-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor Dockerfile and Makefile #1241
Conversation
If this looks good the docs will be updated. |
Overall, looks very clean indeed! |
035e00c
to
fb324a4
Compare
d313a0d
to
fb324a4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great 😍
Just some typos and one suggestion/question.
589a649
to
23297eb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some really good changes here, looks much cleaner!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. I think you can proceed with the docs.
2ba0cb0
to
cba8a10
Compare
Can you resolve the mixed indentation introduced in 095a751 in this PR? |
3c634e2
to
bd2f147
Compare
69c3823
to
a85fad3
Compare
I think the |
Sure, @lucacome I can change the secrets. To allow for a transition though, it would probably be better to create new, unencoded secrets first, then I can change the names of the secrets back in a later PR. I'll let you know when I have that done. Also, the same changes are going to have to be added to the nightly.yml file too. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good.
Seeing as NGINX Plus supports Alpine since R17 is there anything stopping us from making our Plus image Alpine based instead of Debian? - Just wondering, could be done in a separate PR.
04bf974
to
ed0be6c
Compare
bf43a34
to
cb819e2
Compare
cb819e2
to
6ccaeeb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just a few suggestions
Co-authored-by: Jodie Putrino <j.putrino@f5.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @lucacome
Could we make the default TARGET=container
. Otherwise, if you just follow instructions here https://deploy-preview-1241--nginx-kubernetes-ingress.netlify.app/nginx-ingress-controller/installation/building-ingress-controller-image/#building-the-image-and-pushing-it-to-the-private-registry , you will get :
$ make debian-image-plus PREFIX=myregistry.example.com/nginx-plus-ingress
Docker version 20.10.4, build d3cb89e
make: go: Command not found
make: *** [Makefile:51: build] Error 127
Note that previously we had build in container enabled as default. This is for users/customers, as we don't expect them to have the go installed/configured on their systems.
Also I added the "change" label to this PR, as it introduces two changes:
- changes in
Makefile
- customers will need to use different command and arguments to build the images - changes in Dockerfiles - customers who customized their Dockerfiles will have to migrate their customizations to the new Dockerfile.
Those changes will have to be reflected in our CHANELOG. Could you update the description of this PR with upgrade notes related to the two changes? This way we will insert them into our CHANGELOG into the UPGRADE section.
Also, I left a number of additional comments
&& apt-get update \ | ||
&& apt-get install --no-install-recommends --no-install-suggests -y ca-certificates gnupg wget \ | ||
&& wget https://nginx.org/keys/nginx_signing.key \ | ||
&& gpg --no-default-keyring --keyring nginx_keyring.gpg --import nginx_signing.key \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just to double check, are these instructions https://github.com/nginxinc/kubernetes-ingress/blob/master/build/DockerfileForPlus#L22-L31 no longer necessary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes
|
||
|
||
RUN mkdir licenses | ||
COPY --chown=nginx:0 LICENSE /licenses |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this mean we will expose our license in all OpenShift images, including the ones for OSS that we publish on DockerHub?
also, should we mount it as NGINX Plus key ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no this is just the apache license
--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ | ||
apt-get update && apt-get install -y apt-transport-https libcap2-bin nginx-plus=${NGINX_PLUS_VERSION} nginx-plus-module-njs=${NGINX_NJS_VERSION} \ | ||
&& apt-get purge --auto-remove -y apt-transport-https \ | ||
&& rm -rf /var/lib/apt/lists/* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about removing files /etc/apt/apt.conf.d/90nginx /etc/apt/sources.list.d/nginx-plus.list
like we do here https://github.com/nginxinc/kubernetes-ingress/blob/master/build/DockerfileForPlus#L46 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
they're needed in the ap stage
@@ -22,6 +22,7 @@ class RBACAuthorization: | |||
role (str): cluster role name | |||
binding (str): cluster role binding name | |||
""" | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems like irrelevant changes for this PR
Co-authored-by: Michael Pleshakov <pleshakov@users.noreply.github.com>
I've added a note in the docs and errors in the Makefile, to use |
Hi @TechIsCool thanks for pointing this out, the documentation is for https://github.com/nginxinc/kubernetes-ingress/releases/tag/v1.10.0. This change will go in v1.11.0 so it will be updated once we release that. Unfortunately, we don't have documentation for the I'll see if we can update that blog post once we release v1.11.0. Thanks! |
Proposed changes