Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Build and use custom nginx container #798

Closed
sjberman opened this issue Jun 28, 2023 · 0 comments · Fixed by #934
Closed

Build and use custom nginx container #798

sjberman opened this issue Jun 28, 2023 · 0 comments · Fixed by #934
Assignees
Labels
enhancement New feature or request refined Requirements are refined and the issue is ready to be implemented.
Milestone

Comments

@sjberman
Copy link
Collaborator

sjberman commented Jun 28, 2023

Is your enhancement request related to a problem? Please describe.
Right now our deployment simply uses the publicly available nginx image. While convenient, there are some downsides of this.

  • Users have to create a ConfigMap containing our custom http matching module, which gets mounted as a volume into the nginx container. This pattern would be repeated for any new modules that we would add. If the ConfigMap is forgotten, the Pod fails to start.
  • We have to run an init container to set the proper permissions on the /etc/nginx directory so that it can be written to.

What would you like to be added:
The remedy for this is to package and distribute our own data plane container image. We would use the public nginx image as the base, and build on top of that.

Why this is needed:
This solves the issues mentioned under the problem above.

Additional context

  • Custom modules are packaged directly into the image, removing the need for ConfigMaps and volume mounts
  • Directory permissions are defined in the image itself, removing the need for an init container

See discussion #754 for more context.

A/C:

  • build custom data plane image, using public nginx image as the base (can we use alpine nginx to reduce size?)
  • image should package modules and set directory permissions
  • image should be built and distributed in the pipeline the same way that the control plane image is handled
  • remove init container and unnecessary volume mounts
  • The custom nginx container does NOT run as root
  • Ensure unix capabilities are the minimum required
  • update documentation
    • remove references to modules ConfigMap
    • update any docs that reference the data plane image if necessary
    • update the architecture doc
@sjberman sjberman added the enhancement New feature or request label Jun 28, 2023
@sjberman sjberman added this to the v1.0.0 milestone Jun 28, 2023
@mpstefan mpstefan modified the milestones: v1.0.0, v0.6.0 Jun 28, 2023
@mpstefan mpstefan added the refined Requirements are refined and the issue is ready to be implemented. label Jul 24, 2023
@kate-osborn kate-osborn self-assigned this Jul 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request refined Requirements are refined and the issue is ready to be implemented.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants