Change the base image to Debian Stretch for Plus controller (#235)

Author: pleshakov

nginx-controller/DockerfileForPlus

@@ -1,43 +1,61 @@
-FROM ubuntu:16.04
+FROM debian:stretch-slim
 
-MAINTAINER NGINX Docker Maintainers "[email protected]"
+LABEL maintainer="NGINX Docker Maintainers <[email protected]>"
 
-# Set the debconf front end to Noninteractive
-RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
-
-RUN apt-get update && apt-get install -y -q wget lsb-release apt-transport-https
+ENV NGINX_PLUS_VERSION 1.13.7-2~stretch
 
 # Download certificate and key from the customer portal (https://cs.nginx.com)
 # and copy to the build context
-ADD nginx-repo.crt /etc/ssl/nginx/
-ADD nginx-repo.key /etc/ssl/nginx/
+COPY nginx-repo.crt /etc/ssl/nginx/
+COPY nginx-repo.key /etc/ssl/nginx/
 
 # Make sure the certificate and key have correct permissions
 RUN chmod 644 /etc/ssl/nginx/*
 
-# Get other files required for installation
-RUN wget -q -O - http://nginx.org/keys/nginx_signing.key | apt-key add -
-RUN wget -q -O /etc/apt/apt.conf.d/90nginx https://cs.nginx.com/static/files/90nginx
-
-RUN printf "deb https://plus-pkgs.nginx.com/ubuntu `lsb_release -cs` nginx-plus\n" >/etc/apt/sources.list.d/nginx-plus.list
-
 # Install NGINX Plus
-RUN apt-get update && apt-get install -y nginx-plus
+RUN set -x \
+  && apt-get update && apt-get upgrade -y \
+  && apt-get install --no-install-recommends --no-install-suggests -y apt-transport-https ca-certificates gnupg1 \
+  && \
+  NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \
+  found=''; \
+  for server in \
+    ha.pool.sks-keyservers.net \
+    hkp://keyserver.ubuntu.com:80 \
+    hkp://p80.pool.sks-keyservers.net:80 \
+    pgp.mit.edu \
+  ; do \
+    echo "Fetching GPG key $NGINX_GPGKEY from $server"; \
+    apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \
+  done; \
+  test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \
+  echo "Acquire::https::plus-pkgs.nginx.com::Verify-Peer \"true\";" >> /etc/apt/apt.conf.d/90nginx \
+  && echo "Acquire::https::plus-pkgs.nginx.com::Verify-Host \"true\";" >> /etc/apt/apt.conf.d/90nginx \
+  && echo "Acquire::https::plus-pkgs.nginx.com::SslCert     \"/etc/ssl/nginx/nginx-repo.crt\";" >> /etc/apt/apt.conf.d/90nginx \
+  && echo "Acquire::https::plus-pkgs.nginx.com::SslKey      \"/etc/ssl/nginx/nginx-repo.key\";" >> /etc/apt/apt.conf.d/90nginx \
+  && printf "deb https://plus-pkgs.nginx.com/debian stretch nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \
+  && apt-get update && apt-get install -y nginx-plus=${NGINX_PLUS_VERSION} \
+  && apt-get remove --purge --auto-remove -y gnupg1 \
+  && rm -rf /var/lib/apt/lists/* \
+  && rm -rf /etc/ssl/nginx \
+  && rm /etc/apt/apt.conf.d/90nginx /etc/apt/sources.list.d/nginx-plus.list
 
-EXPOSE 80 443 8080
 
 # forward nginx access and error logs to stdout and stderr of the ingress
 # controller process
 RUN ln -sf /proc/1/fd/1 /var/log/nginx/access.log \
 	&& ln -sf /proc/1/fd/2 /var/log/nginx/error.log
 
+
+EXPOSE 80 443
+
 COPY nginx-ingress nginx/templates/nginx-plus.ingress.tmpl nginx/templates/nginx-plus.tmpl /
-RUN rm /etc/nginx/conf.d/*
 
-RUN mkdir -p /etc/nginx/secrets
+RUN rm /etc/nginx/conf.d/* \
+  && mkdir -p /etc/nginx/secrets
 
 # Uncomment the line below if you would like to add the default.pem to the image
 # and use it as a certificate and key for the default server
 # ADD default.pem /etc/nginx/secrets/default
 
-ENTRYPOINT ["/nginx-ingress"]
+ENTRYPOINT ["/nginx-ingress"]