Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Align docker images used in multi-stage builds #423

Open
jvidalallende opened this issue Apr 13, 2023 · 3 comments
Open

Align docker images used in multi-stage builds #423

jvidalallende opened this issue Apr 13, 2023 · 3 comments

Comments

@jvidalallende
Copy link

According to https://github.com/netobserv/flowlogs-pipeline/blob/main/contrib/docker/Dockerfile, this multi-stage docker build is using the golang image to build the binary (which is based on Debian bullseye), and ubi9-minimal as runtime.

When building golang binaries, if the net or os/user (among others) are part of the build, either direcly or indirectly, the resulting binary is dynamically linked. You can verify that by running ldd <binary>.

Since the resulting binary depends on the builders's libc, this can be an issue if there is a version mismatch on the runtime's libc. This has already been seen when using ubi8-minimal as runtime for binaries built on golang:1.19.

To prevent this from happenning, the suggestion is to use a RHEL9-based distribution as builder. You can easily get the same build environment as in the golang:1.19 image from a ubi9-minimal image:

FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1 AS builder

ARG GO_VERSION

RUN microdnf install -y --nodocs --setopt=install_weak_deps=0 --disableplugin=subscription-manager \
        make git gcc tar jq which findutils\
    && microdnf clean all --disableplugin=subscription-manager

RUN curl -fsSL https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz | tar -C /usr/local -xz \
    && ln -s /usr/local/go/bin/go /usr/bin/go \
    && ln -s /usr/local/go/bin/gofmt /usr/bin/gofmt

This expects a build argument GO_VERSION to be passed to the image (e.g. docker build -b 'GO_VERSION=1.19.8'...). This should allow you to easily get updates on newer language versions.

If the builder image does not change frequently, you may consider pushing it to some registry and afterwards pull it on builds to save some build time.

@github-actions
Copy link

Congratulations for contributing your first flowlogs-pipeline issue

@jvidalallende
Copy link
Author

cc @eranra @KalmanMeth

@eranra
Copy link
Collaborator

eranra commented Apr 13, 2023

also cc: @jotak @jpinsonneau @OlivierCazade

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants