From 3e33a012b96700623b5bf964fa237bf69e2005de Mon Sep 17 00:00:00 2001 From: bfeshti Date: Wed, 16 Oct 2024 22:51:23 +0200 Subject: [PATCH 1/6] Use docker multi-stage build for reverse-proxy image --- neo4j-reverse-proxy/Dockerfile | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/neo4j-reverse-proxy/Dockerfile b/neo4j-reverse-proxy/Dockerfile index 4de262b8..27bbba5a 100644 --- a/neo4j-reverse-proxy/Dockerfile +++ b/neo4j-reverse-proxy/Dockerfile @@ -1,13 +1,16 @@ -FROM golang:1.22-alpine -RUN apk --no-cache add curl \ - && addgroup --gid 7474 --system neo4j \ - && adduser --uid 7474 --system --no-create-home --home "/go" --ingroup neo4j neo4j -WORKDIR reverse-proxy +FROM golang:1.22-alpine AS build +WORKDIR /go/reverse-proxy COPY reverse-proxy/operations operations/ COPY reverse-proxy/proxy proxy/ COPY reverse-proxy/go.mod go.mod COPY reverse-proxy/main.go main.go RUN go mod download && go mod verify \ - && go build -v -o reverseproxy_linux main.go \ - && chown -R neo4j:neo4j /go && chmod -R 777 /go + && go build -v -o reverseproxy_linux main.go + +FROM alpine:3.20.2 AS run +RUN addgroup --gid 7474 --system neo4j \ + && adduser --uid 7474 --system --no-create-home neo4j +WORKDIR /reverse-proxy +COPY --from=build --chown=neo4j:neo4j --chmod=777 /go/reverse-proxy/reverseproxy_linux reverseproxy_linux +USER neo4j CMD ["./reverseproxy_linux"] From 9da285f208217a0879ad6c1ea147c5c58bd6d359 Mon Sep 17 00:00:00 2001 From: bfeshti Date: Sun, 10 Nov 2024 22:07:04 +0100 Subject: [PATCH 2/6] replace curl with wget --- internal/integration_tests/standalone.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/integration_tests/standalone.go b/internal/integration_tests/standalone.go index 78c725fc..3ccf1e85 100644 --- a/internal/integration_tests/standalone.go +++ b/internal/integration_tests/standalone.go @@ -1089,9 +1089,9 @@ func InstallReverseProxyHelmChart(t *testing.T, standaloneReleaseName model.Rele assert.NotEmpty(t, ingressIP, "no ingress ip found") ingressURL := fmt.Sprintf("https://%s:443", ingressIP) - stdout, _, err := RunCommand(exec.Command("curl", "-ivk", ingressURL)) + stdout, _, err := RunCommand(exec.Command("wget", "-qO-", "--no-check-certificate", ingressURL)) assert.NoError(t, err) - assert.NotNil(t, string(stdout), "no curl output found") + assert.NotNil(t, string(stdout), "no wget output found") assert.Contains(t, string(stdout), "bolt_routing") assert.NotContains(t, string(stdout), "8443") From 13c7dbf08d69139d44cf9a00573958070badd484 Mon Sep 17 00:00:00 2001 From: bfeshti Date: Sun, 10 Nov 2024 22:41:36 +0100 Subject: [PATCH 3/6] Updated the directory path from /go to /reverse-proxy --- internal/integration_tests/standalone.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/integration_tests/standalone.go b/internal/integration_tests/standalone.go index 3ccf1e85..6188cfd0 100644 --- a/internal/integration_tests/standalone.go +++ b/internal/integration_tests/standalone.go @@ -1075,7 +1075,7 @@ func InstallReverseProxyHelmChart(t *testing.T, standaloneReleaseName model.Rele assert.NotNil(t, pods, "no reverse proxy pods found") assert.Equal(t, len(pods.Items), 1, "more than 1 reverse proxy pods found") - cmd := []string{"ls", "-lst", "/go"} + cmd := []string{"ls", "-lst", "/reverse-proxy"} stdoutCmd, _, err := ExecInPod(standaloneReleaseName, cmd, pods.Items[0].Name) assert.NoError(t, err, "cannot exec in reverse proxy pod") assert.NotContains(t, stdoutCmd, "root") From 91bde2f34c6d27725777758f9a1d68e0e472d81b Mon Sep 17 00:00:00 2001 From: bfeshti Date: Sun, 10 Nov 2024 22:42:05 +0100 Subject: [PATCH 4/6] Added wget to the Alpine image --- neo4j-reverse-proxy/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/neo4j-reverse-proxy/Dockerfile b/neo4j-reverse-proxy/Dockerfile index 27bbba5a..ffb89dba 100644 --- a/neo4j-reverse-proxy/Dockerfile +++ b/neo4j-reverse-proxy/Dockerfile @@ -8,7 +8,8 @@ RUN go mod download && go mod verify \ && go build -v -o reverseproxy_linux main.go FROM alpine:3.20.2 AS run -RUN addgroup --gid 7474 --system neo4j \ +RUN apk --no-cache add wget \ + && addgroup --gid 7474 --system neo4j \ && adduser --uid 7474 --system --no-create-home neo4j WORKDIR /reverse-proxy COPY --from=build --chown=neo4j:neo4j --chmod=777 /go/reverse-proxy/reverseproxy_linux reverseproxy_linux From 5c06fd57c8f6ebd735139cad3c25969eff708798 Mon Sep 17 00:00:00 2001 From: bfeshti Date: Sun, 10 Nov 2024 23:10:51 +0100 Subject: [PATCH 5/6] Use GO standard library instead of external commands --- internal/integration_tests/standalone.go | 21 +++++++++++++++++---- neo4j-reverse-proxy/Dockerfile | 3 +-- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/internal/integration_tests/standalone.go b/internal/integration_tests/standalone.go index 6188cfd0..cc537047 100644 --- a/internal/integration_tests/standalone.go +++ b/internal/integration_tests/standalone.go @@ -8,6 +8,7 @@ import ( "crypto/elliptic" "crypto/rand" "crypto/rsa" + "crypto/tls" "crypto/x509" "crypto/x509/pkix" "encoding/pem" @@ -30,6 +31,7 @@ import ( "k8s.io/client-go/tools/clientcmd" "log" "math/big" + "net/http" "os" "os/exec" "regexp" @@ -1089,11 +1091,22 @@ func InstallReverseProxyHelmChart(t *testing.T, standaloneReleaseName model.Rele assert.NotEmpty(t, ingressIP, "no ingress ip found") ingressURL := fmt.Sprintf("https://%s:443", ingressIP) - stdout, _, err := RunCommand(exec.Command("wget", "-qO-", "--no-check-certificate", ingressURL)) + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, + } + resp, err := client.Get(ingressURL) + assert.NoError(t, err) + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) assert.NoError(t, err) - assert.NotNil(t, string(stdout), "no wget output found") - assert.Contains(t, string(stdout), "bolt_routing") - assert.NotContains(t, string(stdout), "8443") + bodyStr := string(body) + assert.Contains(t, bodyStr, "bolt_routing") + assert.NotContains(t, bodyStr, "8443") return nil } diff --git a/neo4j-reverse-proxy/Dockerfile b/neo4j-reverse-proxy/Dockerfile index ffb89dba..27bbba5a 100644 --- a/neo4j-reverse-proxy/Dockerfile +++ b/neo4j-reverse-proxy/Dockerfile @@ -8,8 +8,7 @@ RUN go mod download && go mod verify \ && go build -v -o reverseproxy_linux main.go FROM alpine:3.20.2 AS run -RUN apk --no-cache add wget \ - && addgroup --gid 7474 --system neo4j \ +RUN addgroup --gid 7474 --system neo4j \ && adduser --uid 7474 --system --no-create-home neo4j WORKDIR /reverse-proxy COPY --from=build --chown=neo4j:neo4j --chmod=777 /go/reverse-proxy/reverseproxy_linux reverseproxy_linux From 865c3f0118cd84f719a13a4dd81819301d07cd83 Mon Sep 17 00:00:00 2001 From: bfeshti Date: Sun, 10 Nov 2024 23:57:29 +0100 Subject: [PATCH 6/6] retry wget --- internal/integration_tests/standalone.go | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/internal/integration_tests/standalone.go b/internal/integration_tests/standalone.go index cc537047..6188cfd0 100644 --- a/internal/integration_tests/standalone.go +++ b/internal/integration_tests/standalone.go @@ -8,7 +8,6 @@ import ( "crypto/elliptic" "crypto/rand" "crypto/rsa" - "crypto/tls" "crypto/x509" "crypto/x509/pkix" "encoding/pem" @@ -31,7 +30,6 @@ import ( "k8s.io/client-go/tools/clientcmd" "log" "math/big" - "net/http" "os" "os/exec" "regexp" @@ -1091,22 +1089,11 @@ func InstallReverseProxyHelmChart(t *testing.T, standaloneReleaseName model.Rele assert.NotEmpty(t, ingressIP, "no ingress ip found") ingressURL := fmt.Sprintf("https://%s:443", ingressIP) - client := &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: true, - }, - }, - } - resp, err := client.Get(ingressURL) - assert.NoError(t, err) - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) + stdout, _, err := RunCommand(exec.Command("wget", "-qO-", "--no-check-certificate", ingressURL)) assert.NoError(t, err) - bodyStr := string(body) - assert.Contains(t, bodyStr, "bolt_routing") - assert.NotContains(t, bodyStr, "8443") + assert.NotNil(t, string(stdout), "no wget output found") + assert.Contains(t, string(stdout), "bolt_routing") + assert.NotContains(t, string(stdout), "8443") return nil }