1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00

K8s Proxy CI Build (#1233)

* adding the new k8s-proxy container to the server build

* updating the file path fore the new dockerfile
This commit is contained in:
Joseph Flinn 2021-03-23 11:19:01 -07:00 committed by GitHub
parent 07f37d1f74
commit 7bb26a7203
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 90 additions and 0 deletions

View File

@ -75,6 +75,7 @@ jobs:
echo "${{ secrets.DOCKER_REPO_EVENTS_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_EVENTS_ID.key
echo "${{ secrets.DOCKER_REPO_ADMIN_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_ADMIN_ID.key
echo "${{ secrets.DOCKER_REPO_NGINX_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_NGINX_ID.key
echo "${{ secrets.DOCKER_REPO_K8SPROXY_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_K8SPROXY_ID.key
echo "${{ secrets.DOCKER_REPO_SSO_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_SSO_ID.key
echo "${{ secrets.DOCKER_REPO_PORTAL_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_PORTAL_ID.key
echo "${{ secrets.DOCKER_REPO_MSSQL_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_MSSQL_ID.key
@ -90,6 +91,7 @@ jobs:
DOCKER_REPO_EVENTS_ID: "1020320052e6247f3c5fbfc2a3bfb0efc7e247f8a5a187dc03f60848359ac7c9"
DOCKER_REPO_ADMIN_ID: "c5d80db8745fcd7a1510c3fba5c65582cfc2453d2b1eeb292abe79eb1351cf5c"
DOCKER_REPO_NGINX_ID: "bf3d3247f5c2be73bbe830cddbae445c29e4fcc9e2fb4b4d39abf86a2740098b"
DOCKER_REPO_K8SPROXY_ID: "bdad34c1202b2bbf8a460b66da08b2c1c1eea5864b29508782c00da145eb1fcd"
DOCKER_REPO_SSO_ID: "97a5f6d29b255ff709ec63faad27c2f76246f006563bf3ecbb71547325c05815"
DOCKER_REPO_PORTAL_ID: "4f358aa0a41c9a6650f5d2f907c2de418df34ddf3ee45e0994be7cc2dcd0b56e"
DOCKER_REPO_MSSQL_ID: "30a44d7efbe48d30ed06abef003d2d8990205dad6a034617cddc03548f8c084e"

View File

@ -21,6 +21,7 @@ then
docker push bitwarden/events:$TAG
docker push bitwarden/admin:$TAG
docker push bitwarden/nginx:$TAG
docker push bitwarden/k8s-proxy:$TAG
docker push bitwarden/sso:$TAG
docker push bitwarden/portal:$TAG
docker push bitwarden/mssql:$TAG
@ -40,6 +41,7 @@ then
docker tag bitwarden/events bitwarden/events:$TAG
docker tag bitwarden/admin bitwarden/admin:$TAG
docker tag bitwarden/nginx bitwarden/nginx:$TAG
docker tag bitwarden/nginx bitwarden/k8s-proxy:$TAG
docker tag bitwarden/sso bitwarden/sso:$TAG
docker tag bitwarden/portal bitwarden/portal:$TAG
docker tag bitwarden/mssql bitwarden/mssql:$TAG

View File

@ -6,3 +6,4 @@
!security-headers-ssl.conf
!mime.types
!logrotate.sh
!setup-bwuser.sh

40
util/Nginx/Dockerfile-k8s Normal file
View File

@ -0,0 +1,40 @@
FROM nginx:1.18
LABEL com.bitwarden.product="bitwarden"
ENV USERNAME="bitwarden"
ENV GROUPNAME="bitwarden"
RUN apt-get update && \
apt-get install -y --no-install-recommends \
gosu \
curl && \
rm -rf /var/lib/apt/lists/*
COPY nginx.conf /etc/nginx/nginx.conf
COPY proxy.conf /etc/nginx/proxy.conf
COPY mime.types /etc/nginx/mime.types
COPY security-headers.conf /etc/nginx/security-headers.conf
COPY security-headers-ssl.conf /etc/nginx/security-headers.conf
COPY setup-bwuser.sh /
EXPOSE 8000
EXPOSE 8080
EXPOSE 8443
RUN chmod +x /setup-bwuser.sh
RUN ./setup-bwuser.sh $USERNAME $GROUPNAME
RUN mkdir -p /var/run/nginx && \
touch /var/run/nginx/nginx.pid
RUN chown -R $USERNAME:$GROUPNAME /var/run/nginx && \
chown -R $USERNAME:$GROUPNAME /var/cache/nginx && \
chown -R $USERNAME:$GROUPNAME /var/log/nginx
HEALTHCHECK CMD curl --insecure -Lfs https://localhost:8443/alive || curl -Lfs http://localhost:8080/alive || exit 1
USER bitwarden

View File

@ -8,3 +8,9 @@ echo -e "\n## Building Nginx"
echo -e "\nBuilding docker image"
docker --version
docker build -t bitwarden/nginx "$DIR/."
echo -e "\n## Building k8s-proxy"
echo -e "\nBuilding docker image"
docker build -f $DIR/Dockerfile-k8s -t bitwarden/k8s-proxy "$DIR/."

View File

@ -0,0 +1,39 @@
#!/bin/bash
# Setup
if [ -n $1 ]; then
USERNAME=$1
else
echo "[!] setup-bwuser.sh is missing username"
exit 1
fi
if [ -n $2 ]; then
GROUPNAME=$2
else
echo "[!] setup-bwuser.sh is missing groupname"
exit 1
fi
LUID=${LOCAL_UID:-0}
LGID=${LOCAL_GID:-0}
# Step down from host root to well-known nobody/nogroup user
if [ $LUID -eq 0 ]
then
LUID=65534
fi
if [ $LGID -eq 0 ]
then
LGID=65534
fi
# Create user and group
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
mkhomedir_helper $USERNAME