mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
K8s Proxy CI Build (#1233)
* adding the new k8s-proxy container to the server build * updating the file path fore the new dockerfile
This commit is contained in:
parent
07f37d1f74
commit
7bb26a7203
2
.github/workflows/build.yml
vendored
2
.github/workflows/build.yml
vendored
@ -75,6 +75,7 @@ jobs:
|
||||
echo "${{ secrets.DOCKER_REPO_EVENTS_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_EVENTS_ID.key
|
||||
echo "${{ secrets.DOCKER_REPO_ADMIN_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_ADMIN_ID.key
|
||||
echo "${{ secrets.DOCKER_REPO_NGINX_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_NGINX_ID.key
|
||||
echo "${{ secrets.DOCKER_REPO_K8SPROXY_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_K8SPROXY_ID.key
|
||||
echo "${{ secrets.DOCKER_REPO_SSO_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_SSO_ID.key
|
||||
echo "${{ secrets.DOCKER_REPO_PORTAL_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_PORTAL_ID.key
|
||||
echo "${{ secrets.DOCKER_REPO_MSSQL_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_MSSQL_ID.key
|
||||
@ -90,6 +91,7 @@ jobs:
|
||||
DOCKER_REPO_EVENTS_ID: "1020320052e6247f3c5fbfc2a3bfb0efc7e247f8a5a187dc03f60848359ac7c9"
|
||||
DOCKER_REPO_ADMIN_ID: "c5d80db8745fcd7a1510c3fba5c65582cfc2453d2b1eeb292abe79eb1351cf5c"
|
||||
DOCKER_REPO_NGINX_ID: "bf3d3247f5c2be73bbe830cddbae445c29e4fcc9e2fb4b4d39abf86a2740098b"
|
||||
DOCKER_REPO_K8SPROXY_ID: "bdad34c1202b2bbf8a460b66da08b2c1c1eea5864b29508782c00da145eb1fcd"
|
||||
DOCKER_REPO_SSO_ID: "97a5f6d29b255ff709ec63faad27c2f76246f006563bf3ecbb71547325c05815"
|
||||
DOCKER_REPO_PORTAL_ID: "4f358aa0a41c9a6650f5d2f907c2de418df34ddf3ee45e0994be7cc2dcd0b56e"
|
||||
DOCKER_REPO_MSSQL_ID: "30a44d7efbe48d30ed06abef003d2d8990205dad6a034617cddc03548f8c084e"
|
||||
|
2
build.sh
2
build.sh
@ -21,6 +21,7 @@ then
|
||||
docker push bitwarden/events:$TAG
|
||||
docker push bitwarden/admin:$TAG
|
||||
docker push bitwarden/nginx:$TAG
|
||||
docker push bitwarden/k8s-proxy:$TAG
|
||||
docker push bitwarden/sso:$TAG
|
||||
docker push bitwarden/portal:$TAG
|
||||
docker push bitwarden/mssql:$TAG
|
||||
@ -40,6 +41,7 @@ then
|
||||
docker tag bitwarden/events bitwarden/events:$TAG
|
||||
docker tag bitwarden/admin bitwarden/admin:$TAG
|
||||
docker tag bitwarden/nginx bitwarden/nginx:$TAG
|
||||
docker tag bitwarden/nginx bitwarden/k8s-proxy:$TAG
|
||||
docker tag bitwarden/sso bitwarden/sso:$TAG
|
||||
docker tag bitwarden/portal bitwarden/portal:$TAG
|
||||
docker tag bitwarden/mssql bitwarden/mssql:$TAG
|
||||
|
@ -6,3 +6,4 @@
|
||||
!security-headers-ssl.conf
|
||||
!mime.types
|
||||
!logrotate.sh
|
||||
!setup-bwuser.sh
|
||||
|
40
util/Nginx/Dockerfile-k8s
Normal file
40
util/Nginx/Dockerfile-k8s
Normal file
@ -0,0 +1,40 @@
|
||||
FROM nginx:1.18
|
||||
|
||||
LABEL com.bitwarden.product="bitwarden"
|
||||
|
||||
ENV USERNAME="bitwarden"
|
||||
ENV GROUPNAME="bitwarden"
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
gosu \
|
||||
curl && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
COPY proxy.conf /etc/nginx/proxy.conf
|
||||
COPY mime.types /etc/nginx/mime.types
|
||||
COPY security-headers.conf /etc/nginx/security-headers.conf
|
||||
COPY security-headers-ssl.conf /etc/nginx/security-headers.conf
|
||||
|
||||
COPY setup-bwuser.sh /
|
||||
|
||||
EXPOSE 8000
|
||||
|
||||
EXPOSE 8080
|
||||
EXPOSE 8443
|
||||
|
||||
RUN chmod +x /setup-bwuser.sh
|
||||
|
||||
RUN ./setup-bwuser.sh $USERNAME $GROUPNAME
|
||||
|
||||
RUN mkdir -p /var/run/nginx && \
|
||||
touch /var/run/nginx/nginx.pid
|
||||
RUN chown -R $USERNAME:$GROUPNAME /var/run/nginx && \
|
||||
chown -R $USERNAME:$GROUPNAME /var/cache/nginx && \
|
||||
chown -R $USERNAME:$GROUPNAME /var/log/nginx
|
||||
|
||||
|
||||
HEALTHCHECK CMD curl --insecure -Lfs https://localhost:8443/alive || curl -Lfs http://localhost:8080/alive || exit 1
|
||||
|
||||
USER bitwarden
|
@ -8,3 +8,9 @@ echo -e "\n## Building Nginx"
|
||||
echo -e "\nBuilding docker image"
|
||||
docker --version
|
||||
docker build -t bitwarden/nginx "$DIR/."
|
||||
|
||||
|
||||
echo -e "\n## Building k8s-proxy"
|
||||
|
||||
echo -e "\nBuilding docker image"
|
||||
docker build -f $DIR/Dockerfile-k8s -t bitwarden/k8s-proxy "$DIR/."
|
||||
|
39
util/Nginx/setup-bwuser.sh
Normal file
39
util/Nginx/setup-bwuser.sh
Normal file
@ -0,0 +1,39 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Setup
|
||||
|
||||
|
||||
if [ -n $1 ]; then
|
||||
USERNAME=$1
|
||||
else
|
||||
echo "[!] setup-bwuser.sh is missing username"
|
||||
exit 1
|
||||
fi
|
||||
if [ -n $2 ]; then
|
||||
GROUPNAME=$2
|
||||
else
|
||||
echo "[!] setup-bwuser.sh is missing groupname"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
LUID=${LOCAL_UID:-0}
|
||||
LGID=${LOCAL_GID:-0}
|
||||
|
||||
# Step down from host root to well-known nobody/nogroup user
|
||||
|
||||
if [ $LUID -eq 0 ]
|
||||
then
|
||||
LUID=65534
|
||||
fi
|
||||
if [ $LGID -eq 0 ]
|
||||
then
|
||||
LGID=65534
|
||||
fi
|
||||
|
||||
# Create user and group
|
||||
|
||||
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
|
||||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
|
||||
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
|
||||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
|
||||
mkhomedir_helper $USERNAME
|
Loading…
Reference in New Issue
Block a user