Images/NGINX: From scratch.

images/nginx/Makefile

@@ -12,48 +12,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-.DEFAULT_GOAL:=build
-
-# set default shell
-SHELL=/bin/bash -o pipefail -o errexit
-
-DIR:=$(strip $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))))
-INIT_BUILDX=$(DIR)/../../hack/init-buildx.sh
-
-# 0.0.0 shouldn't clobber any released builds
-SHORT_SHA ?=$(shell git rev-parse --short HEAD)
-TAG ?=$(shell cat TAG)
-
+# Define registry, image and tag.
 REGISTRY ?= gcr.io/k8s-staging-ingress-nginx
-
 IMAGE = $(REGISTRY)/nginx
+TAG ?= $(shell cat TAG)
 
-# required to enable buildx
-export DOCKER_CLI_EXPERIMENTAL=enabled
-
-# build with buildx
-PLATFORMS?=linux/amd64,linux/arm,linux/arm64
-OUTPUT=
-PROGRESS=plain
-build: ensure-buildx
-	docker buildx build \
-		--platform=${PLATFORMS} $(OUTPUT) \
-		--progress=$(PROGRESS) \
-		--pull \
-		--tag $(IMAGE):$(TAG) rootfs
-
-# push the cross built image
-push: OUTPUT=--push
-push: build
-
-# enable buildx
-ensure-buildx:
-# this is required for cloudbuild
-ifeq ("$(wildcard $(INIT_BUILDX))","")
-	@curl -sSL https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/hack/init-buildx.sh | bash
-else
-	@exec $(INIT_BUILDX)
-endif
-	@echo "done"
+# Define platforms.
+PLATFORMS ?= linux/arm64
 
-.PHONY: build push ensure-buildx
+.PHONY: build
+build:
+	docker buildx build --platform ${PLATFORMS}	--tag $(IMAGE):$(TAG) --progress plain rootfs

images/nginx/TAG

@@ -1 +1 @@
-v1.0.0
+dev

images/nginx/cloudbuild.yaml

@@ -1,14 +1,24 @@
 options:
-  # Increase machine type for multi-arch builds.
-  machineType: E2_HIGHCPU_32
   # Ignore Prow provided substitutions.
   substitution_option: ALLOW_LOOSE
 steps:
-  - name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20241110-72bb0b1665
-    env:
-      - REGISTRY=gcr.io/k8s-staging-ingress-nginx
-    entrypoint: bash
-    args:
-      - -c
-      - gcloud auth configure-docker && cd images/nginx && make push
-timeout: 7200s
+- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20241111-71c32dbdcc
+  entrypoint: docker
+  args:
+  - run
+  - --privileged
+  - --rm
+  - tonistiigi/binfmt:qemu-v8.1.5
+  - --install
+  - all
+- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20241111-71c32dbdcc
+  entrypoint: docker
+  args:
+  - buildx
+  - create
+  - --use
+- name: gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20241111-71c32dbdcc
+  dir: images/nginx
+  entrypoint: make
+  args:
+  - build

images/nginx/rootfs/Dockerfile

@@ -11,64 +11,24 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM alpine:3.20 as builder
 
-COPY . /
+# Start from Alpine 3.20.3.
+FROM alpine:3.20.3
 
-RUN apk update \
-  && apk upgrade \
-  && apk add -U bash --no-cache \
-  && /build.sh
+# Install dependencies.
+RUN apk add \
+    libc-dev \
+    make \
+    gcc
 
-# Use a multi-stage build
-FROM alpine:3.20
+# Change working directory.
+WORKDIR /build/luajit2
 
-ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin
+# Download LuaJIT.
+ADD https://github.com/openresty/luajit2/archive/v2.1-20241113.tar.gz luajit2.tar.gz
 
-ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;"
-ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;"
+# Extract LuaJIT.
+RUN tar --extract --file luajit2.tar.gz --strip-components 1
 
-COPY --from=builder /usr/local /usr/local
-COPY --from=builder /usr/lib/libopentelemetry* /usr/local/lib
-COPY --from=builder /opt /opt
-COPY --from=builder /etc/nginx /etc/nginx
-
-RUN apk update \
-  && apk upgrade \
-  && apk add -U --no-cache \
-  bash \
-  openssl \
-  pcre \
-  zlib \
-  ca-certificates \
-  patch \
-  yajl \
-  lmdb \
-  libxml2 \
-  libmaxminddb \
-  yaml-cpp \
-  dumb-init \
-  tzdata \
-  grpc-cpp \
-  libprotobuf \
-  && ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \
-  && adduser -S -D -H -u 101 -h /usr/local/nginx \
-  -s /sbin/nologin -G www-data -g www-data www-data \
-  && bash -eu -c ' \
-  writeDirs=( \
-  /var/log/nginx \
-  /var/lib/nginx/body \
-  /var/lib/nginx/fastcgi \
-  /var/lib/nginx/proxy \
-  /var/lib/nginx/scgi \
-  /var/lib/nginx/uwsgi \
-  /var/log/audit \
-  ); \
-  for dir in "${writeDirs[@]}"; do \
-  mkdir -p ${dir}; \
-  chown -R www-data.www-data ${dir}; \
-  done'
-
-EXPOSE 80 443
-
-CMD ["nginx", "-g", "daemon off;"]
+# Install LuaJIT.
+RUN make install