Refactor Dockerfile and Makefile #1241
Conversation
|
If this looks good the docs will be updated. |
|
Overall, looks very clean indeed! |
lucacome
force-pushed
the
update-crd-gen
branch
from
035e00c
to
fb324a4
Compare
lucacome
force-pushed
the
cleanup-makefile
branch
from
d313a0d
to
fb324a4
Compare
lucacome
force-pushed
the
cleanup-makefile
branch
from
589a649
to
23297eb
Compare
lucacome
force-pushed
the
cleanup-makefile
branch
from
2ba0cb0
to
cba8a10
Compare
|
Can you resolve the mixed indentation introduced in 095a751 in this PR? |
lucacome
force-pushed
the
cleanup-makefile
branch
from
3c634e2
to
bd2f147
Compare
lucacome
force-pushed
the
cleanup-makefile
branch
2 times, most recently
from
69c3823
to
a85fad3
Compare
|
I think the |
Sure, @lucacome I can change the secrets. To allow for a transition though, it would probably be better to create new, unencoded secrets first, then I can change the names of the secrets back in a later PR. I'll let you know when I have that done. Also, the same changes are going to have to be added to the nightly.yml file too. |
There was a problem hiding this comment.
Changes look good.
Seeing as NGINX Plus supports Alpine since R17 is there anything stopping us from making our Plus image Alpine based instead of Debian? - Just wondering, could be done in a separate PR.
lucacome
force-pushed
the
cleanup-makefile
branch
4 times, most recently
from
04bf974
to
ed0be6c
Compare
lucacome
force-pushed
the
cleanup-makefile
branch
from
bf43a34
to
cb819e2
Compare
github-actions
bot
added
dependencies
lucacome
force-pushed
the
cleanup-makefile
branch
from
cb819e2
to
6ccaeeb
Compare
Co-authored-by: Jodie Putrino <j.putrino@f5.com>
There was a problem hiding this comment.
Hi @lucacome
Could we make the default TARGET=container. Otherwise, if you just follow instructions here https://deploy-preview-1241--nginx-kubernetes-ingress.netlify.app/nginx-ingress-controller/installation/building-ingress-controller-image/#building-the-image-and-pushing-it-to-the-private-registry , you will get :
$ make debian-image-plus PREFIX=myregistry.example.com/nginx-plus-ingress
Docker version 20.10.4, build d3cb89e
make: go: Command not found
make: *** [Makefile:51: build] Error 127
Note that previously we had build in container enabled as default. This is for users/customers, as we don't expect them to have the go installed/configured on their systems.
Also I added the "change" label to this PR, as it introduces two changes:
- changes in
Makefile- customers will need to use different command and arguments to build the images - changes in Dockerfiles - customers who customized their Dockerfiles will have to migrate their customizations to the new Dockerfile.
Those changes will have to be reflected in our CHANELOG. Could you update the description of this PR with upgrade notes related to the two changes? This way we will insert them into our CHANGELOG into the UPGRADE section.
Also, I left a number of additional comments
| && apt-get update \ | ||
| && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates gnupg wget \ | ||
| && wget https://nginx.org/keys/nginx_signing.key \ | ||
| && gpg --no-default-keyring --keyring nginx_keyring.gpg --import nginx_signing.key \ |
There was a problem hiding this comment.
just to double check, are these instructions https://github.com/nginxinc/kubernetes-ingress/blob/master/build/DockerfileForPlus#L22-L31 no longer necessary?
|
|
||
|
|
||
| RUN mkdir licenses | ||
| COPY --chown=nginx:0 LICENSE /licenses |
There was a problem hiding this comment.
does this mean we will expose our license in all OpenShift images, including the ones for OSS that we publish on DockerHub?
also, should we mount it as NGINX Plus key ?
There was a problem hiding this comment.
no this is just the apache license
| --mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ | ||
| apt-get update && apt-get install -y apt-transport-https libcap2-bin nginx-plus=${NGINX_PLUS_VERSION} nginx-plus-module-njs=${NGINX_NJS_VERSION} \ | ||
| && apt-get purge --auto-remove -y apt-transport-https \ | ||
| && rm -rf /var/lib/apt/lists/* |
There was a problem hiding this comment.
what about removing files /etc/apt/apt.conf.d/90nginx /etc/apt/sources.list.d/nginx-plus.list like we do here https://github.com/nginxinc/kubernetes-ingress/blob/master/build/DockerfileForPlus#L46 ?
There was a problem hiding this comment.
they're needed in the ap stage
| @@ -22,6 +22,7 @@ class RBACAuthorization: | |||
| role (str): cluster role name | |||
| binding (str): cluster role binding name | |||
| """ | |||
|
|
|||
There was a problem hiding this comment.
seems like irrelevant changes for this PR
Co-authored-by: Michael Pleshakov <pleshakov@users.noreply.github.com>
I've added a note in the docs and errors in the Makefile, to use |
lucacome
changed the title
|
Hi @TechIsCool thanks for pointing this out, the documentation is for https://github.com/nginxinc/kubernetes-ingress/releases/tag/v1.10.0. This change will go in v1.11.0 so it will be updated once we release that. Unfortunately, we don't have documentation for the I'll see if we can update that blog post once we release v1.11.0. Thanks! |
Proposed changes