Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add wolfi based image #12671

Merged
merged 11 commits into from
Jun 7, 2024
Merged

Conversation

kruskall
Copy link
Member

Motivation/summary

See https://edu.chainguard.dev/chainguard/chainguard-images/reference/static/

Migrate docker base image to cgr.dev/chainguard/static:latest. This Image has a single user nonroot with uid 65532, belonging to gid 65532. The image produced from the make task went from 196Mb to 61Mb.

Remove tini as it's currently included in docker and call the apm-server binary directly in the entrypoint.

Checklist

For functional changes, consider:

  • Is it observable through the addition of either logging or metrics?
  • Is its use being published in telemetry to enable product improvement?
  • Have system tests been added to avoid regression?

How to test these changes

Related issues

Closes #11918
Blocked by #12670

@kruskall kruskall requested a review from a team as a code owner February 16, 2024 23:20
Copy link
Contributor

mergify bot commented Feb 16, 2024

This pull request does not have a backport label. Could you fix it @kruskall? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-7.17 is the label to automatically backport to the 7.17 branch.
  • backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit.

NOTE: backport-skip has been added to this pull request.

@mergify mergify bot added the backport-skip Skip notification from the automated backport with mergify label Feb 16, 2024
@kruskall kruskall marked this pull request as draft February 19, 2024 15:59
Copy link
Contributor

mergify bot commented Apr 15, 2024

This pull request is now in conflicts. Could you fix it @kruskall? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/chainguard-image upstream/feat/chainguard-image
git merge upstream/main
git push upstream feat/chainguard-image

Use chainguard images for base image and building image.
Remove shell script entrypoint and run apm-server directly. We lose the ability
to run other binaries as the entrypoint but that's fine since there are no other
binaries in the image.
Update apm-server config in the builder image since we do not have posix tools in the
static image.
Drop tini since it is now included in docker.
@kruskall kruskall force-pushed the feat/chainguard-image branch from 0029b5c to 1855fdc Compare May 28, 2024 09:29
packaging/docker/Dockerfile.chainguard Outdated Show resolved Hide resolved
packaging/docker/Dockerfile.chainguard Outdated Show resolved Hide resolved
@kruskall
Copy link
Member Author

kruskall commented Jun 4, 2024

Finished running the smoke test on ubuntu, debian, amazon linux 2 and RHEL. They all completed successfully.

@v1v
Copy link
Member

v1v commented Jun 6, 2024

I've just created a feature branch to see if the packaging in the DRA works as expected:

v1v
v1v previously approved these changes Jun 6, 2024
@v1v v1v mentioned this pull request Jun 6, 2024
2 tasks
@kruskall kruskall changed the title feat: replace ubuntu base image with chainguard static feat: add wolfi based image Jun 7, 2024
Copy link
Contributor

@lahsivjar lahsivjar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Minor comment on config file location but I assume the default is relative to the executable.


EXPOSE 8200
ENTRYPOINT ["/usr/share/apm-server/apm-server", "--environment=container"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the default apm-server config file relative?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The config file is copied in the workdir so /usr/share/apm-server

This is the same behaviour as the current ubuntu-based docker image:

COPY --chmod=0644 apm-server.yml ./apm-server.yml

@kruskall kruskall enabled auto-merge (squash) June 7, 2024 16:02
@kruskall kruskall merged commit 24bb6b4 into elastic:main Jun 7, 2024
10 checks passed
@kruskall kruskall deleted the feat/chainguard-image branch June 7, 2024 16:25
v1v added a commit that referenced this pull request Jun 9, 2024
* upstream/main:
  chore: Update .go-version with Golang version 1.22.4 (#13367)
  build(deps): bump github.com/jaegertracing/jaeger from 1.56.0 to 1.57.0 in /systemtest (#13316)
  [updatecli] Bump elastic stack version to 8.15.0-725cdb43 (#13363)
  feat: add wolfi based image (#12671)
  Add Amazon Linux 2023 to the smoke tests (#13358)
  Update apm-data and remap for OTel hostmetrics to elastic metrics (#13196)
  build(deps): bump github.com/elastic/go-elasticsearch/v8 from 8.13.1 to 8.14.0 (#13356)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-skip Skip notification from the automated backport with mergify
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Move away from ubuntu docker base image
3 participants