From 7824df8f6a04cd2dabf6afcec65152c4b68adc34 Mon Sep 17 00:00:00 2001 From: Peter Yates Date: Wed, 7 Aug 2024 15:48:27 +0100 Subject: [PATCH 1/2] Fix typo in the word 'following' --- source/infrastructure/docker/index.html.md.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/infrastructure/docker/index.html.md.erb b/source/infrastructure/docker/index.html.md.erb index 8df21ad2..fbd343bd 100644 --- a/source/infrastructure/docker/index.html.md.erb +++ b/source/infrastructure/docker/index.html.md.erb @@ -6,7 +6,7 @@ title: Docker Desktop <%= partial('partials/page_toc') %> -the Folowwing information has been put together using; +The following information has been put together using; * Edition Windows 11 Enterprise Version 22H2 Installed on ‎13/‎03/‎2023 OS build 22621.2283 Experience Windows Feature Experience Pack 1000.22662.1000.0 From 78135e7b261043ccacead13026651c62849bcf6c Mon Sep 17 00:00:00 2001 From: Colin Saliceti Date: Thu, 8 Aug 2024 14:36:37 +0100 Subject: [PATCH 2/2] Use unprivileged docker image Release https://github.com/DFE-Digital/terraform-modules/releases/tag/v0.36.0 dropped default container capabilities. It included the CHOWN capability which is required by the nginx image running as root. It caused error: [emerg] chown("/var/cache/nginx/client_temp", 101) failed (1: Operation not permitted) And the pod failed to start. Switch to unprivileged docker image and using a high port to solve the issue. --- Dockerfile | 2 +- terraform/application/.terraform.lock.hcl | 23 +++++++++++++++++++++++ terraform/application/application.tf | 2 +- 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 67bcb635..efd602c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,3 @@ -FROM nginx:1.25.3-alpine3.18-slim +FROM nginxinc/nginx-unprivileged:1.26.1 COPY ./build/ /usr/share/nginx/html diff --git a/terraform/application/.terraform.lock.hcl b/terraform/application/.terraform.lock.hcl index 6fcd3d14..6a2895a0 100644 --- a/terraform/application/.terraform.lock.hcl +++ b/terraform/application/.terraform.lock.hcl @@ -1,6 +1,29 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/eppo/environment" { + version = "1.3.5" + constraints = "1.3.5" + hashes = [ + "h1:1Af95/IhzW16rbX8kSApfrAi8vwc5+7uVbCeyVaGw2E=", + "zh:00e7a6bf7f0f09cc4871d7f4fee2c943ce61c05b9802365a97703d6c2e63e3dc", + "zh:018d92e621177d053ed5c32e8220efa8c019852c4d60cc7539683bac28470d9b", + "zh:12ca5162286b80b7f46bd013ae2007641132d201af12bc6adb872f9a0ff85b7a", + "zh:2991085432bd4dc718aadfb37b2cdb6201ef73a8a0e5661411f46d9ec782e678", + "zh:2a8f6801266f89b816ebfdb441411e53f4cf1e0278e853715fb561946ad5a575", + "zh:8783a8dc846d3e71b38ca470066f506dde8040f149402f0d348e5dca7f012909", + "zh:8bc8f61e496e96c81c46e1aa59bf2155b6acc80db1ea462f2ddd665748fcda7f", + "zh:95fb102fecceb3a5b44dbe9fbe262494a0abdb6805addf1286c5d92cd4b0f779", + "zh:a158837ec561c161d3c47068e30bca341e5e4c7abff7fa72b9522438b85af4ac", + "zh:a738a7b2e953ee8059f9e68d48ae954175d001a5480f29e22d717bee9fd93f7f", + "zh:bac4b3a38eed35c91269cd008ad88862f47be99474de85e9a2efcce6564e0c24", + "zh:cd56a12eef3515fa5a5845d550be2f67989c8e65563e8fa9f5060666c0728a7c", + "zh:e3e895bc8b557b36bfa03f251df429aa0fba068f4c7ef0ed6ac551b7cba9ff86", + "zh:e959a9e826e3c33242bf4492ee12e5f8be023cf2461702c43d1833c4a8516232", + "zh:f41d9d60b205e6d536881e4af7bb9fc85ae90858bfddf695f95fbd68e01e0ad3", + ] +} + provider "registry.terraform.io/hashicorp/azurerm" { version = "3.82.0" constraints = "3.82.0" diff --git a/terraform/application/application.tf b/terraform/application/application.tf index 8742d2d7..e19ea0b3 100644 --- a/terraform/application/application.tf +++ b/terraform/application/application.tf @@ -29,7 +29,7 @@ module "web_application" { cluster_configuration_map = module.cluster_data.configuration_map kubernetes_config_map_name = module.application_configuration.kubernetes_config_map_name kubernetes_secret_name = module.application_configuration.kubernetes_secret_name - web_port = 80 + web_port = 8080 probe_path = "/" docker_image = var.docker_image