Description
According to https://github.com/netobserv/flowlogs-pipeline/blob/main/contrib/docker/Dockerfile, this multi-stage docker build is using the golang image to build the binary (which is based on Debian bullseye), and ubi9-minimal as runtime.
When building golang binaries, if the net or os/user (among others) are part of the build, either direcly or indirectly, the resulting binary is dynamically linked. You can verify that by running ldd <binary>.
Since the resulting binary depends on the builders's libc, this can be an issue if there is a version mismatch on the runtime's libc. This has already been seen when using ubi8-minimal as runtime for binaries built on golang:1.19.
To prevent this from happenning, the suggestion is to use a RHEL9-based distribution as builder. You can easily get the same build environment as in the golang:1.19 image from a ubi9-minimal image:
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1 AS builder
ARG GO_VERSION
RUN microdnf install -y --nodocs --setopt=install_weak_deps=0 --disableplugin=subscription-manager \
make git gcc tar jq which findutils\
&& microdnf clean all --disableplugin=subscription-manager
RUN curl -fsSL https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz | tar -C /usr/local -xz \
&& ln -s /usr/local/go/bin/go /usr/bin/go \
&& ln -s /usr/local/go/bin/gofmt /usr/bin/gofmt
This expects a build argument GO_VERSION to be passed to the image (e.g. docker build -b 'GO_VERSION=1.19.8'...). This should allow you to easily get updates on newer language versions.
If the builder image does not change frequently, you may consider pushing it to some registry and afterwards pull it on builds to save some build time.