saving this work for later: half-baked support for a built-in apiserv…

…er proxy.

- started working on proxy via kubectl, changed my mind because I would rather leverage built-in static content of apiserver
- started working on nginx proxy support, but now concerned about it buffering apiserver responses inappropriately; needs more research

hack/images/dcos/Makefile

@@ -5,6 +5,8 @@ FROM	?= $(current_dir)/_build/k8sm
 TARGET_OBJ = km kubectl
 SOURCE_OBJ = $(TARGET_OBJ:%=$(FROM)/%)
 
+NGINX_OBJ = $(current_dir)/_build/nginx
+
 IMAGE	?= kubernetes
 REPO	?= mesosphere/$(IMAGE)
 DCOS_VERSION ?= dev
@@ -53,7 +55,7 @@ DCOS_PREFIX ?= k8s-0.14.2-k8sm-0.5-dcos
 TAG	?= $(DCOS_PREFIX)-$(DCOS_VERSION)
 FQIN	?= $(REPO):$(TAG)
 
-.PHONY:	clean build push s6 $(S6_BINS) deps etcd $(ETCD_BINS) $(KUBE_DNS_TEMPLATES) version release promote check-sudo-docker info $(SOURCE_OBJ)
+.PHONY:	clean build push s6 $(S6_BINS) deps etcd $(ETCD_BINS) $(KUBE_DNS_TEMPLATES) version release promote check-sudo-docker info $(SOURCE_OBJ) $(NGINX_OBJ) nginx
 
 all:	build
 
@@ -114,3 +116,8 @@ info: check-sudo-docker
 
 $(SOURCE_OBJ): check-sudo-docker
 	test -x $@ || $(SUDO) docker run --rm -v $(FROM):/target -v $(shell cd ../../.. && pwd):/snapshot mesosphere/kubernetes-mesos:build make clean install
+
+nginx: $(NGINX_OBJ)
+
+$(NGINX_OBJ): check-sudo-docker
+	test -x $@ || (cd $(current_dir)/../nginx && $(SUDO) docker build -t build-nginx . && $(SUDO) docker run --rm -v $(current_dir)/_build:/target build-nginx)

hack/images/dcos/bootstrap.sh

@@ -26,6 +26,7 @@ apiserver_port=${APISERVER_PORT:-8888}
 apiserver_ro_port=${APISERVER_RO_PORT:-8889}
 apiserver_ro_host=${APISERVER_RO_HOST:-${default_dns_name}}
 apiserver_secure_port=${APISERVER_SECURE_PORT:-6443}
+apiproxy_port=${APIPROXY_PORT:-6444}
 
 scheduler_host=${SCHEDULER_HOST:-${default_dns_name}}
 scheduler_port=${SCHEDULER_PORT:-10251}
@@ -120,6 +121,22 @@ EOF
   prepare_service_depends etcd-server ${etcd_server_list}/v2/stats/store getsSuccess $deps
 }
 
+#
+# apiserver proxy via kubectl, allows us to serve up additional static content
+# once we upgrade to the v1 kubectl, we'll probably need the --accept-hosts param
+# TODO(jdef) Dockerfile needs to create /static/
+# TODO(jdef) ... use nginx instead of apiproxy so that we can just reuse the built-in apiserver UI
+#
+prepare_service ${monitor_dir} ${service_dir} apiproxy ${APIPROXY_RESPAWN_DELAY:-3} <<EOF
+#!/usr/bin/execlineb
+fdmove -c 2 1
+$apply_uids
+/opt/kubectl proxy
+  --server=http://$host_ip:$apiserver_port
+  --v=${APIPROXY_GLOG_v:-${logv}}
+  --port=$apiproxy_port
+EOF
+
 #
 # apiserver, uses frontend service proxy to connect with etcd
 #

hack/images/nginx/Dockerfile

@@ -0,0 +1,31 @@
+FROM ubuntu:14.04
+MAINTAINER James DeFelice <james@mesosphere.io>
+
+# generate static build of nginx using modified instructions from:
+# https://gist.github.com/rjeczalik/7057434
+
+# I hate running apt-get update but if I don't then the packages below
+# don't install properly.
+RUN apt-get update
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get -q -y install \
+  make wget libxslt1-dev libxml2-dev zlib1g-dev libpcre3-dev libbz2-dev libssl-dev
+
+WORKDIR /build
+RUN wget -O - http://nginx.org/download/nginx-1.8.0.tar.gz | tar zxf -
+
+WORKDIR nginx-1.8.0
+RUN wget -O - http://www.openssl.org/source/openssl-1.0.1o.tar.gz | tar zxf -
+
+RUN ./configure --prefix=/opt/nginx --with-cc-opt="-static -static-libgcc" \
+  --with-ld-opt="-static" --with-cpu-opt=generic --with-pcre \
+  --with-ipv6 --with-poll_module --with-select_module \
+  --with-rtsig_module --with-select_module --with-poll_module \
+  --with-http_ssl_module --with-http_spdy_module --with-http_realip_module \
+  --with-http_gunzip_module \
+  --with-http_gzip_static_module --with-http_auth_request_module \
+  --with-http_random_index_module --with-http_secure_link_module \
+  --with-http_degradation_module --with-openssl=./openssl-1.0.1o && make -j1
+
+VOLUME /target
+CMD cp -vpr /build/nginx-1.8.0/objs/nginx* /target/