feat(transparent) adjust the test container to allow transparent prox…

…ying (#29) * fix(transparent) adjust Kong test container so it will build a transparent proxy compatible container * mend * tests(Ubuntu) add setcap * test(AWS) Amazon linux doesn't include tar by default * test(AmazonLinux) need to install gzip * test(alpine) add setcap to the alpine test container * test(aws) amazonlinux needs shadow-utils installed * chore(gitignore) * fix(rhel) hostname is a dependency
Kong · Mar 28, 2019 · f94e9a2 · f94e9a2
1 parent 3181745
commit f94e9a2
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 6 deletions.
diff --git a/test/Dockerfile.alpine b/test/Dockerfile.alpine
@@ -6,11 +6,12 @@ ARG KONG_PACKAGE_NAME="kong"
 LABEL maintainer="Kong Core Team <team-core@konghq.com>"
 
 RUN apk add --no-cache --virtual .build-deps tar ca-certificates \
-	&& apk add --no-cache libgcc pcre perl tzdata bash
+	&& apk add --no-cache libgcc pcre perl tzdata bash su-exec libcap
 
 COPY output/${KONG_PACKAGE_NAME}-${KONG_VERSION}.apk.tar.gz kong.apk.tar.gz
 
-RUN tar -xzf kong.apk.tar.gz -C /tmp \
+RUN adduser -Su 1337 kong \
+  && tar -xzf kong.apk.tar.gz -C /tmp \
 	&& rm -f kong.tar.gz \
 	&& cp -R /tmp/usr / \
 	&& rm -rf /tmp/usr \

diff --git a/test/Dockerfile.deb b/test/Dockerfile.deb
@@ -7,7 +7,15 @@ ARG KONG_VERSION="0.0.0"
 ARG KONG_PACKAGE_NAME="kong"
 ARG RESTY_IMAGE_TAG
 
-RUN apt-get update && apt-get install -y perl
+ARG SU_EXEC_VERSION=0.2
+ARG SU_EXEC_URL="https://github.com/ncopa/su-exec/archive/v${SU_EXEC_VERSION}.tar.gz"
+
+RUN apt-get update && apt-get install -y perl curl gcc build-essential libcap2-bin
+
+RUN curl -sL "${SU_EXEC_URL}" | tar -C /tmp -zxf - \
+  && make -C "/tmp/su-exec-${SU_EXEC_VERSION}" \
+  && cp "/tmp/su-exec-${SU_EXEC_VERSION}/su-exec" /usr/bin \
+  && useradd --uid 1337 kong
 
 COPY output/${KONG_PACKAGE_NAME}-${KONG_VERSION}.${RESTY_IMAGE_TAG}.all.deb /kong.deb
 

diff --git a/test/Dockerfile.rpm b/test/Dockerfile.rpm
@@ -7,14 +7,17 @@ ARG KONG_VERSION="0.0.0"
 ARG KONG_PACKAGE_NAME="kong"
 ARG RESTY_IMAGE_TAG
 
+ARG SU_EXEC_VERSION=0.2
+ARG SU_EXEC_URL="https://github.com/ncopa/su-exec/archive/v${SU_EXEC_VERSION}.tar.gz"
+
 ARG REDHAT_USERNAME
 ARG REDHAT_PASSWORD
 ARG RHEL="false"
 
 RUN if [ "$RHEL" = "true" ] ; then subscription-manager register --username ${REDHAT_USERNAME} --password ${REDHAT_PASSWORD} --auto-attach ; fi
 RUN if [ "$RHEL" = "true" ] ; then yum-config-manager --enable 'rhel-*-server-optional-rpms' ; fi
 
-RUN yum -y install perl perl-Time-HiRes hostname
+RUN yum -y install perl perl-Time-HiRes gcc make unzip tar gzip shadow-utils hostname
 
 RUN if [ "$RHEL" = "true" ] ; then \
   subscription-manager remove --all \
@@ -24,7 +27,11 @@ RUN if [ "$RHEL" = "true" ] ; then \
 
 COPY output/kong.rpm /kong.rpm
 
-RUN rpm -i kong.rpm
+RUN rpm -i kong.rpm \
+  && curl -sL "${SU_EXEC_URL}" | tar -C /tmp -zxf - \
+  && make -C "/tmp/su-exec-${SU_EXEC_VERSION}" \
+  && cp "/tmp/su-exec-${SU_EXEC_VERSION}/su-exec" /usr/bin \
+  && useradd --uid 1337 kong
 
 COPY test/docker-entrypoint.sh /docker-entrypoint.sh
 ENTRYPOINT ["/docker-entrypoint.sh"]

diff --git a/test/docker-entrypoint.sh b/test/docker-entrypoint.sh
@@ -9,8 +9,14 @@ if [[ "$1" == "kong" ]]; then
 
   if [[ "$2" == "docker-start" ]]; then
     kong prepare -p $PREFIX
+    chown -R kong $PREFIX
+
+    chmod o+w /proc/self/fd/1
+    chmod o+w /proc/self/fd/2
+
+    setcap cap_net_raw=+ep /usr/local/openresty/nginx/sbin/nginx
 
-    exec /usr/local/openresty/nginx/sbin/nginx \
+    exec su-exec kong /usr/local/openresty/nginx/sbin/nginx \
       -p $PREFIX \
       -c nginx.conf
   fi