Make it easier to run in Kubernetes

core/files/entrypoint.sh

@@ -68,5 +68,22 @@ export PHP_SESSION_COOKIE_SAMESITE=${PHP_SESSION_COOKIE_SAMESITE:-Lax}
 export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false}
 export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}
 
-# start supervisord using the main configuration file so we have a socket interface
-/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+if [ -n "$KUBERNETES_SERVICE_HOST" ]; then
+  case "$CONTAINER_NAME" in
+    nginx*)
+      exec /entrypoint_k8s_nginx.sh
+    ;;
+    php*)
+      # Not ideal, but let supervisord manage the workers still
+      mv /etc/supervisor/conf.d/10-supervisor.conf{.k8s,}
+      /usr/bin/supervisord -c /etc/supervisor/supervisord.conf &
+      exec /entrypoint_k8s_fpm.sh
+    ;;
+    cron*)
+      exec /entrypoint_cron.sh
+    ;;
+  esac
+else
+  # start supervisord using the main configuration file so we have a socket interface
+  /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+fi

core/files/entrypoint_cron.sh

@@ -30,6 +30,11 @@ if [[ ! -p /tmp/cronlog ]]; then
     mkfifo -m 777 /tmp/cronlog
 fi
 
+if [ -n "$KUBERNETES_SERVICE_HOST" ]; then
+    tail -f /tmp/cronlog &
+    exec cron -l -f
+fi
+
 # Build another fifo for the cron pipe
 if [[ ! -p /tmp/cronpipe ]]; then
     mkfifo /tmp/cronpipe

core/files/entrypoint_fpm.sh

@@ -28,6 +28,7 @@ change_php_vars() {
         sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):$REDIS_PORT?auth=${ESCAPED}'|" "$FILE"
         sed -i "s/session.sid_length = .*/session.sid_length = 64/" "$FILE"
         sed -i "s/session.use_strict_mode = .*/session.use_strict_mode = 1/" "$FILE"
+        sed -i "s|session.cookie_domain = .*|session.cookie_domain = ${BASE_URL}|" "$FILE"
     done
 
     for FILE in /etc/php/*/fpm/pool.d/www.conf
@@ -57,9 +58,17 @@ change_php_vars() {
             echo "Configure PHP | Disabling 'pm.status_listen'"
             sed -i -E "s/^pm.status_listen =/;pm.status_listen =/" "$FILE"
         fi
+        if [[ -n "$PHP_FPM_SOCK_FILE" ]]; then
+            echo "Configure PHP | Setting 'listen' to ${PHP_FPM_SOCK_FILE}"
+            sed -i "/^listen =/s@=.*@= ${PHP_FPM_SOCK_FILE}@" "$FILE"
+        fi
     done
 }
 
+if [ -n "${BASH_SOURCE[0]}" ]; then
+    return
+fi
+
 echo "Configure PHP | Change PHP values ..." && change_php_vars
 
 echo "Configure PHP | Starting PHP FPM"

core/files/entrypoint_k8s_fpm.sh

@@ -0,0 +1,26 @@
+#!/bin/bash -e
+
+source /entrypoint_nginx.sh
+source /entrypoint_fpm.sh
+
+# Initialize MySQL
+echo "INIT | Initialize MySQL ..." && init_mysql
+
+# Initialize MISP
+echo "INIT | Initialize MISP files and configurations ..." && init_misp_data_files
+echo "INIT | Update MISP app/files directory ..." && update_misp_data_files
+echo "INIT | Enforce MISP permissions ..." && enforce_misp_data_permissions
+
+# Run configure MISP script
+echo "INIT | Configure MISP installation ..."
+/configure_misp.sh
+
+if [[ -x /custom/files/customize_misp.sh ]]; then
+    echo "INIT | Customize MISP installation ..."
+    /custom/files/customize_misp.sh
+fi
+
+echo "Configure PHP | Change PHP values ..." && change_php_vars
+
+echo "Configure PHP | Starting PHP FPM"
+exec /usr/sbin/php-fpm8.2 -R -F

core/files/entrypoint_k8s_nginx.sh

@@ -0,0 +1,11 @@
+#!/bin/bash -e
+
+source /entrypoint_nginx.sh
+
+# Initialize nginx
+echo "INIT | Initialize NGINX ..." && init_nginx
+echo "INIT | Flip NGINX live ..." && flip_nginx true true
+
+# launch nginx as current shell process in container
+exec nginx -g 'daemon off;'
+

core/files/entrypoint_nginx.sh

@@ -210,13 +210,19 @@ flip_nginx() {
     echo "... nginx docroot set to ${NGINX_DOC_ROOT}"
     sed -i "s|root.*var/www.*|root ${NGINX_DOC_ROOT};|" /etc/nginx/includes/misp
 
-    if [[ "$reload" = "true" ]]; then
+    if [[ "$reload" = "true" ]] && [[ -z "$KUBERNETES_SERVICE_HOST" ]]; then
         echo "... nginx reloaded"
         nginx -s reload
     fi
 }
 
 init_nginx() {
+    # Optional location of PHP-FPM sock file
+    if [[ -n "$PHP_FPM_SOCK_FILE" ]]; then
+        echo "... setting 'fastcgi_pass' to unix:${PHP_FPM_SOCK_FILE}"
+        sed -i "s@fastcgi_pass .*;@fastcgi_pass unix:${PHP_FPM_SOCK_FILE};@" /etc/nginx/includes/misp
+    fi
+
     # Adjust timeouts
     echo "... adjusting 'fastcgi_read_timeout' to ${FASTCGI_READ_TIMEOUT}"
     sed -i "s/fastcgi_read_timeout .*;/fastcgi_read_timeout ${FASTCGI_READ_TIMEOUT};/" /etc/nginx/includes/misp
@@ -352,6 +358,9 @@ init_nginx() {
     flip_nginx false false
 }
 
+if [ -n "${BASH_SOURCE[0]}" ]; then
+    return
+fi
 
 # Initialize MySQL
 echo "INIT | Initialize MySQL ..." && init_mysql

core/files/etc/supervisor/conf.d/10-supervisor.conf.k8s

@@ -0,0 +1,12 @@
+[supervisord]
+nodaemon=true
+user=root
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[inet_http_server]
+port=127.0.0.1:9001
+username=supervisor
+password=supervisor