[DEV] Fix permission issue with dev workflow. (#1033)

* [DEV] Fix permission issue with dev workflow.

nginx backend was facing permission denied errors because the permissions of the html
files were too restricted. Moreover those files were added to the docker image while they
could just be mounted as other services.

* Fix Kubernetes integration test

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

internal/suites/example/compose/nginx/backend/Dockerfile

@@ -1,4 +0,0 @@
-FROM nginx:alpine
-
-ADD html /usr/share/nginx/html
-ADD nginx.conf /etc/nginx/nginx.conf

internal/suites/example/compose/nginx/backend/docker-compose.yml

@@ -1,8 +1,7 @@
 version: '3'
 services:
   nginx-backend:
-    build:
-      context: ./example/compose/nginx/backend
+    image: nginx:alpine
     labels:
       - 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x
       - 'traefik.frontend.auth.forward.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x
@@ -17,5 +16,8 @@ services:
       - 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x
       - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x
       - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x
+    volumes:
+      - ./example/compose/nginx/backend/html:/usr/share/nginx/html
+      - ./example/compose/nginx/backend/nginx.conf:/etc/nginx/nginx.conf
     networks:
       - authelianet

internal/suites/example/kube/apps/apps.yml

@@ -17,11 +17,33 @@ spec:
         app: test-app
     spec:
       containers:
-        - name: test-app
-          imagePullPolicy: Never
-          image: nginx-backend
-          ports:
-            - containerPort: 80
+      - name: test-app
+        image: nginx:alpine
+        command: ["/entrypoint.sh"]
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: config-volume
+          mountPath: /entrypoint.sh
+          subPath: entrypoint.sh
+        - name: config-volume
+          mountPath: /etc/nginx/nginx.conf
+          subPath: nginx.conf
+        - name: config-volume
+          mountPath: /tmp/html.tar.gz
+          subPath: html.tar.gz
+      volumes:
+      - name: config-volume
+        configMap:
+          name: nginx-config
+          items:
+            - key: entrypoint.sh
+              path: entrypoint.sh
+              mode: 0755
+            - key: nginx.conf
+              path: nginx.conf
+            - key: html.tar.gz
+              path: html.tar.gz
 
 ---
 apiVersion: v1

internal/suites/example/kube/apps/configs/entrypoint.sh

@@ -0,0 +1,5 @@
+#! /bin/sh
+
+rm -rf /usr/share/nginx/html && \
+tar xfz /tmp/html.tar.gz -C /usr/share/nginx/ && \
+nginx "-g daemon off;"

internal/suites/example/kube/apps/configs/nginx.conf

@@ -0,0 +1,51 @@
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    server {
+        listen 80;
+        root /usr/share/nginx/html/home;
+        server_name     home.example.com;
+    }
+
+    server {
+        listen 80;
+        root /usr/share/nginx/html/public;
+        server_name     public.example.com;
+    }
+
+    server {
+        listen 80;
+        root /usr/share/nginx/html/secure;
+        server_name     secure.example.com;
+    }
+
+    server {
+        listen 80;
+        root /usr/share/nginx/html/admin;
+        server_name     admin.example.com;
+    }
+
+    server {
+        listen 80;
+        root /usr/share/nginx/html/dev;
+        server_name     dev.example.com;
+    }
+
+    server {
+        listen 80;
+        root /usr/share/nginx/html/mail;
+        server_name     mx1.mail.example.com mx2.mail.example.com;
+    }
+
+    server {
+        listen 80;
+        root /usr/share/nginx/html/singlefactor;
+        server_name     singlefactor.example.com;
+    }
+}
+

internal/suites/example/kube/bootstrap.sh

@@ -3,6 +3,7 @@
 start_apps() {                                                                                  
   # Create TLS certificate and key for HTTPS termination                          
   kubectl create secret generic test-app-tls --namespace=authelia --from-file=apps/ssl/server.key --from-file=apps/ssl/server.cert
+  kubectl create configmap nginx-config --namespace=authelia --from-file=apps/configs/entrypoint.sh --from-file=apps/configs/nginx.conf --from-file=apps/configs/html.tar.gz
   
   # Spawn the applications
   kubectl apply -f apps

internal/suites/suite_kubernetes.go

@@ -22,11 +22,6 @@ func init() {
 			return err
 		}
 
-		cmd = utils.Shell("docker build -t nginx-backend internal/suites/example/compose/nginx/backend")
-		if err := cmd.Run(); err != nil {
-			return err
-		}
-
 		exists, err := kind.ClusterExists()
 
 		if err != nil {
@@ -115,7 +110,7 @@ func init() {
 
 func loadDockerImages() error {
 	kind := Kind{}
-	images := []string{"authelia:dist", "nginx-backend"}
+	images := []string{"authelia:dist"}
 
 	for _, image := range images {
 		err := kind.LoadImage(image)