Move custom images out of contrib

images/OWNERS

@@ -0,0 +1,5 @@
+approvers:
+- aledbf
+reviewers:
+- bprashanth
+- aledbf

images/nginx-slim/Dockerfile

@@ -0,0 +1,29 @@
+# Copyright 2015 The Kubernetes Authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+FROM gcr.io/google_containers/ubuntu-slim:0.6
+
+COPY build.sh /tmp
+
+RUN /tmp/build.sh
+
+# Create symlinks to redirect nginx logs to stdout and stderr docker log collector
+# This only works if nginx is started with CMD or ENTRYPOINT
+RUN ln -sf /dev/stdout /var/log/nginx/access.log
+RUN ln -sf /dev/stderr /var/log/nginx/error.log
+
+EXPOSE 80 443
+
+CMD ["nginx", "-g", "daemon off;"]

images/nginx-slim/Makefile

@@ -0,0 +1,14 @@
+all: push
+
+# 0.0.0 shouldn't clobber any released builds
+TAG = 0.13
+PREFIX = gcr.io/google_containers/nginx-slim
+
+container:
+	docker build --pull -t $(PREFIX):$(TAG) .
+
+push: container
+	gcloud docker push $(PREFIX):$(TAG)
+
+clean:
+	docker rmi -f $(PREFIX):$(TAG) || true

images/nginx-slim/README.md

@@ -0,0 +1,24 @@
+
+nginx 1.11.x base image using [ubuntu-slim](https://github.com/kubernetes/contrib/tree/master/images/ubuntu-slim)
+
+nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server.
+
+This custom nginx image contains:
+- [lua](https://github.com/openresty/lua-nginx-module) support
+- [stream](http://nginx.org/en/docs/stream/ngx_stream_core_module.html) tcp support for upstreams
+- nginx stats [nginx-module-vts](https://github.com/vozlt/nginx-module-vts)
+- [Dynamic TLS record sizing](https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/)
+
+
+**How to use this image:**
+This image does provides a default configuration file with no backend servers.
+
+*Using docker*
+```
+$ docker run -v /some/nginx.con:/etc/nginx/nginx.conf:ro gcr.io/google_containers/nginx-slim:0.12
+```
+
+*Creating a replication controller*
+```
+$ kubectl create -f ./rc.yaml
+```

images/nginx-slim/build.sh

@@ -0,0 +1,223 @@
+#!/bin/sh
+
+# Copyright 2015 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+set -e
+
+export NGINX_VERSION=1.11.9
+export NDK_VERSION=0.3.0
+export VTS_VERSION=0.1.11
+export SETMISC_VERSION=0.31
+export LUA_VERSION=0.10.7
+export STICKY_SESSIONS_VERSION=08a395c66e42                               
+export LUA_CJSON_VERSION=2.1.0.4
+export LUA_RESTY_HTTP_VERSION=0.07
+export LUA_UPSTREAM_VERSION=0.06
+export MORE_HEADERS_VERSION=0.32
+export NGINX_DIGEST_AUTH=7955af9c77598c697ac292811914ce1e2b3b824c
+export NGINX_SUBSTITUTIONS=bc58cb11844bc42735bbaef7085ea86ace46d05b
+
+export BUILD_PATH=/tmp/build
+
+get_src()
+{
+  hash="$1"
+  url="$2"
+  f=$(basename "$url")
+
+  curl -sSL "$url" -o "$f"
+  echo "$hash  $f" | sha256sum -c - || exit 10
+  tar xzf "$f"
+  rm -rf "$f"
+}
+
+mkdir "$BUILD_PATH"
+cd "$BUILD_PATH"
+
+# install required packages to build
+apt-get update && apt-get install --no-install-recommends -y \
+  bash \
+  build-essential \
+  curl ca-certificates \
+  libgeoip1 \
+  libgeoip-dev \
+  patch \
+  libpcre3 \
+  libpcre3-dev \
+  libssl-dev \
+  zlib1g \
+  zlib1g-dev \
+  libaio1 \
+  libaio-dev \
+  luajit \
+  openssl \
+  libluajit-5.1 \
+  libluajit-5.1-dev \
+  linux-headers-generic || exit 1
+
+# download, verify and extract the source files
+get_src dc22b71f16b551705930544dc042f1ad1af2f9715f565187ec22c7a4b2625748 \
+        "http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz"
+
+get_src 88e05a99a8a7419066f5ae75966fb1efc409bad4522d14986da074554ae61619 \
+        "https://github.com/simpl/ngx_devel_kit/archive/v$NDK_VERSION.tar.gz"
+
+get_src 97946a68937b50ab8637e1a90a13198fe376d801dc3e7447052e43c28e9ee7de \
+        "https://github.com/openresty/set-misc-nginx-module/archive/v$SETMISC_VERSION.tar.gz"
+
+get_src 31db853251a631a6b6a0b96b10806c9c32eda3c3d08fe46a38ff944b22dba636 \
+        "https://github.com/vozlt/nginx-module-vts/archive/v$VTS_VERSION.tar.gz"
+
+get_src c21c8937dcdd6fc2b6a955f929e3f4d1388610f47180e60126e6dcab06786f77 \
+        "https://github.com/openresty/lua-nginx-module/archive/v$LUA_VERSION.tar.gz"
+
+get_src 5417991b6db4d46383da2d18f2fd46b93fafcebfe87ba87f7cfeac4c9bcb0224 \
+        "https://github.com/openresty/lua-cjson/archive/$LUA_CJSON_VERSION.tar.gz"
+
+get_src 1c6aa06c9955397c94e9c3e0c0fba4e2704e85bee77b4512fb54ae7c25d58d86 \
+        "https://github.com/pintsized/lua-resty-http/archive/v$LUA_RESTY_HTTP_VERSION.tar.gz"
+
+get_src c6d9dab8ea1fc997031007e2e8f47cced01417e203cd88d53a9fe9f6ae138720 \
+        "https://github.com/openresty/headers-more-nginx-module/archive/v$MORE_HEADERS_VERSION.tar.gz"
+
+get_src 55475fe4f9e4b5220761269ccf0069ebb1ded61d7e7888f9c785c651cff3d141 \
+        "https://github.com/openresty/lua-upstream-nginx-module/archive/v$LUA_UPSTREAM_VERSION.tar.gz"
+
+get_src 53e440737ed1aff1f09fae150219a45f16add0c8d6e84546cb7d80f73ebffd90 \
+        "https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/$STICKY_SESSIONS_VERSION.tar.gz"
+
+get_src 9b1d0075df787338bb607f14925886249bda60b6b3156713923d5d59e99a708b \
+        "https://github.com/atomx/nginx-http-auth-digest/archive/$NGINX_DIGEST_AUTH.tar.gz"
+
+get_src 8eabbcd5950fdcc718bb0ef9165206c2ed60f67cd9da553d7bc3e6fe4e338461 \
+        "https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/$NGINX_SUBSTITUTIONS.tar.gz"
+
+
+#https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/
+curl -sSL -o nginx__dynamic_tls_records.patch https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/nginx__1.11.5_dynamic_tls_records.patch
+
+# build nginx
+cd "$BUILD_PATH/nginx-$NGINX_VERSION"
+
+echo "Applying tls nginx patches..."
+patch -p1 < $BUILD_PATH/nginx__dynamic_tls_records.patch
+
+./configure \
+  --prefix=/usr/share/nginx \
+  --conf-path=/etc/nginx/nginx.conf \
+  --http-log-path=/var/log/nginx/access.log \
+  --error-log-path=/var/log/nginx/error.log \
+  --lock-path=/var/lock/nginx.lock \
+  --pid-path=/run/nginx.pid \
+  --http-client-body-temp-path=/var/lib/nginx/body \
+  --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
+  --http-proxy-temp-path=/var/lib/nginx/proxy \
+  --http-scgi-temp-path=/var/lib/nginx/scgi \
+  --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
+  --with-debug \
+  --with-pcre-jit \
+  --with-http_ssl_module \
+  --with-http_stub_status_module \
+  --with-http_realip_module \
+  --with-http_auth_request_module \
+  --with-http_addition_module \
+  --with-http_dav_module \
+  --with-http_geoip_module \
+  --with-http_gzip_static_module \
+  --with-http_sub_module \
+  --with-http_v2_module \
+  --with-stream \
+  --with-stream_ssl_module \
+  --with-stream_ssl_preread_module \
+  --with-threads \
+  --with-file-aio \
+  --without-mail_pop3_module \
+  --without-mail_smtp_module \
+  --without-mail_imap_module \
+  --without-http_uwsgi_module \
+  --without-http_scgi_module \
+  --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
+  --add-module="$BUILD_PATH/ngx_devel_kit-$NDK_VERSION" \
+  --add-module="$BUILD_PATH/set-misc-nginx-module-$SETMISC_VERSION" \
+  --add-module="$BUILD_PATH/nginx-module-vts-$VTS_VERSION" \
+  --add-module="$BUILD_PATH/lua-nginx-module-$LUA_VERSION" \
+  --add-module="$BUILD_PATH/headers-more-nginx-module-$MORE_HEADERS_VERSION" \
+  --add-module="$BUILD_PATH/nginx-goodies-nginx-sticky-module-ng-$STICKY_SESSIONS_VERSION" \
+  --add-module="$BUILD_PATH/nginx-http-auth-digest-$NGINX_DIGEST_AUTH" \
+  --add-module="$BUILD_PATH/ngx_http_substitutions_filter_module-$NGINX_SUBSTITUTIONS" \
+  --add-module="$BUILD_PATH/lua-upstream-nginx-module-$LUA_UPSTREAM_VERSION" || exit 1 \
+  && make || exit 1 \
+  && make install || exit 1
+
+echo "Installing CJSON module"
+cd "$BUILD_PATH/lua-cjson-$LUA_CJSON_VERSION"
+make LUA_INCLUDE_DIR=/usr/include/luajit-2.0 && make install
+
+echo "Installing lua-resty-http module"
+# copy lua module
+cd "$BUILD_PATH/lua-resty-http-$LUA_RESTY_HTTP_VERSION"
+sed -i 's/resty.http_headers/http_headers/' $BUILD_PATH/lua-resty-http-$LUA_RESTY_HTTP_VERSION/lib/resty/http.lua
+cp $BUILD_PATH/lua-resty-http-$LUA_RESTY_HTTP_VERSION/lib/resty/http.lua /usr/local/lib/lua/5.1
+cp $BUILD_PATH/lua-resty-http-$LUA_RESTY_HTTP_VERSION/lib/resty/http_headers.lua /usr/local/lib/lua/5.1
+
+echo "Cleaning..."
+
+cd /
+
+apt-mark unmarkauto \
+  bash \
+  curl ca-certificates \
+  libgeoip1 \
+  libpcre3 \
+  zlib1g \
+  libaio1 \
+  luajit \
+  libluajit-5.1-2 \
+  xz-utils \
+  geoip-bin \
+  openssl
+
+apt-get remove -y --purge \
+  build-essential \
+  gcc-5 \
+  cpp-5 \
+  libgeoip-dev \
+  libpcre3-dev \
+  libssl-dev \
+  zlib1g-dev \
+  libaio-dev \
+  libluajit-5.1-dev \
+  linux-libc-dev \
+  perl-modules-5.22 \
+  linux-headers-generic
+
+apt-get autoremove -y
+
+mkdir -p /var/lib/nginx/body /usr/share/nginx/html
+
+mv /usr/share/nginx/sbin/nginx /usr/sbin
+
+rm -rf "$BUILD_PATH"
+rm -Rf /usr/share/man /usr/share/doc
+rm -rf /tmp/* /var/tmp/*
+rm -rf /var/lib/apt/lists/*
+rm -rf /var/cache/apt/archives/*
+
+# Download of GeoIP databases
+curl -sSL -o /etc/nginx/GeoIP.dat.gz http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz \
+  && curl -sSL -o /etc/nginx/GeoLiteCity.dat.gz http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz \
+  && gunzip /etc/nginx/GeoIP.dat.gz \
+  && gunzip /etc/nginx/GeoLiteCity.dat.gz

images/nginx-slim/rc.yaml

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginxslimsvc
+  labels:
+    app: nginxslim
+spec:
+  type: NodePort
+  ports:
+  - port: 80
+    protocol: TCP
+    name: http
+  selector:
+    app: nginxslim
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: nginxslim
+spec:
+  replicas: 1
+  selector:
+    app: nginxslim
+  template:
+    metadata:
+      labels:
+        app: nginxslim
+        name: frontend
+    spec:
+      containers:
+      - name: nginxslim
+        image: gcr.io/google_containers/nginx-slim:0.12
+        ports:
+        - containerPort: 80

images/ubuntu-slim/Dockerfile

@@ -0,0 +1,5 @@
+FROM scratch
+
+ADD rootfs.tar /
+
+CMD ["/bin/bash"]

images/ubuntu-slim/Dockerfile.build

@@ -0,0 +1,45 @@
+FROM ubuntu:16.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+COPY excludes /etc/dpkg/dpkg.cfg.d/excludes
+
+RUN apt-get update \
+    && apt-get dist-upgrade -y
+
+COPY runlevel /sbin/runlevel
+
+# hold required packages to avoid breaking the installation of packages
+RUN apt-mark hold apt gnupg adduser passwd libsemanage1
+
+# dpkg --get-selections | grep -v deinstall
+RUN echo "Yes, do as I say!" | apt-get purge \
+    libcap2-bin \
+    libkmod2 \
+    libsmartcols1 \
+    libudev1 \
+    tzdata
+
+# cleanup
+RUN apt-get autoremove -y && \
+    apt-get clean -y && \
+    tar -czf /usr/share/copyrights.tar.gz /usr/share/common-licenses /usr/share/doc/*/copyright && \
+    rm -rf \
+        /usr/share/doc \
+        /usr/share/man \
+        /usr/share/info \
+        /usr/share/locale \
+        /var/lib/apt/lists/* \
+        /var/log/* \
+        /var/cache/debconf/* \
+        /usr/share/common-licenses* \
+        ~/.bashrc \
+        /etc/systemd \
+        /lib/lsb \
+        /lib/udev \
+        /usr/lib/x86_64-linux-gnu/gconv/IBM* \
+        /usr/lib/x86_64-linux-gnu/gconv/EBC* && \
+    mkdir -p /usr/share/man/man1 /usr/share/man/man2 \
+        /usr/share/man/man3 /usr/share/man/man4 \
+        /usr/share/man/man5 /usr/share/man/man6 \
+        /usr/share/man/man7 /usr/share/man/man8