mirror of
https://github.com/bitwarden/server.git
synced 2025-04-05 05:00:19 -05:00
K8s Proxy CI Build (#1233)
* adding the new k8s-proxy container to the server build * updating the file path fore the new dockerfile
This commit is contained in:
Joseph Flinn
GitHub
parent
07f37d1f74
commit
7bb26a7203
2
.github/workflows/build.yml
vendored
2
.github/workflows/build.yml
vendored
@ -75,6 +75,7 @@ jobs:
|
|||||||
echo "${{ secrets.DOCKER_REPO_EVENTS_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_EVENTS_ID.key
|
echo "${{ secrets.DOCKER_REPO_EVENTS_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_EVENTS_ID.key
|
||||||
echo "${{ secrets.DOCKER_REPO_ADMIN_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_ADMIN_ID.key
|
echo "${{ secrets.DOCKER_REPO_ADMIN_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_ADMIN_ID.key
|
||||||
echo "${{ secrets.DOCKER_REPO_NGINX_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_NGINX_ID.key
|
echo "${{ secrets.DOCKER_REPO_NGINX_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_NGINX_ID.key
|
||||||
|
echo "${{ secrets.DOCKER_REPO_K8SPROXY_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_K8SPROXY_ID.key
|
||||||
echo "${{ secrets.DOCKER_REPO_SSO_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_SSO_ID.key
|
echo "${{ secrets.DOCKER_REPO_SSO_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_SSO_ID.key
|
||||||
echo "${{ secrets.DOCKER_REPO_PORTAL_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_PORTAL_ID.key
|
echo "${{ secrets.DOCKER_REPO_PORTAL_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_PORTAL_ID.key
|
||||||
echo "${{ secrets.DOCKER_REPO_MSSQL_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_MSSQL_ID.key
|
echo "${{ secrets.DOCKER_REPO_MSSQL_KEY }}" > ~/.docker/trust/private/$DOCKER_REPO_MSSQL_ID.key
|
||||||
@ -90,6 +91,7 @@ jobs:
|
|||||||
DOCKER_REPO_EVENTS_ID: "1020320052e6247f3c5fbfc2a3bfb0efc7e247f8a5a187dc03f60848359ac7c9"
|
DOCKER_REPO_EVENTS_ID: "1020320052e6247f3c5fbfc2a3bfb0efc7e247f8a5a187dc03f60848359ac7c9"
|
||||||
DOCKER_REPO_ADMIN_ID: "c5d80db8745fcd7a1510c3fba5c65582cfc2453d2b1eeb292abe79eb1351cf5c"
|
DOCKER_REPO_ADMIN_ID: "c5d80db8745fcd7a1510c3fba5c65582cfc2453d2b1eeb292abe79eb1351cf5c"
|
||||||
DOCKER_REPO_NGINX_ID: "bf3d3247f5c2be73bbe830cddbae445c29e4fcc9e2fb4b4d39abf86a2740098b"
|
DOCKER_REPO_NGINX_ID: "bf3d3247f5c2be73bbe830cddbae445c29e4fcc9e2fb4b4d39abf86a2740098b"
|
||||||
|
DOCKER_REPO_K8SPROXY_ID: "bdad34c1202b2bbf8a460b66da08b2c1c1eea5864b29508782c00da145eb1fcd"
|
||||||
DOCKER_REPO_SSO_ID: "97a5f6d29b255ff709ec63faad27c2f76246f006563bf3ecbb71547325c05815"
|
DOCKER_REPO_SSO_ID: "97a5f6d29b255ff709ec63faad27c2f76246f006563bf3ecbb71547325c05815"
|
||||||
DOCKER_REPO_PORTAL_ID: "4f358aa0a41c9a6650f5d2f907c2de418df34ddf3ee45e0994be7cc2dcd0b56e"
|
DOCKER_REPO_PORTAL_ID: "4f358aa0a41c9a6650f5d2f907c2de418df34ddf3ee45e0994be7cc2dcd0b56e"
|
||||||
DOCKER_REPO_MSSQL_ID: "30a44d7efbe48d30ed06abef003d2d8990205dad6a034617cddc03548f8c084e"
|
DOCKER_REPO_MSSQL_ID: "30a44d7efbe48d30ed06abef003d2d8990205dad6a034617cddc03548f8c084e"
|
||||||
|
|||||||
2
build.sh
2
build.sh
@ -21,6 +21,7 @@ then
|
|||||||
docker push bitwarden/events:$TAG
|
docker push bitwarden/events:$TAG
|
||||||
docker push bitwarden/admin:$TAG
|
docker push bitwarden/admin:$TAG
|
||||||
docker push bitwarden/nginx:$TAG
|
docker push bitwarden/nginx:$TAG
|
||||||
|
docker push bitwarden/k8s-proxy:$TAG
|
||||||
docker push bitwarden/sso:$TAG
|
docker push bitwarden/sso:$TAG
|
||||||
docker push bitwarden/portal:$TAG
|
docker push bitwarden/portal:$TAG
|
||||||
docker push bitwarden/mssql:$TAG
|
docker push bitwarden/mssql:$TAG
|
||||||
@ -40,6 +41,7 @@ then
|
|||||||
docker tag bitwarden/events bitwarden/events:$TAG
|
docker tag bitwarden/events bitwarden/events:$TAG
|
||||||
docker tag bitwarden/admin bitwarden/admin:$TAG
|
docker tag bitwarden/admin bitwarden/admin:$TAG
|
||||||
docker tag bitwarden/nginx bitwarden/nginx:$TAG
|
docker tag bitwarden/nginx bitwarden/nginx:$TAG
|
||||||
|
docker tag bitwarden/nginx bitwarden/k8s-proxy:$TAG
|
||||||
docker tag bitwarden/sso bitwarden/sso:$TAG
|
docker tag bitwarden/sso bitwarden/sso:$TAG
|
||||||
docker tag bitwarden/portal bitwarden/portal:$TAG
|
docker tag bitwarden/portal bitwarden/portal:$TAG
|
||||||
docker tag bitwarden/mssql bitwarden/mssql:$TAG
|
docker tag bitwarden/mssql bitwarden/mssql:$TAG
|
||||||
|
|||||||
@ -6,3 +6,4 @@
|
|||||||
!security-headers-ssl.conf
|
!security-headers-ssl.conf
|
||||||
!mime.types
|
!mime.types
|
||||||
!logrotate.sh
|
!logrotate.sh
|
||||||
|
!setup-bwuser.sh
|
||||||
|
|||||||
40
util/Nginx/Dockerfile-k8s
Normal file
40
util/Nginx/Dockerfile-k8s
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
FROM nginx:1.18
|
||||||
|
|
||||||
|
LABEL com.bitwarden.product="bitwarden"
|
||||||
|
|
||||||
|
ENV USERNAME="bitwarden"
|
||||||
|
ENV GROUPNAME="bitwarden"
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y --no-install-recommends \
|
||||||
|
gosu \
|
||||||
|
curl && \
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
COPY nginx.conf /etc/nginx/nginx.conf
|
||||||
|
COPY proxy.conf /etc/nginx/proxy.conf
|
||||||
|
COPY mime.types /etc/nginx/mime.types
|
||||||
|
COPY security-headers.conf /etc/nginx/security-headers.conf
|
||||||
|
COPY security-headers-ssl.conf /etc/nginx/security-headers.conf
|
||||||
|
|
||||||
|
COPY setup-bwuser.sh /
|
||||||
|
|
||||||
|
EXPOSE 8000
|
||||||
|
|
||||||
|
EXPOSE 8080
|
||||||
|
EXPOSE 8443
|
||||||
|
|
||||||
|
RUN chmod +x /setup-bwuser.sh
|
||||||
|
|
||||||
|
RUN ./setup-bwuser.sh $USERNAME $GROUPNAME
|
||||||
|
|
||||||
|
RUN mkdir -p /var/run/nginx && \
|
||||||
|
touch /var/run/nginx/nginx.pid
|
||||||
|
RUN chown -R $USERNAME:$GROUPNAME /var/run/nginx && \
|
||||||
|
chown -R $USERNAME:$GROUPNAME /var/cache/nginx && \
|
||||||
|
chown -R $USERNAME:$GROUPNAME /var/log/nginx
|
||||||
|
|
||||||
|
|
||||||
|
HEALTHCHECK CMD curl --insecure -Lfs https://localhost:8443/alive || curl -Lfs http://localhost:8080/alive || exit 1
|
||||||
|
|
||||||
|
USER bitwarden
|
||||||
@ -8,3 +8,9 @@ echo -e "\n## Building Nginx"
|
|||||||
echo -e "\nBuilding docker image"
|
echo -e "\nBuilding docker image"
|
||||||
docker --version
|
docker --version
|
||||||
docker build -t bitwarden/nginx "$DIR/."
|
docker build -t bitwarden/nginx "$DIR/."
|
||||||
|
|
||||||
|
|
||||||
|
echo -e "\n## Building k8s-proxy"
|
||||||
|
|
||||||
|
echo -e "\nBuilding docker image"
|
||||||
|
docker build -f $DIR/Dockerfile-k8s -t bitwarden/k8s-proxy "$DIR/."
|
||||||
|
|||||||
39
util/Nginx/setup-bwuser.sh
Normal file
39
util/Nginx/setup-bwuser.sh
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Setup
|
||||||
|
|
||||||
|
|
||||||
|
if [ -n $1 ]; then
|
||||||
|
USERNAME=$1
|
||||||
|
else
|
||||||
|
echo "[!] setup-bwuser.sh is missing username"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -n $2 ]; then
|
||||||
|
GROUPNAME=$2
|
||||||
|
else
|
||||||
|
echo "[!] setup-bwuser.sh is missing groupname"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
LUID=${LOCAL_UID:-0}
|
||||||
|
LGID=${LOCAL_GID:-0}
|
||||||
|
|
||||||
|
# Step down from host root to well-known nobody/nogroup user
|
||||||
|
|
||||||
|
if [ $LUID -eq 0 ]
|
||||||
|
then
|
||||||
|
LUID=65534
|
||||||
|
fi
|
||||||
|
if [ $LGID -eq 0 ]
|
||||||
|
then
|
||||||
|
LGID=65534
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create user and group
|
||||||
|
|
||||||
|
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
|
||||||
|
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
|
||||||
|
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
|
||||||
|
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
|
||||||
|
mkhomedir_helper $USERNAME
|
||||||
Loading…
x
Reference in New Issue
Block a user