   && setcap    cap_sys_chroot,cap_net_bind_service=+ep /usr/bin/dumb-init \
-  && setcap -v cap_sys_chroot,cap_net_bind_service=+ep /usr/bin/dumb-init \
-  && apk del libcap
+  && setcap -v cap_sys_chroot,cap_net_bind_service=+ep /usr/bin/dumb-init 
 
 RUN  ln -sf /chroot/etc/nginx /etc/nginx \
   && ln -sf /chroot/tmp/nginx /tmp/nginx \

diff --git a/rootfs/chroot.sh b/rootfs/chroot.sh
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-set -x
+set -ex
 writeDirs=( \
   /chroot/etc/nginx \
   /chroot/usr/local/ \
@@ -40,11 +40,12 @@ for dir in "${writeDirs[@]}"; do
   chown -R www-data.www-data ${dir};
 done
 
-mkdir -p  /chroot/lib /chroot/proc /chroot/usr /chroot/bin /chroot/dev /chroot/run 
+mkdir -p  /chroot/lib /chroot/lib64 /chroot/proc /chroot/usr /chroot/bin /chroot/dev /chroot/run 
 cp /etc/passwd /etc/group /chroot/etc/
 cp -a /usr/* /chroot/usr/
 cp -a /etc/nginx/* /chroot/etc/nginx/
-cp /lib/ld-musl-* /lib/libcrypto* /lib/libssl* /lib/libz* /chroot/lib/
+# no need to copy each library since 
+cp /lib64/libcrypto* /lib64/libssl* /lib64/libz* /chroot/lib64/
 mknod -m 0666 /chroot/dev/null c 1 3
 mknod -m 0666 /chroot/dev/random c 1 8
 mknod -m 0666 /chroot/dev/urandom c 1 9