feat: build ubi images (#654)

* chore: add ubi Dockerfiles

Signed-off-by: Dominik Rosiek <[email protected]>

* chore: update Makefiles and github actions

Signed-off-by: Dominik Rosiek <[email protected]>

* test

Signed-off-by: Dominik Rosiek <[email protected]>

* Update .github/workflows/dev_builds.yml

---------

Signed-off-by: Dominik Rosiek <[email protected]>

.github/workflows/dev_builds.yml

@@ -39,9 +39,15 @@ jobs:
       - name: Build and push tailing sidecar multiplatform image
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./sidecar/fluentbit
+      - name: Build and push tailing sidecar ubi image
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./sidecar/fluentbit
       - name: Push tailing sidecar image with latest tag
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE }}:${{ env.LATEST_TAG }}
         working-directory: ./sidecar/fluentbit
+      - name: Push tailing sidecar ubi image with latest tag
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE }}:${{ env.LATEST_TAG }}
+        working-directory: ./sidecar/fluentbit
       - name: Log in to AWS Public ECR to publish tailing sidecar image
         run: make login-ecr
         env:
@@ -50,9 +56,16 @@ jobs:
       - name: Build and push to ECR tailing sidecar multiplatform image
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./sidecar/fluentbit
+      - name: Build and push to ECR tailing sidecar ubi image
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./sidecar/fluentbit
       - name: Push tailing sidecar image with latest tag to ECR
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
         working-directory: ./sidecar/fluentbit
+      - name: Push tailing sidecar ubi image with latest tag to ECR
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
+        working-directory: ./sidecar/fluentbit
+
 
   build-otelcol-sidecar:
     runs-on: ubuntu-20.04
@@ -117,9 +130,15 @@ jobs:
       - name: Build and push tailing sidecar operator multiplatform image
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./operator
+      - name: Build and push tailing sidecar operator ubi image
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./operator
       - name: Push tailing sidecar operator image with latest tag
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE }}:${{ env.LATEST_TAG }}
         working-directory: ./operator
+      - name: Push tailing sidecar operator ubi image with latest tag
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE }}:${{ env.LATEST_TAG }}
+        working-directory: ./operator
       - name: Log in to AWS Public ECR to publish tailing sidecar operator image
         run: make login-ecr
         env:
@@ -128,9 +147,15 @@ jobs:
       - name: Build and push to ECR tailing sidecar operator multiplatform image
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./operator
+      - name: Build and push to ECR tailing sidecar operator ubi image
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./operator
       - name: Push tailing sidecar operator image with latest tag to ECR
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
         working-directory: ./operator
+      - name: Push tailing sidecar operator ubi image with latest tag to ECR
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
+        working-directory: ./operator
 
   push-helm-chart:
     runs-on: ubuntu-20.04

.github/workflows/release_builds.yml

@@ -35,12 +35,18 @@ jobs:
           registry: ghcr.io
           username: USERNAME
           password: ${{ secrets.CR_PAT }}
-      - name: Push tailing sidecar image
+      - name: Build and push tailing sidecar multiplatform image
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./sidecar/fluentbit
+      - name: Build and push tailing sidecar ubi image
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./sidecar/fluentbit
       - name: Push tailing sidecar image with latest tag
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE }}:${{ env.LATEST_TAG }}
         working-directory: ./sidecar/fluentbit
+      - name: Push tailing sidecar ubi image with latest tag
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE }}:${{ env.LATEST_TAG }}
+        working-directory: ./sidecar/fluentbit
       - name: Log in to AWS Public ECR to publish tailing sidecar image
         run: make login-ecr
         env:
@@ -49,9 +55,15 @@ jobs:
       - name: Build and push to ECR tailing sidecar multiplatform image
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./sidecar/fluentbit
+      - name: Build and push to ECR tailing sidecar ubi image
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./sidecar/fluentbit
       - name: Push tailing sidecar image with latest tag to ECR
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
         working-directory: ./sidecar/fluentbit
+      - name: Push tailing sidecar ubi image with latest tag to ECR
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
+        working-directory: ./sidecar/fluentbit
 
   build-operator:
     runs-on: ubuntu-20.04
@@ -81,9 +93,15 @@ jobs:
       - name: Build and push tailing sidecar operator multiplatform image
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./operator
+      - name: Build and push tailing sidecar operator ubi image
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./operator
       - name: Push tailing sidecar operator image with latest tag
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE }}:${{ env.LATEST_TAG }}
         working-directory: ./operator
+      - name: Push tailing sidecar operator ubi image with latest tag
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE }}:${{ env.LATEST_TAG }}
+        working-directory: ./operator
       - name: Log in to AWS Public ECR to publish tailing sidecar operator image
         run: make login-ecr
         env:
@@ -92,9 +110,15 @@ jobs:
       - name: Build and push to ECR tailing sidecar operator multiplatform image
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./operator
+      - name: Build and push to ECR tailing sidecar operator ubi image
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./operator
       - name: Push tailing sidecar operator image with latest tag to ECR
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
         working-directory: ./operator
+      - name: Push tailing sidecar operator ubi image with latest tag to ECR
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
+        working-directory: ./operator
 
   push-helm-chart:
     runs-on: ubuntu-20.04

operator/Dockerfile.ubi

@@ -0,0 +1,41 @@
+# Build the manager binary
+FROM golang:1.21.3 as builder
+
+WORKDIR /workspace
+
+# Copy the go source
+COPY go.mod go.sum ./
+
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+COPY . .
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go config.go
+
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.6
+
+ARG VERSION=${VERSION}
+ARG RELEASE_NUMBER=${RELEASE_NUMBER}
+
+ENV SUMMARY="UBI based Tailing Sidecar Operator" \
+    DESCRIPTION="Tailing Sidecar Operator adds streaming sidecar containers which use tailing sidecar image to Pods."
+
+LABEL name="Tailing Sidecar Operator" \
+      maintainer="[email protected]" \
+      vendor="Sumo Logic" \
+      version=${VERSION} \
+      release=${RELEASE_NUMBER} \
+      summary="$SUMMARY" \
+      description="$DESCRIPTION" \
+      io.k8s.description="$DESCRIPTION"
+
+ADD https://raw.githubusercontent.com/SumoLogic/tailing-sidecar/release-v0.3/LICENSE /licenses/LICENSE
+
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER nonroot:nonroot
+
+ENTRYPOINT ["/manager"]

operator/Makefile

@@ -13,6 +13,7 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 
 # Image URL to use all building/pushing image targets
 IMG ?= localhost:32000/sumologic/tailing-sidecar-operator:latest
+DOCKERFILE ?= Dockerfile
 
 # Image URL for tailing sidecar
 TAILING_SIDECAR_IMG ?= localhost:32000/sumologic/tailing-sidecar:latest
@@ -174,7 +175,7 @@ generate: controller-gen
 
 # Build the docker image
 docker-build:
-	docker build . -t ${IMG}
+	docker build . -f ${DOCKERFILE} -t ${IMG}
 
 # Push the docker image
 docker-push:
@@ -187,6 +188,10 @@ build-push-multiplatform:
 		--tag ${IMG} \
 		.
 
+build-push-ubi:
+	$(MAKE) docker-build DOCKERFILE=${DOCKERFILE}.ubi IMG=${IMG}-ubi
+	$(MAKE) docker-push DOCKERFILE=${DOCKERFILE}.ubi IMG=${IMG}-ubi
+
 # find or download controller-gen
 # download controller-gen if necessary
 controller-gen:

sidecar/fluentbit/Dockerfile.ubi

@@ -0,0 +1,39 @@
+FROM golang:1.20.7 as go-builder
+RUN mkdir /build
+ADD ./out_gstdout /build/
+WORKDIR /build
+RUN make all
+
+# ToDo: build and use the latest fluent-bit image
+FROM public.ecr.aws/sumologic/fluent-bit:1.6.10-sumo-2-ubi
+
+ARG VERSION=${VERSION}
+ARG RELEASE_NUMBER=${RELEASE_NUMBER}
+
+ENV SUMMARY="UBI based Tailing Sidecar" \
+    DESCRIPTION="Tailing sidecar is a streaming sidecar container which can be used with Tailing Sidecar Operator."
+
+LABEL name="Tailing Sidecar" \
+      maintainer="[email protected]" \
+      vendor="Sumo Logic" \
+      version=${VERSION} \
+      release=${RELEASE_NUMBER} \
+      summary="$SUMMARY" \
+      description="$DESCRIPTION" \
+      io.k8s.description="$DESCRIPTION"
+
+ADD https://raw.githubusercontent.com/SumoLogic/tailing-sidecar/release-v0.3/LICENSE /licenses/LICENSE
+
+ENV LOG_LEVEL=warning
+
+COPY --from=go-builder \
+  /build/out_gstdout.so \
+  /tailing-sidecar/lib/
+
+COPY conf/fluent-bit.conf \
+  conf/plugins.conf \
+  /fluent-bit/etc/
+
+USER nobody
+
+CMD ["/fluent-bit/bin/fluent-bit", "-c", "/fluent-bit/etc/fluent-bit.conf", "--quiet"]

sidecar/fluentbit/Makefile

@@ -8,11 +8,12 @@ mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST)))
 root_dir := $(dir $(abspath $(mkfile_path)/..))
 
 TAG ?= "localhost:32000/sumologic/tailing-sidecar:latest"
+DOCKERFILE ?= Dockerfile
 
 all: build push
 
 build:
-	docker build --tag $(TAG) --file Dockerfile .
+	docker build --tag $(TAG) --file ${DOCKERFILE} .
 
 build-test-image: build
 
@@ -30,6 +31,10 @@ build-push-multiplatform:
 		--tag ${TAG} \
 		.
 
+build-push-ubi:
+	$(MAKE) build DOCKERFILE=${DOCKERFILE}.ubi TAG=${TAG}-ubi
+	$(MAKE) push DOCKERFILE=${DOCKERFILE}.ubi TAG=${TAG}-ubi
+
 push:
 	docker push $(TAG)