K8s Proxy CI Build (#1233)

* adding the new k8s-proxy container to the server build * updating the file path fore the new dockerfile
2025-06-30 07:36:14 -05:00 · 2021-03-23 11:19:01 -07:00
parent 07f37d1f74
commit 7bb26a7203
6 changed files with 90 additions and 0 deletions
--- a/util/Nginx/.dockerignore
+++ b/util/Nginx/.dockerignore
@ -6,3 +6,4 @@
 !security-headers-ssl.conf
 !mime.types
 !logrotate.sh
+!setup-bwuser.sh
--- a/util/Nginx/Dockerfile-k8s
+++ b/util/Nginx/Dockerfile-k8s
@ -0,0 +1,40 @@
+FROM nginx:1.18
+
+LABEL com.bitwarden.product="bitwarden"
+
+ENV USERNAME="bitwarden"
+ENV GROUPNAME="bitwarden"
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        gosu \
+        curl && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY proxy.conf /etc/nginx/proxy.conf
+COPY mime.types /etc/nginx/mime.types
+COPY security-headers.conf /etc/nginx/security-headers.conf
+COPY security-headers-ssl.conf /etc/nginx/security-headers.conf
+
+COPY setup-bwuser.sh /
+
+EXPOSE 8000
+
+EXPOSE 8080
+EXPOSE 8443
+
+RUN chmod +x /setup-bwuser.sh
+
+RUN ./setup-bwuser.sh $USERNAME $GROUPNAME
+
+RUN mkdir -p /var/run/nginx && \
+    touch /var/run/nginx/nginx.pid
+RUN chown -R $USERNAME:$GROUPNAME /var/run/nginx && \
+    chown -R $USERNAME:$GROUPNAME /var/cache/nginx && \
+    chown -R $USERNAME:$GROUPNAME /var/log/nginx
+    
+
+HEALTHCHECK CMD curl --insecure -Lfs https://localhost:8443/alive || curl -Lfs http://localhost:8080/alive || exit 1
+
+USER bitwarden
--- a/util/Nginx/build.sh
+++ b/util/Nginx/build.sh
@ -8,3 +8,9 @@ echo -e "\n## Building Nginx"
 echo -e "\nBuilding docker image"
 docker --version
 docker build -t bitwarden/nginx "$DIR/."
+
+
+echo -e "\n## Building k8s-proxy"
+
+echo -e "\nBuilding docker image"
+docker build -f $DIR/Dockerfile-k8s -t bitwarden/k8s-proxy "$DIR/."
--- a/util/Nginx/setup-bwuser.sh
+++ b/util/Nginx/setup-bwuser.sh
@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Setup
+
+
+if [ -n $1 ]; then
+    USERNAME=$1
+else
+    echo "[!] setup-bwuser.sh is missing username"
+    exit 1
+fi
+if [ -n $2 ]; then
+    GROUPNAME=$2
+else
+    echo "[!] setup-bwuser.sh is missing groupname"
+    exit 1
+fi
+
+LUID=${LOCAL_UID:-0}
+LGID=${LOCAL_GID:-0}
+
+# Step down from host root to well-known nobody/nogroup user
+
+if [ $LUID -eq 0 ]
+then
+    LUID=65534
+fi
+if [ $LGID -eq 0 ]
+then
+    LGID=65534
+fi
+
+# Create user and group
+
+groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
+groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
+useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
+usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
+mkhomedir_helper $USERNAME