Skip to content

Kubernetes

Integrating with the Kubernetes Nginx Ingress Controller

1) Clone the git repository

 # git clone https://github.com/nginxinc/kubernetes-ingress.git

2) Navigate to the Dockerfile

 # cd kubernetes-ingress
# build
# cp Dockerfile Dockerfile.bak
# vi Dockerfile

3) Modify the Dockerfile's Debian stage

In the Dockerfile, find the debian stage and add the commands to install the DeepFinder Agent. Be sure to substitute your actual Manager IP and authentication key in the ./nginx.sh command.

############################################# Base image for Debian #############################################
FROM nginx:1.27.2@sha256:d2eb56950b84efe34f966a2b92efb1a1a2ea53e7e93b94cdf45a27cf3cd47fc0 AS debian

RUN --mount=type=bind,from=opentracing-lib,target=/tmp/ot/ \
         apt-get update \
         && apt-get install --no-install-recommends --no-install-suggests -y libcap2-bin \
         && cp -av /tmp/ot/usr/local/lib/libopentracing.so* /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \
         && cp -av /tmp/ot/usr/lib/nginx/modules/ngx_http_opentracing_module.so /usr/lib/nginx/modules/ \
         && ldconfig
#deepfinder
RUN apt-get install --no-install-recommends --no-install-suggests -y  wget gcc make libpcre3-dev libssl-dev zlib1g-dev libmagic1 procps net-tools\
         && wget download.deepfinder.co.kr/DeepFinder/1.0/DeepFinder.tar.gz \
         && tar xzf DeepFinder.tar.gz \
         && cd DeepFinder \
         && ./nginx.sh YOUR_MANAGER_IP YOUR_AUTH_KEY ssl /usr/local/deepfinder /usr/sbin/nginx
RUN sed -i '/^events {/i load_module /usr/local/deepfinder/lib/ngx_http_deepfinder_module.so;' /etc/nginx/nginx.conf
RUN chown 101:0 -R /usr/local/deepfinder/
RUN chmod 0755 -R /usr/local/deepfinder/bin

4) Modify the Entrypoint
In the same Dockerfile, change the ENTRYPOINT to use a custom startup script.

 ######################### Create common files, permissions and setcap #########################
FROM ${BUILD_OS} AS common

ARG BUILD_OS
ARG IC_VERSION
ARG TARGETPLATFORM
ARG NAP_MODULES=none

ENV BUILD_OS=${BUILD_OS}

RUN --mount=type=bind,target=/code \
        --mount=type=bind,from=nginx-files,src=common.sh,target=/usr/local/bin/common.sh \
        --mount=type=bind,from=nginx-files,src=patch-os.sh,target=/usr/local/bin/patch-os.sh \
        patch-os.sh \
        && common.sh

EXPOSE 80 443

STOPSIGNAL SIGTERM
#ENTRYPOINT ["/nginx-ingress"]

COPY build/start.sh /start.sh
RUN chmod +x /start.sh
ENTRYPOINT ["/start.sh"]
# 101 is nginx
USER 101

LABEL org.opencontainers.image.version="${IC_VERSION}" \
        org.opencontainers.image.documentation=https://docs.nginx.com/nginx-ingress-controller \
        org.opencontainers.image.vendor="NGINX Inc " \
        org.nginx.kic.image.build.target="${TARGETPLATFORM}" \
        org.nginx.kic.image.build.os="${BUILD_OS}" \
        org.nginx.kic.image.build.nginx.version="${NGINX_VERSION}"

5) Create the Entrypoint Script (start.sh)
Inside the build directory, create a new file named start.sh to launch both the DeepFinder Agent and the Nginx Ingress process.

 #!/bin/bash
# Run DeepFinder starter
/usr/local/deepfinder/bin/starter

# Run nginx-ingress
/nginx-ingress

# Wait for all processes to exit
wait

6) Modify Configuration Templates

To ensure the DeepFinder module is loaded, you can either modify the build template directly or use a ConfigMap.

Modifying the Build Config Template

# cd kubernetes-ingress
# vi internal/configs/version1/nginx.tmpl
{{- /*gotype: github.com/nginxinc/kubernetes-ingress/internal/configs/version1.MainConfig*/ - }}
worker_processes  {{.WorkerProcesses}};
{{- if .WorkerRlimitNofile}}
worker_rlimit_nofile {{.WorkerRlimitNofile}};{{end}}
{{- if .WorkerCPUAffinity}}
worker_cpu_affinity {{.WorkerCPUAffinity}};{{end}}
{{- if .WorkerShutdownTimeout}}
worker_shutdown_timeout {{.WorkerShutdownTimeout}};{{end}}
daemon off;

error_log  stderr {{.ErrorLogLevel}};
pid        /var/lib/nginx/nginx.pid;

{{- if .OpenTracingLoadModule}}
load_module modules/ngx_http_opentracing_module.so;
{{- end}}

{{- if .MainSnippets}}
{{range $value := .MainSnippets}}
{{$value}}{{end}}
{{- end}}

load_module /usr/local/deepfinder/lib/ngx_http_deepfinder_module.so;
load_module modules/ngx_http_js_module.so;

events {
    worker_connections  {{.WorkerConnections}};
}

Example: Configuring via Nginx ConfigMap

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: my-ns
  name: my-nginx-conf
data:
  nginx-conf: |
    user  nginx;
    worker_processes  2;

    err_log    /var/log/nginx/err.log warn;
    pid        /var/run/nginx.pid;

    # Insert DeepFinder Module
    load_module /usr/local/deepfinder/lib/ngx_http_deepfinder_module.so; 

    events {
        worker_connections  1024;
    }

    http {
        include        /etc/nginx/mime.types;
        default_type  application/octet-stream;
        ....
        include        /etc/nginx/conf.d/*.conf;
   }

7) Build the Custom Image

# cd kubernetes-ingress
# make debian-image PREFIX=nginx-ingress TAG=deepfinder

8) Update the Deployment to Use the New Image
Modify your deployment YAML to point to the new custom image.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-ingress-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-ingress
  template:
    metadata:
      labels:
        app: nginx-ingress
    spec:
      containers:
      - name: nginx-ingress
        image: nginx-ingress:deepfinder
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80