K8s Proxy CI Build (#1233)

* adding the new k8s-proxy container to the server build * updating the file path fore the new dockerfile
2024-11-21 12:05:42 +01:00 · 2021-03-23 11:19:01 -07:00 · 2021-03-23 11:19:01 -07:00 · 7bb26a7203
commit 7bb26a7203
parent 07f37d1f74
6 changed files with 90 additions and 0 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -75,6 +75,7 @@ jobs:
          echo "${{ secrets.DOCKER_REPO_EVENTS_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_EVENTS_ID.key
          echo "${{ secrets.DOCKER_REPO_ADMIN_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_ADMIN_ID.key
          echo "${{ secrets.DOCKER_REPO_NGINX_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_NGINX_ID.key
+          echo "${{ secrets.DOCKER_REPO_K8SPROXY_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_K8SPROXY_ID.key
          echo "${{ secrets.DOCKER_REPO_SSO_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_SSO_ID.key
          echo "${{ secrets.DOCKER_REPO_PORTAL_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_PORTAL_ID.key
          echo "${{ secrets.DOCKER_REPO_MSSQL_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_MSSQL_ID.key
@ -90,6 +91,7 @@ jobs:
          DOCKER_REPO_EVENTS_ID: "1020320052e6247f3c5fbfc2a3bfb0efc7e247f8a5a187dc03f60848359ac7c9"
          DOCKER_REPO_ADMIN_ID: "c5d80db8745fcd7a1510c3fba5c65582cfc2453d2b1eeb292abe79eb1351cf5c"
          DOCKER_REPO_NGINX_ID: "bf3d3247f5c2be73bbe830cddbae445c29e4fcc9e2fb4b4d39abf86a2740098b"
+          DOCKER_REPO_K8SPROXY_ID: "bdad34c1202b2bbf8a460b66da08b2c1c1eea5864b29508782c00da145eb1fcd"
          DOCKER_REPO_SSO_ID: "97a5f6d29b255ff709ec63faad27c2f76246f006563bf3ecbb71547325c05815"
          DOCKER_REPO_PORTAL_ID: "4f358aa0a41c9a6650f5d2f907c2de418df34ddf3ee45e0994be7cc2dcd0b56e"
          DOCKER_REPO_MSSQL_ID: "30a44d7efbe48d30ed06abef003d2d8990205dad6a034617cddc03548f8c084e"
--- a/build.sh
+++ b/build.sh
@ -21,6 +21,7 @@ then
    docker push bitwarden/events:$TAG
    docker push bitwarden/admin:$TAG
    docker push bitwarden/nginx:$TAG
+    docker push bitwarden/k8s-proxy:$TAG
    docker push bitwarden/sso:$TAG
    docker push bitwarden/portal:$TAG
    docker push bitwarden/mssql:$TAG
@ -40,6 +41,7 @@ then
    docker tag bitwarden/events bitwarden/events:$TAG
    docker tag bitwarden/admin bitwarden/admin:$TAG
    docker tag bitwarden/nginx bitwarden/nginx:$TAG
+    docker tag bitwarden/nginx bitwarden/k8s-proxy:$TAG
    docker tag bitwarden/sso bitwarden/sso:$TAG
    docker tag bitwarden/portal bitwarden/portal:$TAG
    docker tag bitwarden/mssql bitwarden/mssql:$TAG
--- a/util/Nginx/.dockerignore
+++ b/util/Nginx/.dockerignore
@ -6,3 +6,4 @@
 !security-headers-ssl.conf
 !mime.types
 !logrotate.sh
+!setup-bwuser.sh
--- a/util/Nginx/Dockerfile-k8s
+++ b/util/Nginx/Dockerfile-k8s
@ -0,0 +1,40 @@
+FROM nginx:1.18
+
+LABEL com.bitwarden.product="bitwarden"
+
+ENV USERNAME="bitwarden"
+ENV GROUPNAME="bitwarden"
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        gosu \
+        curl && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY proxy.conf /etc/nginx/proxy.conf
+COPY mime.types /etc/nginx/mime.types
+COPY security-headers.conf /etc/nginx/security-headers.conf
+COPY security-headers-ssl.conf /etc/nginx/security-headers.conf
+
+COPY setup-bwuser.sh /
+
+EXPOSE 8000
+
+EXPOSE 8080
+EXPOSE 8443
+
+RUN chmod +x /setup-bwuser.sh
+
+RUN ./setup-bwuser.sh $USERNAME $GROUPNAME
+
+RUN mkdir -p /var/run/nginx && \
+    touch /var/run/nginx/nginx.pid
+RUN chown -R $USERNAME:$GROUPNAME /var/run/nginx && \
+    chown -R $USERNAME:$GROUPNAME /var/cache/nginx && \
+    chown -R $USERNAME:$GROUPNAME /var/log/nginx
+    
+
+HEALTHCHECK CMD curl --insecure -Lfs https://localhost:8443/alive || curl -Lfs http://localhost:8080/alive || exit 1
+
+USER bitwarden
--- a/util/Nginx/build.sh
+++ b/util/Nginx/build.sh
@ -8,3 +8,9 @@ echo -e "\n## Building Nginx"
 echo -e "\nBuilding docker image"
 docker --version
 docker build -t bitwarden/nginx "$DIR/."
+
+
+echo -e "\n## Building k8s-proxy"
+
+echo -e "\nBuilding docker image"
+docker build -f $DIR/Dockerfile-k8s -t bitwarden/k8s-proxy "$DIR/."
--- a/util/Nginx/setup-bwuser.sh
+++ b/util/Nginx/setup-bwuser.sh
@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Setup
+
+
+if [ -n $1 ]; then
+    USERNAME=$1
+else
+    echo "[!] setup-bwuser.sh is missing username"
+    exit 1
+fi
+if [ -n $2 ]; then
+    GROUPNAME=$2
+else
+    echo "[!] setup-bwuser.sh is missing groupname"
+    exit 1
+fi
+
+LUID=${LOCAL_UID:-0}
+LGID=${LOCAL_GID:-0}
+
+# Step down from host root to well-known nobody/nogroup user
+
+if [ $LUID -eq 0 ]
+then
+    LUID=65534
+fi
+if [ $LGID -eq 0 ]
+then
+    LGID=65534
+fi
+
+# Create user and group
+
+groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
+groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
+useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
+usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
+mkhomedir_helper $USERNAME