Hello - I’ve got a flake that uses buildImage() to create a php image using an Alpine base.
{
description = "php Flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, flake-utils, ... }:
flake-utils.lib.eachDefaultSystem (system:
let
tag = "latest";
registry = "registry.gitlab.com/delta-defense/platform-engineering/images";
phpImageName = "php8.2";
pkgs = import nixpkgs { inherit system; };
alpine = pkgs.dockerTools.pullImage {
imageName = "alpine";
imageDigest = "sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45"; # "sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48";
sha256 = "sha256-Kk+Fdk1HRzYnffFY0TxH0mvDRv9Sd8jP8ytMeexFLLo="; # "sha256-rzi0H4TukYvULJoXhQf6Hg5/CCh9Ssi0J32kQoMPMSI=";
finalImageName = "alpine";
finalImageTag = "3.21.0";
os = "linux";
arch = "amd64";
};
appRoot = "app";
webRoot = "app/www";
phpUser = "www-data";
fpmPort = "9000";
fpmLogLimit = "4096";
services.phpfpm.phpOptions = ''
display_errors = on;
error_log = /proc/self/fd/2;
log_limit = ${fpmLogLimit};
log_level = error;
'';
phpExtensions = pkgs.php82Extensions;
phpPackages = pkgs.php82Packages;
php82AndExtensions = (pkgs.php82.buildEnv {
extensions = ({ enabled, all }: enabled ++ (with all; [
phpExtensions.datadog_trace
phpExtensions.redis
]));
extraConfig = services.phpfpm.phpOptions ;
});
phpInitScript = pkgs.writeText "php_init.sh" ''
#!/bin/bash
phpdir=$(find /nix/store/*php*/var/log -type d | grep -v extensions)
mkdir -p /var/log/php82
ln -fs $phpdir/php-fpm.log /var/log/php-fpm.log
sed -i -r -e 's/;opcache.enable=(.+)$/opcache.enable=1/g' ${php82AndExtensions}/etc/php.ini
sed -i -r -e 's/;opcache.enable=(.+)$/opcache.enable=1/g' $phpdir/../../etc/php.ini
'';
dockerImage_php82 = pkgs.dockerTools.buildImage {
name = "${registry}/${phpImageName}";
tag = "${tag}";
fromImage = alpine;
copyToRoot = pkgs.buildEnv {
name = "image-root";
paths = with pkgs; [ bash curl wget libgcc tzdata musl coreutils ]
++ [ php82AndExtensions "php_init.sh" ];
pathsToLink = [ "/bin" ];
};
extraCommands = ''
#!${pkgs.bash}/bin/bash
mkdir -p ${webRoot} run etc/php82 etc/ld.so.conf.d
ln -snf /${pkgs.tzdata}/share/zoneinfo/$TZ etc/localtime
echo $TZ > etc/timezone
echo "${phpUser}:x:1111:82:${phpUser}:/${appRoot}:/usr/sbin/nologin" >>etc/passwd
echo "include /etc/ld.so.conf.d/*.conf" > etc/ld.so.conf
cp ${phpInitScript} ./php_init.sh
chmod +x ./php_init.sh
sed -r -e 's|;error_log =(.+)$|error_log = /proc/self/fd/2|g' \
-e 's/;log_limit =(.+)$/log_limit = ${fpmLogLimit}/g' \
-e 's/;log_level =(.+)$/log_level = error/g' \${php82AndExtensions}/etc/php-fpm.conf.default > ./php-fpm.conf
'';
config = {
Cmd = [ "/bin/bash" "-c" "/php_init.sh && /bin/php-fpm -F -e --fpm-config /php-fpm.conf --fpm-config /etc/php82/fpm.www.conf" ];
WorkingDir = "/${appRoot}" ;
};
};
in {
packages = {
php82 = dockerImage_php82;
defaultPackage = dockerImage_php82;
});
}
On the surface, and when I run it using docker run
, it outputs stderr to my terminal.
The issue that I’m having is when I deploy it into kubernetes using our helm chart, /proc/1/fd/2 gets linked to /nix/store/kh0dx5qpv9nnwlkvp57jnnyv0ajy7mvg-php-8.2.27/var/log/php-fpm.log
instead of the pipe for output to the kubernetes system.
bash-5.2# ls -l /proc/1/fd/
total 0
lrwx------ 1 0 root 64 Jan 7 14:45 0 -> /dev/null
lrwx------ 1 0 root 64 Jan 7 14:45 1 -> /dev/null
lr-x------ 1 0 root 64 Jan 7 15:06 10 -> 'pipe:[714476382]'
lr-x------ 1 0 root 64 Jan 7 15:06 11 -> 'pipe:[714476384]'
lr-x------ 1 0 root 64 Jan 7 15:06 12 -> 'pipe:[714476383]'
lr-x------ 1 0 root 64 Jan 7 15:06 14 -> 'pipe:[714476385]'
l-wx------ 1 0 root 64 Jan 7 14:45 2 -> /nix/store/kh0dx5qpv9nnwlkvp57jnnyv0ajy7mvg-php-8.2.27/var/log/php-fpm.log
lrwx------ 1 0 root 64 Jan 7 14:45 3 -> '/tmp/.ZendSem.7MX6PJ (deleted)'
l-wx------ 1 0 root 64 Jan 7 14:45 4 -> 'pipe:[714476323]'
l-wx------ 1 0 root 64 Jan 7 14:45 5 -> /nix/store/kh0dx5qpv9nnwlkvp57jnnyv0ajy7mvg-php-8.2.27/var/log/php-fpm.log
lrwx------ 1 0 root 64 Jan 7 14:45 6 -> 'socket:[714476379]'
lrwx------ 1 0 root 64 Jan 7 14:45 7 -> 'socket:[714476380]'
lrwx------ 1 0 root 64 Jan 7 14:45 8 -> 'socket:[714476381]'
lrwx------ 1 0 root 64 Jan 7 14:45 9 -> 'anon_inode:[eventpoll]'
bash-5.2#
I’m not 100% sure this is an issue with the nix php82 package, or something in kubernetes, but I’ve not run into this with any other containers we use (several of which are also built on alpine and extended with nix via buildImage)
Any assistance would be greatly appreciated as I’m at wits end here!