[DEV] Fix permission issue with dev workflow. (#1033)

* [DEV] Fix permission issue with dev workflow.

nginx backend was facing permission denied errors because the permissions of the html
files were too restricted. Moreover those files were added to the docker image while they
could just be mounted as other services.

* Fix Kubernetes integration test

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
pull/938/head^2
Clément Michaud 2020-05-21 06:35:22 +02:00 committed by GitHub
parent 7488206195
commit b264e63235
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 89 additions and 17 deletions

View File

@ -1,4 +0,0 @@
FROM nginx:alpine
ADD html /usr/share/nginx/html
ADD nginx.conf /etc/nginx/nginx.conf

View File

@ -1,8 +1,7 @@
version: '3' version: '3'
services: services:
nginx-backend: nginx-backend:
build: image: nginx:alpine
context: ./example/compose/nginx/backend
labels: labels:
- 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x - 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x
- 'traefik.frontend.auth.forward.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x - 'traefik.frontend.auth.forward.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x
@ -17,5 +16,8 @@ services:
- 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x - 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x
volumes:
- ./example/compose/nginx/backend/html:/usr/share/nginx/html
- ./example/compose/nginx/backend/nginx.conf:/etc/nginx/nginx.conf
networks: networks:
- authelianet - authelianet

View File

Before

Width:  |  Height:  |  Size: 1.4 KiB

After

Width:  |  Height:  |  Size: 1.4 KiB

View File

@ -17,11 +17,33 @@ spec:
app: test-app app: test-app
spec: spec:
containers: containers:
- name: test-app - name: test-app
imagePullPolicy: Never image: nginx:alpine
image: nginx-backend command: ["/entrypoint.sh"]
ports: ports:
- containerPort: 80 - containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /entrypoint.sh
subPath: entrypoint.sh
- name: config-volume
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: config-volume
mountPath: /tmp/html.tar.gz
subPath: html.tar.gz
volumes:
- name: config-volume
configMap:
name: nginx-config
items:
- key: entrypoint.sh
path: entrypoint.sh
mode: 0755
- key: nginx.conf
path: nginx.conf
- key: html.tar.gz
path: html.tar.gz
--- ---
apiVersion: v1 apiVersion: v1

View File

@ -0,0 +1,5 @@
#! /bin/sh
rm -rf /usr/share/nginx/html && \
tar xfz /tmp/html.tar.gz -C /usr/share/nginx/ && \
nginx "-g daemon off;"

View File

@ -0,0 +1,51 @@
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
root /usr/share/nginx/html/home;
server_name home.example.com;
}
server {
listen 80;
root /usr/share/nginx/html/public;
server_name public.example.com;
}
server {
listen 80;
root /usr/share/nginx/html/secure;
server_name secure.example.com;
}
server {
listen 80;
root /usr/share/nginx/html/admin;
server_name admin.example.com;
}
server {
listen 80;
root /usr/share/nginx/html/dev;
server_name dev.example.com;
}
server {
listen 80;
root /usr/share/nginx/html/mail;
server_name mx1.mail.example.com mx2.mail.example.com;
}
server {
listen 80;
root /usr/share/nginx/html/singlefactor;
server_name singlefactor.example.com;
}
}

View File

@ -3,6 +3,7 @@
start_apps() { start_apps() {
# Create TLS certificate and key for HTTPS termination # Create TLS certificate and key for HTTPS termination
kubectl create secret generic test-app-tls --namespace=authelia --from-file=apps/ssl/server.key --from-file=apps/ssl/server.cert kubectl create secret generic test-app-tls --namespace=authelia --from-file=apps/ssl/server.key --from-file=apps/ssl/server.cert
kubectl create configmap nginx-config --namespace=authelia --from-file=apps/configs/entrypoint.sh --from-file=apps/configs/nginx.conf --from-file=apps/configs/html.tar.gz
# Spawn the applications # Spawn the applications
kubectl apply -f apps kubectl apply -f apps

View File

@ -22,11 +22,6 @@ func init() {
return err return err
} }
cmd = utils.Shell("docker build -t nginx-backend internal/suites/example/compose/nginx/backend")
if err := cmd.Run(); err != nil {
return err
}
exists, err := kind.ClusterExists() exists, err := kind.ClusterExists()
if err != nil { if err != nil {
@ -115,7 +110,7 @@ func init() {
func loadDockerImages() error { func loadDockerImages() error {
kind := Kind{} kind := Kind{}
images := []string{"authelia:dist", "nginx-backend"} images := []string{"authelia:dist"}
for _, image := range images { for _, image := range images {
err := kind.LoadImage(image) err := kind.LoadImage(image)