diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 0000000..f4d21fc --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,54 @@ +name: Build and Push Docker Image for nginx-utils container +permissions: + contents: read + packages: write + actions: write +on: + workflow_dispatch: + push: + branches: + - '*' + paths: + - 'nginx-utils/**' + - '.github/workflows/docker-build.yml' +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4.2.2 + + # Step 2: Debug: Verify api_stats.sh and repository content + - name: List repository files + run: ls -R .; pwd + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.10.0 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3.4.0 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push Docker image + uses: docker/build-push-action@v6.18.0 + with: + context: . + file: nginx-utils/Dockerfile + push: true + tags: ghcr.io/nginx/nginx-utils:latest + + # Step 5: Install Trivy for Vulnerability Scanning + - name: Install Trivy and scan image for vulnerabilities + uses: aquasecurity/trivy-action@0.31.0 + + with: + image-ref: ghcr.io/${{ github.repository_owner }}/nginx-utils:latest + format: json + output: vuln-report.json + + - name: Upload Vulnerability Report + uses: actions/upload-artifact@v4.6.2 + with: + name: vuln-report + path: vuln-report.json diff --git a/Makefile b/Makefile index c478dd0..a9ec57f 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,9 @@ +.PHONY: nginx-utils build install build: go build -o cmd/kubectl-nginx_supportpkg +nginx-utils: + docker buildx build --build-context project=nginx-utils --platform linux/amd64 -t nginx-utils -f nginx-utils/Dockerfile . + install: build sudo cp cmd/kubectl-nginx_supportpkg /usr/local/bin \ No newline at end of file diff --git a/nginx-utils/Dockerfile b/nginx-utils/Dockerfile new file mode 100644 index 0000000..003a3e9 --- /dev/null +++ b/nginx-utils/Dockerfile @@ -0,0 +1,27 @@ +FROM alpine:latest + +LABEL org.opencontainers.image.description="Container image including various troubleshooting tools such as curl, tcpdump, iperf, netcat to name a few not available in the target container" +LABEL org.opencontainers.image.vendor="NGINX" +LABEL org.opencontainers.image.authors="NGINX " +LABEL org.opencontainers.image.url="https://github.com/nginx/nginx-supportpkg-for-k8s/pkgs/container/nginx-utils" +LABEL org.opencontainers.image.documentation="https://github.com/nginx/nginx-supportpkg-for-k8s/pkgs/container/nginx-utils" +LABEL org.opencontainers.image.source="https://github.com/nginx/nginx-supportpkg-for-k8s/tree/main/nginx-utils" +LABEL org.opencontainers.image.licenses="Apache-2.0" + +COPY --chmod=744 nginx-utils/api_stats.sh /root/api_stats.sh +COPY --chmod=744 nginx-utils/memory_stats.sh /root/memory_stats.sh + +RUN set -ex \ + && apk --update add --no-cache \ + bind-tools curl netcat-openbsd iproute2 \ + iperf tcpdump tshark bash jq \ + && rm -rf /var/cache/apk/* \ + && ln -s /usr/bin/iperf /usr/local/bin/iperf \ + && ls -altrh /usr/local/bin/iperf + +# Setting User and Home +USER root +WORKDIR /root +ENV HOSTNAME=nginx-utils + +CMD ["bash"] \ No newline at end of file diff --git a/nginx-utils/api_stats.sh b/nginx-utils/api_stats.sh new file mode 100644 index 0000000..10b1ec0 --- /dev/null +++ b/nginx-utils/api_stats.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +# Parse command line options +set -e +set -o pipefail +while getopts "p:v:h" opt; do + case $opt in + p) API_PORT="$OPTARG" + ;; + h) echo "Usage: $0 [-p port]" + exit 0 + ;; + \?) echo "Invalid option -$OPTARG" >&2 + echo "Usage: $0 [-p port]" + exit 1 + ;; + esac +done + +if [ $OPTIND -eq 1 ]; then + echo "No options were passed, exiting ..." + echo "Usage: $(basename "$0") [-p port]" + exit 1 +fi + +if [ -z "${API_PORT}" ]; then + echo 'Missing -p arg' >&2 + exit 1 +fi + +api_versions=($(curl -s http://127.0.0.1:$API_PORT/api/ | sed -e 's/\[//g' -e 's/\]//g' -e 's/\,/ /g')) +API_VERSION=${api_versions[-1]} +echo "API_VERSION: $API_VERSION" + +echo "**** /api/$API_VERSION/nginx ****" ; +curl -s "127.0.0.1:$API_PORT/api/$API_VERSION/nginx" | jq -r '.'; +echo ""; + +for i in /api/$API_VERSION/processes /api/$API_VERSION/connections /api/$API_VERSION/slabs /api/$API_VERSION/http/requests /api/$API_VERSION/http/server_zones /api/$API_VERSION/http/location_zones /api/$API_VERSION/http/caches /api/$API_VERSION/http/upstreams /api/$API_VERSION/http/keyvals; do + echo "**** $i ****" ; + curl -s "127.0.0.1:$API_PORT/$i" | jq -r '.'; + echo ""; +done \ No newline at end of file diff --git a/nginx-utils/memory_stats.sh b/nginx-utils/memory_stats.sh new file mode 100644 index 0000000..c7f8278 --- /dev/null +++ b/nginx-utils/memory_stats.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +echo "" +echo " **** Output of memory.stat ****" +cat /sys/fs/cgroup/memory.stat + +echo "" +echo " **** Output of pmap for nginx and nginx-ingress processes ****" +for p in $(pidof nginx nginx-ingress); do pmap ${p} -x; done + +echo "" +echo " **** Output of /proc/pid/status for nginx and nginx-ingress processes ****" +for p in $(pidof nginx nginx-ingress); do cat /proc/${p}/status; done \ No newline at end of file