apm-server icon indicating copy to clipboard operation
apm-server copied to clipboard
verified publisher icon elastic

build and push Docker image based on Chainguard base image

Open v1v opened this issue 1 year ago • 2 comments

Motivation/summary

Release two flavours of Docker images:

Please note that we are going to preserve the current Dockerfile, so that users will still be able to build their own custom images based on ubuntu: this is needed because docker.elastic.co/wolfi/* is not a public base image, so docker build would fail for unauthenticated users.

Implementation details

I changed the Makefiles to support different Dockerfiles when running the docker build generation. I added a tag for helping testing this in GitHub actions and then be able to push the docker images to an internal docker registry. I fixed some warning regarding missing files when running the go build in the docker.

Checklist

For functional changes, consider:

  • Is it observable through the addition of either logging or metrics?
  • Is its use being published in telemetry to enable product improvement?
  • Have system tests been added to avoid regression?

How to test these changes

CI

Will create the docker images automatically when working on a feature branch or main/releases

docker images docker.elastic.co/observability-ci/apm-server-internal
REPOSITORY                                               TAG                     IMAGE ID       CREATED          SIZE
docker.elastic.co/observability-ci/apm-server-internal   8.15.0-SNAPSHOT-wolfi   dce4529d1383   11 minutes ago   126MB
docker.elastic.co/observability-ci/apm-server-internal   8.15.0-SNAPSHOT         d2e84aceb911   12 minutes ago   209MB

Locally

$ make package-snapshot

TBC what kind of tests should be done and how.

Related issues

https://github.com/elastic/apm-server/pull/13139 will help with testing these changes in Buildkite without the need to be merged. https://github.com/elastic/apm-server/pull/12671 is also another in-progress task

v1v avatar May 10 '24 09:05 v1v

we should use chainguard static image as apm-server is a static go binary now

Would you agree that changing this PR to support a vanilla Dockerfile.<TBD> will be enough? - as long as, the Dockerfile.<TBD> is implemented in https://github.com/elastic/apm-server/pull/12671

.<TBD> -> can be chainguard, minimal, static ... To Be Defined

Changes will be about:

  • Validating docker image generation on GitHub actions
  • Supporting docker image generate in Buildkite.
  • Supporting conditional docker generation - to avoid external contributors having failures because docker base images are not available by default.

v1v avatar May 15 '24 07:05 v1v

Would you agree that changing this PR to support a vanilla Dockerfile.<TBD> will be enough? - as long as, the Dockerfile.<TBD> is implemented in https://github.com/elastic/apm-server/pull/12671

That works :smile:

kruskall avatar May 17 '24 03:05 kruskall

I think I need to enable some docker login in Buildkite... (I'll disable the docker generation for Buildkite for the time being) while I work on that in a separated PR, sorry @kruskall , I need your review in 1 minutes

https://github.com/elastic/apm-server/pull/13137/commits/0db7be14ed651f69063df8e2a65464fed710003a is the one disabling it

v1v avatar May 23 '24 16:05 v1v

@v1v can you sign the commits ?

kruskall avatar May 24 '24 12:05 kruskall