I have a working openresty with lua-resty-openidc as ingress controller. Now, the nginx.conf is hardcoded in my image, with something like this :
server {
server_name _;
listen 80;
location /OAuth2Client {
access_by_lua_block {
local opts = {
discovery = "/.well-known/openid-configuration",
redirect_uri = "/authorization-code/callback",
client_id = "clientID",
client_secret = "clientSecret",
scope = "openid profile somethingElse",
}
...
}
proxy_pass http://clusterIp/OAuth2Client;
}
}
As Nginx doesn't accept environment variables, is there a simple way to make my nginx.conf configurable, for ex
server {
server_name ${myServerName};
listen ${myServerPort};
location /${specificProjectRoot} {
access_by_lua_block {
local opts = {
discovery = "${oidc-provider-dev-url}/.well-known/openid-configuration",
redirect_uri = "${specificProjectRoot}/authorization-code/callback",
client_id = "${myClientId}",
client_secret = "${myClientSecret}",
scope = "${myScopes}",
}
...
}
proxy_pass http://${myClusterIP}/${specificProjectRoot};
}
}
so that whatever team in whatever namespace could reuse my image and just provide a kubernetes secret containing their specific config for their project ?
You would need to render the nginx.conf from a templated version at runtime (as Juliano's comment mentions). To do this, your Dockerfile could look something like this:
FROM nginx
COPY nginx.conf.template /etc/nginx/
CMD ["/bin/bash", "-c", "envsubst < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf && exec nginx -g 'daemon off;'"]
Notice that it copies nginx.conf.template into your image, this would be your templated config with variables in the form ${MY_SERVER_NAME} where MY_SERVER_NAME is injected into your pod as an environment variable via your Kubernetes manifest, from your configmap or secret or however you prefer.