From f84820633be0609abb0adb4ba32af556a9dfaaf6 Mon Sep 17 00:00:00 2001 From: KevFan Date: Fri, 20 Oct 2023 11:33:37 +0100 Subject: [PATCH] dockerfile: use ubi9 as image --- Dockerfile | 12 ++++++------ Dockerfile.aarch64 | 30 +++++++++++++++++++++++++++--- 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 853a113a..7bbb489d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,19 +2,19 @@ # Build Stage # ------------------------------------------------------------------------------ -FROM --platform=${BUILDPLATFORM} registry.access.redhat.com/ubi8/ubi:8.7 as limitador-build +FROM registry.access.redhat.com/ubi9/ubi:9.2 as limitador-build ENV CARGO_NET_GIT_FETCH_WITH_CLI=true ARG RUSTC_VERSION=1.72.0 # the powertools repo is required for protobuf-c and protobuf-devel RUN dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install \ - http://mirror.centos.org/centos/8-stream/BaseOS/`arch`/os/Packages/centos-gpg-keys-8-6.el8.noarch.rpm \ - http://mirror.centos.org/centos/8-stream/BaseOS/`arch`/os/Packages/centos-stream-repos-8-6.el8.noarch.rpm \ + https://mirror.stream.centos.org/9-stream/BaseOS/`arch`/os/Packages/centos-gpg-keys-9.0-23.el9.noarch.rpm \ + https://mirror.stream.centos.org/9-stream/BaseOS/`arch`/os/Packages/centos-stream-repos-9.0-23.el9.noarch.rpm \ && dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs install epel-release \ - && dnf config-manager --set-enabled powertools + && dnf config-manager --set-enabled crb -RUN PKGS="gcc-c++ gcc-toolset-12-binutils-gold openssl-devel protobuf-c protobuf-devel git clang kernel-headers perl-IPC-Cmd" \ +RUN PKGS="protobuf-devel git clang perl" \ && dnf install --nodocs --assumeyes $PKGS \ && rpm --verify --nogroup --nouser $PKGS \ && yum -y clean all @@ -36,7 +36,7 @@ RUN source $HOME/.cargo/env \ # Run Stage # ------------------------------------------------------------------------------ -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7 +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2 # shadow-utils is required for `useradd` RUN PKGS="libgcc libstdc++ shadow-utils" \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 3a6d9f94..b56de428 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -2,10 +2,12 @@ # Build Stage cross compiling # ------------------------------------------------------------------------------ -FROM --platform=${BUILDPLATFORM} rust:1.72 as limitador-build +# Use bullseye as build image instead of Bookworm as ubi9 does not not have GLIBCXX_3.4.30 +# https://access.redhat.com/solutions/6969351 +FROM --platform=${BUILDPLATFORM} rust:1.72-bullseye as limitador-build RUN apt update && apt upgrade -y -RUN apt install -y protobuf-compiler clang +RUN apt install -y protobuf-compiler clang gcc RUN apt install -y g++-aarch64-linux-gnu libc6-dev-arm64-cross RUN rustup target add aarch64-unknown-linux-gnu @@ -29,7 +31,24 @@ RUN cargo build --release --target aarch64-unknown-linux-gnu # Run Stage # ------------------------------------------------------------------------------ -FROM gcr.io/distroless/cc-debian12 +#FROM gcr.io/distroless/cc-debian12 +# +#WORKDIR /home/limitador/bin/ +#ENV PATH="/home/limitador/bin:${PATH}" +# +#COPY --from=limitador-build /usr/src/limitador/limitador-server/examples/limits.yaml ../ +#COPY --from=limitador-build /usr/src/limitador/target/aarch64-unknown-linux-gnu/release/limitador-server ./limitador-server +# +#CMD ["limitador-server"] + +FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2 + +# shadow-utils is required for `useradd` +RUN PKGS="libgcc libstdc++ shadow-utils" \ + && microdnf --assumeyes install --nodocs $PKGS \ + && rpm --verify --nogroup --nouser $PKGS \ + && microdnf -y clean all +RUN useradd -u 1000 -s /bin/sh -m -d /home/limitador limitador WORKDIR /home/limitador/bin/ ENV PATH="/home/limitador/bin:${PATH}" @@ -37,4 +56,9 @@ ENV PATH="/home/limitador/bin:${PATH}" COPY --from=limitador-build /usr/src/limitador/limitador-server/examples/limits.yaml ../ COPY --from=limitador-build /usr/src/limitador/target/aarch64-unknown-linux-gnu/release/limitador-server ./limitador-server +RUN chown -R limitador:root /home/limitador \ + && chmod -R 750 /home/limitador + +USER limitador + CMD ["limitador-server"] \ No newline at end of file