Merge pull request #78 from nginx/mrajagopal-utils-pod

feat: Create container image of utility tools not available in production containers

Author: dareste

.github/workflows/docker-build.yml

@@ -0,0 +1,78 @@
+name: Build and Push Docker Image For nginx-utils Container
+permissions:
+  contents: read
+  packages: write
+  actions: write
+on:
+  release:
+    types: [created]
+
+env:
+  RELEASE_VERSION: ${{ github.event.release.tag_name }}
+jobs:
+  run-on-release:
+    if: endsWith(github.event.release.tag_name, '-docker')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set Release Version
+        run: echo "RELEASE_VERSION=${RELEASE_VERSION%-docker}" >> $GITHUB_ENV     
+         
+      - name: Starting Release Build
+        run: echo "Starting Release Build for ${RELEASE_VERSION}"
+        
+      - name: Checkout code
+        uses: actions/[email protected]
+
+      - name: List repository files
+        run: ls -R .; pwd
+      - name: Set up Docker Buildx
+        uses: docker/[email protected]
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/[email protected]
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push Docker image
+        uses: docker/[email protected]
+        with:
+          context: .
+          file: nginx-utils/Dockerfile
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ghcr.io/nginx/nginx-utils:${{ env.RELEASE_VERSION }}
+            ghcr.io/nginx/nginx-utils:latest
+
+      - name: Install Trivy and scan image for vulnerabilities
+        uses: aquasecurity/[email protected]
+
+        with:
+          image-ref: ghcr.io/${{ github.repository_owner }}/nginx-utils:latest
+          format: json
+          output: vuln-report.json
+
+      - name: Upload Vulnerability Report
+        uses: actions/[email protected]
+        with:
+          name: vuln-report
+          path: vuln-report.json
+
+      - name: Update Release Notes with Docker Image Info
+        uses: softprops/[email protected]
+        with:
+          tag_name: ${{ github.event.release.tag_name }}
+          body: |
+            ## Docker Image
+            The Docker image for this release can be pulled using:
+
+            ```
+            docker pull ghcr.io/${{ github.repository_owner }}/nginx-utils:${{ github.event.release.tag_name }}
+            ```
+
+            Or use the `latest` tag:
+
+            ```
+            docker pull ghcr.io/${{ github.repository_owner }}/nginx-utils:latest
+            ```

.github/workflows/release-builder.yml

@@ -12,6 +12,7 @@ env:
 
 jobs:
   build:
+    if: endsWith(github.event.release.tag_name, '-krew')
     permissions:
       contents: write
 
@@ -22,7 +23,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set Release Version
-        run: echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
+        run: echo "RELEASE_VERSION=${RELEASE_VERSION%-krew}" >> $GITHUB_ENV
 
       - name: Set up Go
         uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0

Makefile

@@ -1,5 +1,9 @@
+.PHONY: nginx-utils build install
 build:
 	go build -o cmd/kubectl-nginx_supportpkg
 
+nginx-utils:
+	docker buildx build --build-context project=nginx-utils --platform linux/amd64 -t nginx-utils -f nginx-utils/Dockerfile .
+
 install: build
 	sudo cp cmd/kubectl-nginx_supportpkg /usr/local/bin

nginx-utils/Dockerfile

@@ -0,0 +1,27 @@
+FROM alpine:latest
+
+LABEL org.opencontainers.image.description="Container image including various troubleshooting tools such as curl, tcpdump, iperf, netcat to name a few not available in the target container"
+LABEL org.opencontainers.image.vendor="NGINX"
+LABEL org.opencontainers.image.authors="NGINX <[email protected]>"
+LABEL org.opencontainers.image.url="https://github.com/nginx/nginx-supportpkg-for-k8s/pkgs/container/nginx-utils"
+LABEL org.opencontainers.image.documentation="https://github.com/nginx/nginx-supportpkg-for-k8s/pkgs/container/nginx-utils"
+LABEL org.opencontainers.image.source="https://github.com/nginx/nginx-supportpkg-for-k8s/tree/main/nginx-utils"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+
+COPY --chmod=744 nginx-utils/api_stats.sh /root/api_stats.sh
+COPY --chmod=744 nginx-utils/memory_stats.sh /root/memory_stats.sh
+
+RUN set -ex \
+  && apk --update add --no-cache \
+  bind-tools curl netcat-openbsd iproute2 \
+  iperf tcpdump tshark bash jq \
+  && rm -rf /var/cache/apk/* \
+  && ln -s /usr/bin/iperf /usr/local/bin/iperf \
+  && ls -altrh /usr/local/bin/iperf
+
+# Setting User and Home
+USER root
+WORKDIR /root
+ENV HOSTNAME=nginx-utils
+
+CMD ["bash"]

nginx-utils/api_stats.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+# Parse command line options
+set -e
+set -o pipefail
+while getopts "p:v:h" opt; do
+  case $opt in
+    p) API_PORT="$OPTARG"
+    ;;
+    h) echo "Usage: $0 [-p port]"
+       exit 0
+    ;;
+    \?)  echo "Invalid option -$OPTARG" >&2
+    echo "Usage: $0 [-p port]"
+        exit 1
+    ;;
+  esac
+done
+
+if [ $OPTIND -eq 1 ]; then
+  echo "No options were passed, exiting ..."
+  echo "Usage: $(basename "$0") [-p port]"
+  exit 1
+fi
+
+if [ -z "${API_PORT}" ]; then
+  echo 'Missing -p arg' >&2
+  exit 1
+fi
+
+api_versions=($(curl -s http://127.0.0.1:$API_PORT/api/ | sed -e  's/\[//g' -e 's/\]//g' -e 's/\,/ /g'))
+API_VERSION=${api_versions[-1]}
+echo "API_VERSION: $API_VERSION"
+
+echo "**** /api/$API_VERSION/nginx ****" ;
+curl -s "127.0.0.1:$API_PORT/api/$API_VERSION/nginx" | jq -r '.';
+echo "";
+
+for i in /api/$API_VERSION/processes /api/$API_VERSION/connections /api/$API_VERSION/slabs /api/$API_VERSION/http/requests /api/$API_VERSION/http/server_zones /api/$API_VERSION/http/location_zones /api/$API_VERSION/http/caches /api/$API_VERSION/http/upstreams /api/$API_VERSION/http/keyvals; do
+  echo "**** $i ****" ;
+  curl -s "127.0.0.1:$API_PORT/$i" | jq -r '.';
+  echo "";
+done

nginx-utils/memory_stats.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -e
+echo ""
+echo " **** Output of memory.stat ****"
+cat /sys/fs/cgroup/memory.stat
+
+echo ""
+echo " **** Output of pmap for nginx and nginx-ingress processes ****"
+for p in $(pidof nginx nginx-ingress); do pmap ${p} -x; done
+
+echo ""
+echo " **** Output of /proc/pid/status for nginx and nginx-ingress processes ****"
+for p in $(pidof nginx nginx-ingress); do cat /proc/${p}/status; done