diff --git a/bitnami/kubeapps-dashboard/2/debian-11/Dockerfile b/bitnami/kubeapps-dashboard/2/debian-11/Dockerfile index e542647e104f..7a8c90e39c00 100644 --- a/bitnami/kubeapps-dashboard/2/debian-11/Dockerfile +++ b/bitnami/kubeapps-dashboard/2/debian-11/Dockerfile @@ -5,20 +5,44 @@ ENV OS_ARCH="amd64" \ LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \ org.opencontainers.image.description="Application packaged by Bitnami" \ - org.opencontainers.image.ref.name="2.5.0-debian-11-r4" \ + org.opencontainers.image.ref.name="2.5.1-debian-11-r0" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kubeapps-dashboard" \ org.opencontainers.image.title="kubeapps-dashboard" \ org.opencontainers.image.vendor="VMware, Inc." \ - org.opencontainers.image.version="2.5.0" + org.opencontainers.image.version="2.5.1" COPY prebuildfs / SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install required system packages and dependencies RUN install_packages acl ca-certificates curl gzip libc6 libcrypt1 libgeoip1 libpcre3 libssl1.1 procps tar zlib1g -RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "nginx" "1.23.1-2" --checksum 86af129d30d3ed8234c73815da136ac9a8d000dc6b9cd7522e8689e5c852bf0a -RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "render-template" "1.0.3-153" --checksum c1f2cdabdcc920512e8936ab2c8a033e1aeb97801fa026f0b12432581bf849ae -RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "kubeapps" "2.5.0-1" --checksum f9af523d8df6b309be06589982ef4292769e91afd62b250a2ef6417f941bf2ec -RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.14.0-154" --checksum e36c3d90f4fbfbe989f40947fa7c8ab817f12fcf97d3aef893c753a20ce976ab +RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \ + if [ ! -f nginx-1.23.1-2-linux-amd64-debian-11.tar.gz ]; then \ + curl -SsLf https://downloads.bitnami.com/files/stacksmith/nginx-1.23.1-2-linux-amd64-debian-11.tar.gz -O ; \ + fi && \ + echo "86af129d30d3ed8234c73815da136ac9a8d000dc6b9cd7522e8689e5c852bf0a nginx-1.23.1-2-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \ + tar -zxf nginx-1.23.1-2-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \ + rm -rf nginx-1.23.1-2-linux-amd64-debian-11.tar.gz +RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \ + if [ ! -f render-template-1.0.3-153-linux-amd64-debian-11.tar.gz ]; then \ + curl -SsLf https://downloads.bitnami.com/files/stacksmith/render-template-1.0.3-153-linux-amd64-debian-11.tar.gz -O ; \ + fi && \ + echo "c1f2cdabdcc920512e8936ab2c8a033e1aeb97801fa026f0b12432581bf849ae render-template-1.0.3-153-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \ + tar -zxf render-template-1.0.3-153-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \ + rm -rf render-template-1.0.3-153-linux-amd64-debian-11.tar.gz +RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \ + if [ ! -f kubeapps-2.5.1-0-linux-amd64-debian-11.tar.gz ]; then \ + curl -SsLf https://downloads.bitnami.com/files/stacksmith/kubeapps-2.5.1-0-linux-amd64-debian-11.tar.gz -O ; \ + fi && \ + echo "fc6ac831190db8abc953853936dda20f7186830f8ec17c8c9c6f8bed4414f8df kubeapps-2.5.1-0-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \ + tar -zxf kubeapps-2.5.1-0-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \ + rm -rf kubeapps-2.5.1-0-linux-amd64-debian-11.tar.gz +RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \ + if [ ! -f gosu-1.14.0-154-linux-amd64-debian-11.tar.gz ]; then \ + curl -SsLf https://downloads.bitnami.com/files/stacksmith/gosu-1.14.0-154-linux-amd64-debian-11.tar.gz -O ; \ + fi && \ + echo "e36c3d90f4fbfbe989f40947fa7c8ab817f12fcf97d3aef893c753a20ce976ab gosu-1.14.0-154-linux-amd64-debian-11.tar.gz" | sha256sum -c - && \ + tar -zxf gosu-1.14.0-154-linux-amd64-debian-11.tar.gz -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \ + rm -rf gosu-1.14.0-154-linux-amd64-debian-11.tar.gz RUN apt-get update && apt-get upgrade -y && \ rm -r /var/lib/apt/lists /var/cache/apt/archives RUN ln -sf /dev/stdout /opt/bitnami/nginx/logs/access.log @@ -30,7 +54,7 @@ RUN rm -rf /app && \ mv /opt/bitnami/kubeapps/build /app RUN chmod -R g+rwX /opt/bitnami/nginx/conf RUN /opt/bitnami/scripts/nginx/postunpack.sh -ENV APP_VERSION="2.5.0" \ +ENV APP_VERSION="2.5.1" \ BITNAMI_APP_NAME="kubeapps-dashboard" \ NGINX_HTTPS_PORT_NUMBER="" \ NGINX_HTTP_PORT_NUMBER="" \ diff --git a/bitnami/kubeapps-dashboard/2/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kubeapps-dashboard/2/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json index 1be20f593d68..8d8a7b885086 100644 --- a/bitnami/kubeapps-dashboard/2/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/kubeapps-dashboard/2/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json @@ -8,10 +8,10 @@ }, "kubeapps": { "arch": "amd64", - "digest": "f9af523d8df6b309be06589982ef4292769e91afd62b250a2ef6417f941bf2ec", + "digest": "fc6ac831190db8abc953853936dda20f7186830f8ec17c8c9c6f8bed4414f8df", "distro": "debian-11", "type": "NAMI", - "version": "2.5.0-1" + "version": "2.5.1-0" }, "nginx": { "arch": "amd64", diff --git a/bitnami/kubeapps-dashboard/2/debian-11/prebuildfs/opt/bitnami/scripts/libcomponent.sh b/bitnami/kubeapps-dashboard/2/debian-11/prebuildfs/opt/bitnami/scripts/libcomponent.sh deleted file mode 100644 index a7b60696daa6..000000000000 --- a/bitnami/kubeapps-dashboard/2/debian-11/prebuildfs/opt/bitnami/scripts/libcomponent.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -# -# Library for managing Bitnami components - -# Constants -CACHE_ROOT="/tmp/bitnami/pkg/cache" -DOWNLOAD_URL="https://downloads.bitnami.com/files/stacksmith" - -# Functions - -######################## -# Download and unpack a Bitnami package -# Globals: -# OS_NAME -# OS_ARCH -# OS_FLAVOUR -# Arguments: -# $1 - component's name -# $2 - component's version -# Returns: -# None -######################### -component_unpack() { - local name="${1:?name is required}" - local version="${2:?version is required}" - local base_name="${name}-${version}-${OS_NAME}-${OS_ARCH}-${OS_FLAVOUR}" - local package_sha256="" - local directory="/opt/bitnami" - - # Validate arguments - shift 2 - while [ "$#" -gt 0 ]; do - case "$1" in - -c|--checksum) - shift - package_sha256="${1:?missing package checksum}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - echo "Downloading $base_name package" - if [ -f "${CACHE_ROOT}/${base_name}.tar.gz" ]; then - echo "${CACHE_ROOT}/${base_name}.tar.gz already exists, skipping download." - cp "${CACHE_ROOT}/${base_name}.tar.gz" . - rm "${CACHE_ROOT}/${base_name}.tar.gz" - if [ -f "${CACHE_ROOT}/${base_name}.tar.gz.sha256" ]; then - echo "Using the local sha256 from ${CACHE_ROOT}/${base_name}.tar.gz.sha256" - package_sha256="$(< "${CACHE_ROOT}/${base_name}.tar.gz.sha256")" - rm "${CACHE_ROOT}/${base_name}.tar.gz.sha256" - fi - else - curl --remote-name --silent --show-error --fail "${DOWNLOAD_URL}/${base_name}.tar.gz" - fi - if [ -n "$package_sha256" ]; then - echo "Verifying package integrity" - echo "$package_sha256 ${base_name}.tar.gz" | sha256sum --check - || return "$?" - fi - tar --directory "${directory}" --extract --gunzip --file "${base_name}.tar.gz" --no-same-owner --strip-components=2 || return "$?" - rm "${base_name}.tar.gz" -} diff --git a/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh b/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh index 5577298e3e30..cb791af18624 100644 --- a/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh +++ b/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/libnginx.sh @@ -128,18 +128,21 @@ nginx_validate() { print_validation_error "The allowed values for ${1} are: yes no" fi } + check_valid_port() { + local port_var="${1:?missing port variable}" + local validate_port_args=() + local err + ! am_i_root && validate_port_args+=("-unprivileged") + if ! err="$(validate_port "${validate_port_args[@]}" "${!port_var}")"; then + print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." + fi + } ! is_empty_value "$NGINX_ENABLE_ABSOLUTE_REDIRECT" && check_yes_no_value "NGINX_ENABLE_ABSOLUTE_REDIRECT" ! is_empty_value "$NGINX_ENABLE_PORT_IN_REDIRECT" && check_yes_no_value "NGINX_ENABLE_PORT_IN_REDIRECT" - if [[ -n "${NGINX_HTTP_PORT_NUMBER:-}" ]]; then - local -a validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("${NGINX_HTTP_PORT_NUMBER}") - if ! err=$(validate_port "${validate_port_args[@]}"); then - print_validation_error "An invalid port was specified in the environment variable NGINX_HTTP_PORT_NUMBER: $err" - fi - fi + ! is_empty_value "$NGINX_HTTP_PORT_NUMBER" && check_valid_port "NGINX_HTTP_PORT_NUMBER" + ! is_empty_value "$NGINX_HTTPS_PORT_NUMBER" && check_valid_port "NGINX_HTTPS_PORT_NUMBER" if ! is_file_writable "$NGINX_CONF_FILE"; then warn "The NGINX configuration file '${NGINX_CONF_FILE}' is not writable by current user. Configurations based on environment variables will not be applied." @@ -188,9 +191,14 @@ nginx_initialize() { nginx_user_configuration="$(sed -E "s/(^user)/# \1/g" "$NGINX_CONF_FILE")" is_file_writable "$NGINX_CONF_FILE" && echo "$nginx_user_configuration" >"$NGINX_CONF_FILE" fi + # Configure HTTP port number if [[ -n "${NGINX_HTTP_PORT_NUMBER:-}" ]]; then nginx_configure_port "$NGINX_HTTP_PORT_NUMBER" fi + # Configure HTTPS port number + if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]]; then + nginx_configure_port "$NGINX_HTTPS_PORT_NUMBER" "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" + fi nginx_configure "absolute_redirect" "$(is_boolean_yes "$NGINX_ENABLE_ABSOLUTE_REDIRECT" && echo "on" || echo "off" )" nginx_configure "port_in_redirect" "$(is_boolean_yes "$NGINX_ENABLE_PORT_IN_REDIRECT" && echo "on" || echo "off" )" } diff --git a/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh b/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh index 08cfa13c25d5..fc04a6cb54a4 100755 --- a/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh +++ b/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/postunpack.sh @@ -46,6 +46,8 @@ nginx_patch_httpoxy_vulnerability # Configure default HTTP port nginx_configure_port "$NGINX_DEFAULT_HTTP_PORT_NUMBER" +# Configure default HTTPS port +nginx_configure_port "$NGINX_DEFAULT_HTTPS_PORT_NUMBER" "${BITNAMI_ROOT_DIR}/scripts/nginx/server_blocks/default-https-server-block.conf" # shellcheck disable=SC1091 diff --git a/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/server_blocks/default-https-server-block.conf b/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/server_blocks/default-https-server-block.conf new file mode 100644 index 000000000000..27284a637c31 --- /dev/null +++ b/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/server_blocks/default-https-server-block.conf @@ -0,0 +1,17 @@ +# HTTPS Server +server { + # Port to listen on, can also be set in IP:PORT format + listen 443 ssl; + + ssl_certificate bitnami/certs/server.crt; + ssl_certificate_key bitnami/certs/server.key; + + include "/opt/bitnami/nginx/conf/bitnami/*.conf"; + + location /status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } +} diff --git a/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh b/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh index 2488721cdff8..0261020b25c0 100755 --- a/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh +++ b/bitnami/kubeapps-dashboard/2/debian-11/rootfs/opt/bitnami/scripts/nginx/setup.sh @@ -27,20 +27,14 @@ am_i_root && ensure_user_exists "$NGINX_DAEMON_USER" --group "$NGINX_DAEMON_GROU # Run init scripts nginx_custom_init_scripts -# Validate HTTPS port number -if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]]; then - validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - validate_port_args+=("$NGINX_HTTPS_PORT_NUMBER") - if ! err=$(validate_port "${validate_port_args[@]}"); then - error "An invalid port was specified in the environment variable NGINX_HTTPS_PORT_NUMBER: $err" - exit 1 - fi -fi - # Fix logging issue when running as root ! am_i_root || chmod o+w "$(readlink /dev/stdout)" "$(readlink /dev/stderr)" +# Configure HTTPS port number +if [[ -n "${NGINX_HTTPS_PORT_NUMBER:-}" ]] && [[ ! -f "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" ]]; then + cp "${BITNAMI_ROOT_DIR}/scripts/nginx/server_blocks/default-https-server-block.conf" "${NGINX_SERVER_BLOCKS_DIR}/default-https-server-block.conf" +fi + # Initialize NGINX nginx_initialize diff --git a/bitnami/kubeapps-dashboard/2/debian-11/tags-info.yaml b/bitnami/kubeapps-dashboard/2/debian-11/tags-info.yaml index ea6bc4332117..2de3456d4fbd 100644 --- a/bitnami/kubeapps-dashboard/2/debian-11/tags-info.yaml +++ b/bitnami/kubeapps-dashboard/2/debian-11/tags-info.yaml @@ -1,5 +1,5 @@ rolling-tags: - "2" - "2-debian-11" - - "2.5.0" + - "2.5.1" - "latest" diff --git a/bitnami/kubeapps-dashboard/README.md b/bitnami/kubeapps-dashboard/README.md index 48f9f04f992f..336fdbba67df 100644 --- a/bitnami/kubeapps-dashboard/README.md +++ b/bitnami/kubeapps-dashboard/README.md @@ -36,7 +36,7 @@ Non-root container images add an extra layer of security and are generally recom Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/). -* [`2`, `2-debian-11`, `2.5.0`, `2.5.0-debian-11-r4`, `latest` (2/debian-11/Dockerfile)](https://github.com/bitnami/containers/blob/main/bitnami/kubeapps-dashboard/2/debian-11/Dockerfile) +* [`2`, `2-debian-11`, `2.5.1`, `2.5.1-debian-11-r0`, `latest` (2/debian-11/Dockerfile)](https://github.com/bitnami/containers/blob/main/bitnami/kubeapps-dashboard/2/debian-11/Dockerfile) ## Configuration