DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove setcap and use authbind instead

Browse source
This commit is contained in:
Manuel de Brito Fontes 2018-07-16 14:20:59 -04:00 committed by Manuel Alejandro de Brito Fontes
parent 237dcd7aa7
commit 7210518f80
No known key found for this signature in database
GPG key ID: 786136016A8BA02A
4 changed files with 59 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

31
rootfs/Dockerfile
View file

@ -25,35 +25,6 @@ RUN clean-install \
COPY . /
# Create symlinks to redirect nginx logs to stdout and stderr docker log collector
# This only works if nginx is started with CMD or ENTRYPOINT
# Required because clean-install removes /var/log content
# We cannot chown /etc/nginx recursively because that adds 100MB to the image
RUN mkdir -p /var/log/nginx \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& bash -eux -c ' \
writeDirs=( \
/etc/nginx/template \
/etc/ingress-controller/ssl \
/etc/ingress-controller/auth \
/var/log \
/var/log/nginx \
); \
for dir in "${writeDirs[@]}"; do \
mkdir -p ${dir}; \
chown -R www-data.www-data ${dir}; \
done \
' \
&& chown www-data.www-data /etc/nginx/nginx.conf \
&& chown www-data.www-data /etc/nginx/opentracing.json
RUN setcap cap_net_bind_service=+ep /nginx-ingress-controller \
&& setcap -v cap_net_bind_service=+ep /nginx-ingress-controller
USER www-data
ENTRYPOINT ["/usr/bin/dumb-init"]
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/nginx-ingress-controller"]