Skip to content

Commit

Permalink
ingress-nginx-controller-fips: setcap after strip (chainguard-images#988
Browse files Browse the repository at this point in the history 
)

* ingress-nginx-controller-fips: setcap after strip

Signed-off-by: Nghia Tran <tcnghia@gmail.com>

* update to 1.9.4

Signed-off-by: Nghia Tran <tcnghia@gmail.com>

---------

Signed-off-by: Nghia Tran <tcnghia@gmail.com>
  • Loading branch information
@tcnghia
tcnghia authored Nov 10, 2023
1 parent 57283cf commit 46b6e17
Showing 1 changed file with 23 additions and 29 deletions.
52 changes: 23 additions & 29 deletions ingress-nginx-controller-fips.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
#nolint:valid-pipeline-fetch-digest
package:
name: ingress-nginx-controller-fips
version: 1.9.3
epoch: 1
version: 1.9.4
epoch: 0
description: "Ingress-NGINX Controller for Kubernetes"
copyright:
- license: Apache-2.0
Expand Down Expand Up @@ -35,7 +35,6 @@ package:
- lua-resty-upload
- brotli
- gd
- geoip
- libmaxminddb
- libxml2
- libxslt
Expand Down Expand Up @@ -67,7 +66,6 @@ environment:
- flex
- gcc
- gd-dev
- geoip-dev
- git
- go-fips
- libaio-dev
Expand Down Expand Up @@ -143,7 +141,7 @@ pipeline:
with:
repository: https://github.com/kubernetes/ingress-nginx
tag: controller-v${{package.version}}
expected-commit: 895bb1511d34cb1331e1a32055199f964338ece5
expected-commit: 5583f90c7f3525b6267747d6b07541c01218a9ea

- name: Build ingress-nginx controller from source
runs: |
Expand Down Expand Up @@ -176,11 +174,6 @@ pipeline:
-X ${PKG}/version.REPO=${REPO_INFO}" \
-o "${{targets.destdir}}/usr/bin/nginx-ingress-controller" ${PKG}/cmd/nginx
setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx-ingress-controller \
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx-ingress-controller
getcap ${{targets.destdir}}/usr/bin/nginx-ingress-controller
- uses: fetch
with:
uri: https://nginx.org/download/nginx-${{vars.NGINX_VERSION}}.tar.gz
Expand Down Expand Up @@ -280,9 +273,6 @@ pipeline:
mkdir -p ${{targets.destdir}}/etc/nginx/
# Geo ip data from nginx image
cp -ar images/nginx/rootfs/etc/nginx/. ${{targets.destdir}}/etc/nginx/
# Lua code copied into the target
cp -ar rootfs/etc/nginx/. ${{targets.destdir}}/etc/nginx/
Expand Down Expand Up @@ -351,7 +341,6 @@ pipeline:
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_addition_module \
--with-http_geoip_module \
--with-http_gzip_static_module \
--with-http_sub_module \
--with-http_v2_module \
Expand Down Expand Up @@ -443,26 +432,11 @@ pipeline:
echo "::::::::::::::::::::::::::::::::::::::::::::::"
make DESTDIR="${{targets.destdir}}" install
echo "::::::::::::::::::::::::::::::::::::::::::"
echo ":::: SETCAP NGINX ::::"
echo "::::::::::::::::::::::::::::::::::::::::::"
mkdir -p ${{targets.destdir}}/usr/bin
mv ${{targets.destdir}}/usr/sbin/nginx ${{targets.destdir}}/usr/bin/
rm -rf ${{targets.destdir}}/usr/html
rm -rf ${{targets.destdir}}/usr/sbin
setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx \
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx
echo "::::::::::::::::::::::::::::::::::::::::::"
echo ":::: SETCAP DUMB INIT ::::"
echo "::::::::::::::::::::::::::::::::::::::::::"
setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/dumb-init \
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/dumb-init
echo "::::::::::::::::::::::::::::::::::::::::::::"
echo ":::::::::::::::: CLEANUP :::::::::::::::::::"
echo "::::::::::::::::::::::::::::::::::::::::::::"
Expand All @@ -473,6 +447,26 @@ pipeline:
- uses: strip

- runs: |
echo "::::::::::::::::::::::::::::::::::::::::::"
echo ":::: SETCAP NGINX CONTROLLER ::::"
echo "::::::::::::::::::::::::::::::::::::::::::"
setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx-ingress-controller \
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx-ingress-controller
echo "::::::::::::::::::::::::::::::::::::::::::"
echo ":::: SETCAP NGINX ::::"
echo "::::::::::::::::::::::::::::::::::::::::::"
setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx \
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/nginx
echo "::::::::::::::::::::::::::::::::::::::::::"
echo ":::: SETCAP DUMB INIT ::::"
echo "::::::::::::::::::::::::::::::::::::::::::"
setcap cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/dumb-init \
&& setcap -v cap_net_bind_service=+ep ${{targets.destdir}}/usr/bin/dumb-init
subpackages:
- name: ingress-nginx-controller-fips-compat
description: Compatibility package for ingress-nginx-controller-fips
Expand Down

0 comments on commit 46b6e17

Please sign in to comment.