Add Dockerfile and CI for Docker image

Signed-off-by: Anton Engelhardt <[email protected]>

.github/workflows/build.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - why-this-repo
 
 env:
   CARGO_TERM_COLOR: always
@@ -50,3 +51,11 @@ jobs:
         with:
           name: wasm_oidc_plugin.wasm
           path: target/wasm32-wasi/release/wasm_oidc_plugin.wasm
+
+      - name: Create Docker Image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: antonengelhardt/wasm-oidc-plugin:latest

Dockerfile

@@ -0,0 +1,17 @@
+FROM rust:1.75.0 AS builder
+
+COPY src/ src/
+COPY Cargo.toml Cargo.toml
+COPY Cargo.lock Cargo.lock
+
+RUN rustup target add wasm32-wasi
+
+RUN cargo build --target=wasm32-wasi --release
+
+##################################################
+
+FROM envoyproxy/envoy:v1.24-latest
+
+COPY --from=builder /target/wasm32-wasi/release/wasm_oidc_plugin.wasm /etc/envoy/proxy-wasm-plugins/wasm_oidc_plugin.wasm
+
+CMD [ "envoy", "-c", "/etc/envoy/envoy.yaml" ]

README.md

@@ -63,10 +63,13 @@ curl localhost:10000
 
 To deploy the plugin to production, the following steps are needed (either manually or via a [CI/CD pipeline](./k8s/ci.yml)):
 
-1. Build the plugin with `cargo build --target wasm32-wasi --release`. This can be done in a [initContainer](./k8s/deployment.yaml) (see [k8s](./k8s) folder).
-2. Copy the `target/wasm32-wasi/release/wasm_oidc_plugin.wasm` to path `/etc/envoy/proxy-wasm-plugins/` on the server.
-3. Run envoy as a container with the `envoy.yaml` file mounted through the [ConfigMap](./k8s/configmap.yml).
-4. Set up [Service](./k8s/service.yml), [Certificate](./k8s/certificate-production.yml), [Ingress](./k8s/ingress.yml) to expose the Envoy to the internet.
+1. Build the plugin
+
+    1.1 with `cargo build --target wasm32-wasi --release` - this can be done in a [initContainer](./k8s/deployment.yaml) (see [k8s](./k8s) folder) and then copy the binary to the path `/etc/envoy/proxy-wasm-plugins/` in the envoy container.
+
+    1.2 by using the pre-built Docker image [antonengelhardt/wasm-oidc-plugin](https://hub.docker.com/r/antonengelhardt/wasm-oidc-plugin).
+2. Run envoy as a container with the `envoy.yaml` file mounted through the [ConfigMap](./k8s/configmap.yml) as a volume.
+3. Set up [Service](./k8s/service.yml), [Certificate](./k8s/certificate-production.yml), [Ingress](./k8s/ingress.yml) to expose the Envoy to the internet.
 
 For reference, see the [k8s folder](./k8s).
 

k8s/deployment.yaml

@@ -1,3 +1,5 @@
+# Alternative 1: Build Plugin in a initContainer
+
 apiVersion: apps/v1
 kind: Deployment
 
@@ -86,3 +88,66 @@ spec:
                 path: envoy.yaml
 
       restartPolicy: Always
+---
+# Alternative 2: Use Dockerfile
+
+apiVersion: apps/v1
+kind: Deployment
+
+metadata:
+  name:  example-app
+  namespace: example-namespace
+  labels:
+    app: example-app
+
+spec:
+
+  selector:
+    matchLabels:
+      app: example-envoy
+  replicas: 1
+
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+
+  template:
+    metadata:
+      labels:
+        app: example-app
+
+    spec:
+      containers:
+      - name: envoy
+        image: antonengelhardt/wasm-oidc-plugin:latest
+
+        resources:
+          requests:
+            cpu: 1000m
+            memory: 1000Mi
+          limits:
+            cpu: 1000m
+            memory: 1000Mi
+
+        volumeMounts:
+          - name: envoy-config
+            mountPath: /etc/envoy
+
+        ports:
+          - containerPort: 10000
+            name: http
+            protocol: TCP
+
+        command: ["envoy", "-c", "/etc/envoy/envoy.yaml", "--concurrency", "1"]
+
+      volumes:
+        - name: envoy-config
+          configMap:
+            name: example-envoy-config
+            items:
+              - key: envoy.yaml
+                path: envoy.yaml
+
+      restartPolicy: Always