Skip to content

Commit

Permalink
refactor: use ubi9 for Dockerfile & run stage in Dockerfile.aarch64
Browse files Browse the repository at this point in the history
  • Loading branch information
KevFan committed Jan 5, 2024
1 parent 80475b3 commit ea032a9
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 9 deletions.
12 changes: 6 additions & 6 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,19 @@
# Build Stage
# ------------------------------------------------------------------------------

FROM registry.access.redhat.com/ubi8/ubi:8.7 as limitador-build
FROM registry.access.redhat.com/ubi9/ubi:9.2 as limitador-build
ENV CARGO_NET_GIT_FETCH_WITH_CLI=true

ARG RUSTC_VERSION=1.72.0

# the powertools repo is required for protobuf-c and protobuf-devel
RUN dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install \
http://mirror.centos.org/centos/8-stream/BaseOS/`arch`/os/Packages/centos-gpg-keys-8-6.el8.noarch.rpm \
http://mirror.centos.org/centos/8-stream/BaseOS/`arch`/os/Packages/centos-stream-repos-8-6.el8.noarch.rpm \
https://mirror.stream.centos.org/9-stream/BaseOS/`arch`/os/Packages/centos-gpg-keys-9.0-23.el9.noarch.rpm \
https://mirror.stream.centos.org/9-stream/BaseOS/`arch`/os/Packages/centos-stream-repos-9.0-23.el9.noarch.rpm \
&& dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install epel-release \
&& dnf config-manager --set-enabled powertools
&& dnf config-manager --set-enabled crb

RUN PKGS="gcc-c++ gcc-toolset-12-binutils-gold openssl-devel protobuf-c protobuf-devel git clang kernel-headers perl-IPC-Cmd" \
RUN PKGS="protobuf-devel git clang perl" \
&& dnf install --nodocs --assumeyes $PKGS \
&& rpm --verify --nogroup --nouser $PKGS \
&& yum -y clean all
Expand All @@ -36,7 +36,7 @@ RUN source $HOME/.cargo/env \
# Run Stage
# ------------------------------------------------------------------------------

FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2

# shadow-utils is required for `useradd`
RUN PKGS="libgcc libstdc++ shadow-utils" \
Expand Down
22 changes: 19 additions & 3 deletions Dockerfile.aarch64
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@
# Build Stage cross compiling
# ------------------------------------------------------------------------------

FROM --platform=${BUILDPLATFORM} rust:1.72 as limitador-build
# Use bullseye as build image instead of Bookworm as ubi9 does not not have GLIBCXX_3.4.30
# https://access.redhat.com/solutions/6969351
FROM --platform=${BUILDPLATFORM} rust:1.72-bullseye as limitador-build

RUN apt update && apt upgrade -y \
&& apt install -y protobuf-compiler clang g++-aarch64-linux-gnu libc6-dev-arm64-cross
Expand All @@ -17,7 +19,9 @@ ENV GITHUB_SHA=${GITHUB_SHA:-unknown}
ENV RUSTFLAGS="-C target-feature=-crt-static" \
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc \
CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc \
CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++
CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++ \
# https://github.com/rust-lang/rust-bindgen/issues/1229
BINDGEN_EXTRA_CLANG_ARGS="--sysroot=/usr/aarch64-linux-gnu"

COPY . .

Expand All @@ -27,12 +31,24 @@ RUN cargo build --release --target aarch64-unknown-linux-gnu
# Run Stage
# ------------------------------------------------------------------------------

FROM --platform=$TARGETPLATFORM gcr.io/distroless/cc-debian12
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2

# shadow-utils is required for `useradd`
RUN PKGS="libgcc libstdc++ shadow-utils" \
&& microdnf --assumeyes install --nodocs $PKGS \
&& rpm --verify --nogroup --nouser $PKGS \
&& microdnf -y clean all
RUN useradd -u 1000 -s /bin/sh -m -d /home/limitador limitador

WORKDIR /home/limitador/bin/
ENV PATH="/home/limitador/bin:${PATH}"

COPY --from=limitador-build /usr/src/limitador/limitador-server/examples/limits.yaml ../
COPY --from=limitador-build /usr/src/limitador/target/aarch64-unknown-linux-gnu/release/limitador-server ./limitador-server

RUN chown -R limitador:root /home/limitador \
&& chmod -R 750 /home/limitador

USER limitador

CMD ["limitador-server"]

0 comments on commit ea032a9

Please sign in to comment.