add other needed deps / refactor

.gitignore

+*.tar.gz
\ No newline at end of file

Dockerfile

@@ -10,17 +10,61 @@ USER root
 
 WORKDIR  /etc/nginx
 
+ENV PATH=$PATH:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin
+ENV LUA_PATH="/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;"
+ENV LUA_CPATH="/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;"
+
+COPY musl-1.2.2.tar.gz musl-1.2.2.tar.gz
+COPY mimalloc-2.0.1.tar.gz mimalloc-2.0.1.tar.gz
+
 RUN dnf upgrade -y && \
-    dnf clean all && \
-    rm -rf /var/cache/dnf
+    dnf install -y gcc gcc-c++ make cmake && \
+    usermod -u 101 nginx && \
+    tar -xvf musl-1.2.2.tar.gz && \
+    cd musl-1.2.2 && \
+    ./configure && \
+    make && \ 
+    make install && \
+    ln -s /usr/lib64/libc.so.6 /usr/lib64/libc.musl-x86_64.so.1 && \
+    mkdir -p out/release && \
+    cd out/release && \
+    tar -xvf mimalloc-2.0.1.tar.gz && \
+    cd mimalloc-2.0.1 && \
+    cmake ./ && \
+    make && \
+    cp libmimalloc.so /usr/lib64/libmimalloc.so && \
+    ln -s /usr/lib64/libmimalloc.so /usr/local/lib/libmimalloc.so && \
+    dnf remove -y gcc gcc-c++ make cmake && \
+    rm -rf /etc/nginx && \
+    rm -rf /sbin/nginx
 
+COPY --from=base --chown=nginx:nginx /sbin/nginx /sbin/nginx
+COPY --from=base --chown=nginx:nginx /usr/local/lib/lua /usr/local/lib/lua
+COPY --from=base --chown=nginx:nginx /usr/local/share/lua /usr/local/share/lua
+COPY --from=base --chown=nginx:nginx /usr/local/share/luajit-2.1.0-beta3 /usr/local/share/luajit-2.1.0-beta3
+COPY --from=base --chown=nginx:nginx /usr/local/lib/libluajit-5.1.so.2 /usr/local/lib/libluajit-5.1.so.2
+COPY --from=base --chown=nginx:nginx /usr/lib/libpcre.so.1 /usr/lib/libpcre.so.1
+COPY --from=base --chown=nginx:nginx /lib/libssl.so.1.1 /lib/libssl.so.1.1
+COPY --from=base --chown=nginx:nginx /lib/libcrypto.so.1.1 /lib/libcrypto.so.1.1
+COPY --from=base --chown=nginx:nginx /lib/libz.so.1 /lib/libz.so.1
+COPY --from=base --chown=nginx:nginx /usr/lib/libGeoIP.so.1 /usr/lib/libGeoIP.so.1
+COPY --from=base --chown=nginx:nginx /usr/lib/libgcc_s.so.1 /usr/lib/libgcc_s.so.1
 COPY --from=base --chown=nginx:nginx /etc/ingress-controller /etc/ingress-controller
+COPY --from=base --chown=nginx:nginx /etc/nginx /etc/nginx/
 COPY --from=base --chown=nginx:nginx /ingress-controller /ingress-controller
 COPY --from=base --chown=nginx:nginx /dbg /dbg
 COPY --from=base --chown=nginx:nginx /nginx-ingress-controller /nginx-ingress-controller
 COPY --from=base --chown=nginx:nginx /wait-shutdown /wait-shutdown
 COPY --from=base --chown=nginx:nginx /usr/bin/dumb-init /usr/bin/dumb-init
 
+RUN mkdir -p /usr/local/nginx/sbin && \
+    ln -s /sbin/nginx /usr/local/nginx/sbin/nginx && \
+    ln -s /usr/lib/libc.so.6 /usr/lib/libc.musl-x86_64.so.1 && \
+    chown --from=998:nginx nginx:nginx * -R && \
+    chown -R nginx:nginx /etc/nginx && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf /etc/nginx/*.tar.gz /etc/nginx/out
+
 USER nginx
 
 HEALTHCHECK --start-period=60s CMD /nginx-ingress-controller --version

hardening_manifest.yaml

@@ -34,6 +34,17 @@ labels:
 resources:
 - tag: k8s.gcr.io/ingress-nginx/controller:v0.47.0
   url: docker://k8s.gcr.io/ingress-nginx/controller@sha256:a1e4efc107be0bb78f32eaec37bef17d7a0c81bec8066cdf2572508d21351d0b
+- filename: musl-1.2.2.tar.gz
+  url: https://musl.libc.org/releases/musl-1.2.2.tar.gz
+  validation:
+    type: sha256
+    value: 9b969322012d796dc23dda27a35866034fa67d8fb67e0e2c45c913c3d43219dd
+- filename: mimalloc-2.0.1.tar.gz
+  url: https://github.com/microsoft/mimalloc/archive/refs/tags/v2.0.1.tar.gz
+  validation:
+    type: sha256
+    value: a25c096dbd100b5f872bf458c080ebe539dbb8275c76e44e1f02b07341e6ca04
+
 
 # List of project maintainers
 maintainers: