ingress

.github/actions/setup/action.yaml

@@ -0,0 +1,16 @@
+name: "Setup"
+description: "install docker and qemu"
+inputs:
+  root:
+    description: |
+      Project root directory.
+      Default '.'
+    default: '.'
+runs:
+  using: composite
+  steps:
+  - uses: docker/setup-qemu-action@v3
+    with:
+      platforms: amd64,arm64
+  - uses: docker/setup-buildx-action@v3
+

.github/workflows/ingress-base.yaml

@@ -15,9 +15,14 @@ on:
         description: 'branch or tag name, should compatibe with SCRIPT_VERSION'
         required: true
         default: 'release-1.9'
+      arch:
+        description: 'arch'
+        required: true
+        default: 'amd64'
 env:
   PROJECT: ingress-nginx
   BRANCH: release-1.9 # NOTICE, SCRIPT_VERSION must comtible
+  ARCH: amd64
   SCRIPT_VERSION: 1.9
   REGISTRY_NAME: "docker.io"
   REGISTRY_USER: "${{ secrets.DOCKER_HUB_USER }}"

.github/workflows/ingress.yaml

@@ -15,12 +15,10 @@ on:
         description: 'branch or tag name, should compatibe with SCRIPT_VERSION'
         required: true
         default: 'release-1.9'
-
 env:
   PROJECT: ingress-nginx
-  BRANCH: release-1.9 # NOTICE, SCRIPT_VERSION must comtible
-  SCRIPT_VERSION: 1.9
-
+  BRANCH:  release-1.9 # release-1.9 or nginx-0.49.3-es, SCRIPT_VERSION must comtible
+  SCRIPT_VERSION: 1.9 #1.9 or 0.49 
   REGISTRY_NAME: "docker.io"
   REGISTRY_USER: "${{ secrets.DOCKER_HUB_USER }}"
   REGISTRY_PASS: "${{ secrets.DOCKER_HUB_PASSWORD }}"
@@ -30,65 +28,71 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
+    - uses: actions/checkout@v4
+    - uses: ./.github/actions/setup
+    - name: Login to Registry
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ env.REGISTRY_NAME }}
+        username: ${{ env.REGISTRY_USER }}
+        password: ${{ env.REGISTRY_PASS }}
+
+    - name: Check out build code
+      uses: actions/checkout@v4
+      with:
+        repository: easystack/${{ env.PROJECT }}
+        ref: ${{ env.BRANCH }}
+        token: ${{ secrets.KPULL }} 
+        path: ${{ env.PROJECT }}
+
     - name: Setting
       run: |
         set -x
-      
+        echo "ARCH=arm64"  >> $GITHUB_ENV  
+        if [ $(arch) = "x86_64" ];then
+            echo "ARCH=amd64"  >> $GITHUB_ENV      
+        fi
+
         if ${{ github.event_name == 'workflow_dispatch' }} ; then
             echo "BRANCH=${{ github.event.inputs.branch }}"  >> $GITHUB_ENV
-            echo "SCRIPT_VERSION=${{ github.event.inputs.script_version }}"  >> $GITHUB_ENV    
+            echo "SCRIPT_VERSION=${{ github.event.inputs.script_version }}"  >> $GITHUB_ENV 
         fi
 
         echo "trigger by ${{ github.event_name }}"
         echo "BRANCH is ${{ env.BRANCH }}"
         echo "SCRIPT_VERSION is ${{ env.SCRIPT_VERSION }}"
-
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-
-    - name: Check out repo code
-      uses: actions/checkout@v4
-
-    - name: Check out build code
-      uses: actions/checkout@v4
-      with:
-        repository: easystack/${{ env.PROJECT }}
-        ref: ${{ env.BRANCH }}
-        token: ${{ secrets.KPULL }} 
-        path: ${{ env.PROJECT }}
-
-    - name: Login to Registry
-      uses: docker/login-action@v2
-      with:
-        registry: ${{ env.REGISTRY_NAME }}
-        username: ${{ env.REGISTRY_USER }}
-        password: ${{ env.REGISTRY_PASS }}
+        echo "ARCH is ${{ env.ARCH }}"
 
     - name: Image Build And Push
       shell: bash
       run: |
         set -ex
+        export ARCH=${{ env.ARCH }}
+        export REGISTRY=${{ env.REGISTRY_NAME }}/yylt
+        export BASE_IMAGE=${REGISTRY}/ingress:${ARCH}-base-${{ env.SCRIPT_VERSION }}
+
+        # 覆盖, 支持 sm 密码 ssl 库
+        cp -f ingress/build-${{ env.SCRIPT_VERSION }}.sh ${{ env.PROJECT }}/images/nginx/rootfs/build.sh
+        cp -f ingress/Dockerfile-${{ env.SCRIPT_VERSION }} ${{ env.PROJECT }}/images/nginx/rootfs/Dockerfile
+        cp -f ingress/Dockerfile-ingress-${{ env.SCRIPT_VERSION }} ${{ env.PROJECT }}/rootfs/Dockerfile
         
+        # 删除 openssl 相关
+        sed -i '/openssl/d' ${{ env.PROJECT }}/images/nginx/rootfs/Dockerfile
+
+        # build 
         cd ${{ env.PROJECT }}
-        export REGISTRY=${{ env.REGISTRY_NAME }}/yylt
-        export BASE_IMAGE=yylt/nginx:${{ env.SCRIPT_VERSION }}
 
-        # build x86
-        export ARCH=amd64
-        export PLATFORM=linux/${ARCH}
-        make build
-        make image
-        docker tag ${REGISTRY}/controller:$(cat TAG) ${REGISTRY}/ingress:${ARCH}-${{ env.SCRIPT_VERSION }}
-        docker push ${REGISTRY}/ingress:${ARCH}-${{ env.SCRIPT_VERSION }}
+        # base base image
+        docker buildx build \
+          --no-cache \
+          --platform linux/${ARCH} \
+          --output "type=image,push=true" \
+          --tag ${BASE_IMAGE} \
+          --file ./images/nginx/rootfs/Dockerfile ./images/nginx/rootfs
 
-        docker rmi yylt/nginx:${{ env.SCRIPT_VERSION }} # 需删除，无法拉取不同架构
-        # build arm64
-        export ARCH=arm64
+        # build ingress image
+        
         export PLATFORM=linux/${ARCH}
-        make build
-        make image
+        make build && make image
         docker tag ${REGISTRY}/controller:$(cat TAG) ${REGISTRY}/ingress:${ARCH}-${{ env.SCRIPT_VERSION }}
         docker push ${REGISTRY}/ingress:${ARCH}-${{ env.SCRIPT_VERSION }}

ingress/Dockerfile-1.9

@@ -0,0 +1,61 @@
+FROM debian:11-slim as builder
+
+COPY . /
+
+RUN /build.sh
+
+# Use a multi-stage build
+FROM debian:11-slim
+
+ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin
+
+ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;"
+ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;"
+
+COPY --from=builder /usr/local /usr/local
+COPY --from=builder /opt /opt
+COPY --from=builder /etc/nginx /etc/nginx
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        bash \
+        util-linux \
+        libpcre3 \
+        libpcre3-dev \
+        zlib1g \
+        zlib1g-dev \
+        libmaxminddb-dev \
+        libxslt1-dev \
+        libgeoip-dev \
+        ca-certificates \
+        patch \
+        libaio-dev \
+        lmdb-utils \
+        libcurlpp-dev \
+        libprotobuf-dev \
+        libyajl-dev \
+        libxml2 libxml2-dev \
+        libmaxminddb-dev \
+        libyaml-cpp-dev \
+        coreutils \
+        tzdata \
+  &&  rm -rf /var/lib/apt/lists/* \
+  && ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \
+  && bash -eu -c ' \
+  writeDirs=( \
+  /var/log/nginx \
+  /var/lib/nginx/body \
+  /var/lib/nginx/fastcgi \
+  /var/lib/nginx/proxy \
+  /var/lib/nginx/scgi \
+  /var/lib/nginx/uwsgi \
+  /var/log/audit \
+  ); \
+  for dir in "${writeDirs[@]}"; do \
+  mkdir -p ${dir}; \
+  chown -R www-data.www-data ${dir}; \
+  done'
+
+EXPOSE 80 443
+
+CMD ["nginx", "-g", "daemon off;"]

ingress/Dockerfile-ingress-1.9

@@ -0,0 +1,69 @@
+ARG BASE_IMAGE
+
+FROM ${BASE_IMAGE}
+
+ARG TARGETARCH
+ARG VERSION
+ARG COMMIT_SHA
+ARG BUILD_ID=UNSET
+
+LABEL org.opencontainers.image.title="NGINX Ingress Controller for Kubernetes"
+LABEL org.opencontainers.image.documentation="https://kubernetes.github.io/ingress-nginx/"
+LABEL org.opencontainers.image.source="https://github.com/kubernetes/ingress-nginx"
+LABEL org.opencontainers.image.vendor="The Kubernetes Authors"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.version="${VERSION}"
+LABEL org.opencontainers.image.revision="${COMMIT_SHA}"
+
+LABEL build_id="${BUILD_ID}"
+
+WORKDIR  /etc/nginx
+
+COPY --chown=www-data:www-data etc /etc
+
+COPY --chown=www-data:www-data bin/${TARGETARCH}/dbg /
+COPY --chown=www-data:www-data bin/${TARGETARCH}/nginx-ingress-controller /
+COPY --chown=www-data:www-data bin/${TARGETARCH}/wait-shutdown /
+
+
+# Fix permission during the build to avoid issues at runtime
+# with volumes (custom templates)
+RUN bash -xeu -c ' \
+  writeDirs=( \
+    /etc/ingress-controller \
+    /etc/ingress-controller/ssl \
+    /etc/ingress-controller/auth \
+    /var/log \
+    /var/log/nginx \
+    /tmp/nginx \
+  ); \
+  for dir in "${writeDirs[@]}"; do \
+    mkdir -p ${dir}; \
+    chown -R www-data.www-data ${dir}; \
+  done' 
+
+  # LD_LIBRARY_PATH does not work so below is needed for  opentelemetry/other modules
+  # Put libs of newer modules under `/modules_mount/<other>/lib` and add that path below
+  # Could get complicated arch specific paths become a need
+  #&& echo "/lib:/usr/lib:/usr/local/lib:/modules_mount/etc/nginx/modules/otel" > /etc/ld-musl-x86_64.path
+
+ENV LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/modules_mount/etc/nginx/modules/otel
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends dumb-init diffutils libcap2-bin \
+    && setcap    cap_net_bind_service=+ep /nginx-ingress-controller \
+    && setcap -v cap_net_bind_service=+ep /nginx-ingress-controller \
+    && setcap    cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \
+    && setcap -v cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \
+    && setcap    cap_net_bind_service=+ep /usr/bin/dumb-init \
+    && setcap -v cap_net_bind_service=+ep /usr/bin/dumb-init \
+    && ln -sf /usr/local/nginx/sbin/nginx /usr/bin/nginx \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    rm -rf /var/lib/apt/lists/* 
+
+USER www-data
+
+ENTRYPOINT ["/usr/bin/dumb-init", "--"]
+
+CMD ["/nginx-ingress-controller"]

ingress/build-0.49.sh

@@ -335,7 +335,7 @@ git config --global --add core.compression -1
 cd "$BUILD_PATH/GmSSL-$GMSSL_VERSION"
 mkdir build && cd build
 cmake ..
-make && make test && make install
+make && make install
 
 cd "$BUILD_PATH/OpenSSL-Compatibility-Layer-$GMSSL_LAYER_VERSION"
 mkdir build && cd build