Thank you for the response. I have seen this guide and this guide does not help me to install agent on NGINX Ingress Controller. My goal is to install agent on NGINX Ingress controller container on Kubernetes cluster.
Here is guide for installation in container environment:
https://docs.nginx.com/nginx-management-suite/nginx-agent/nginx-agent-in-container/
I manage to install it using base image of ingress controller, but I need to run it in unprivileged mode. Here is Dokerfile I created for creating image with agent installed on it:
FROM nginx-plus-repository.bhtelecom.ba/nginx-ic-nap-dos/nginx-plus-ingress:3.2.0
USER 0
RUN apt-get update \
&& apt-get install curl \
&& apt-get install -y gpg \
&& curl --insecure https://172.30.20.70/install/nginx-agent | sh
RUN sed -i '/user nginx;/d' /etc/nginx/nginx.conf \
&& sed -i 's,/var/lib/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \
&& sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/ngi>
&& chown -R nginx:nginx /var/cache/nginx \
&& chmod -R go+rw /var/cache/nginx \
&& chown -R nginx:nginx /etc/nginx \
&& chmod -R go+rw /etc/nginx \
&& chown -R nginx:nginx /var/log/nginx \
&& chmod -R go+rw /var/log/nginx \
&& chown -R nginx:nginx /var/run/nginx-agent \
&& chmod -R go+w /var/run/nginx-agent \
&& ln -sf /dev/stdout /var/log/nginx-agent/agent.log
RUN mkdir scripts
COPY commands.sh /scripts/commands.sh
RUN ["chmod", "+x", "/scripts/commands.sh"]
ENTRYPOINT ["/scripts/commands.sh"]
Here is command.sh:
#!/bin/bash
nginx-agent &
/nginx-ingress -nginx-plus -nginx-configmaps=$POD_NAMESPACE/nginx-plus-config --ingress-class=nginx-plus-ic -default-server-tls-secret=$POD_NAMESPACE/nginx-plus-default-server-cert -enable-cert-manager -enable-app-protect -enable-app-pr>
Nginx agent is not starting because nginx user with ID 101 and I get following error:
"Unable to load properties from config files (/etc/nginx-agent/nginx-agent.conf, /var/lib/nginx-agent/agent-dynamic.conf) - error loading config file /etc/nginx-agent/nginx-agent.conf: open /etc/nginx-agent/nginx-agent.conf: permission denied"
It looks like chown command is not taking effect in Dockerfile.
Did anyone have any experience installing agent on NGINX Ingress controller to manage AppProtect WAF from Management Suite Instance Manager?
Thank you and kind regards,
Ajdin