From efe39dc409f34748bc5c482882e51c43f9b65af0 Mon Sep 17 00:00:00 2001 From: ReSearchITEng Date: Sat, 18 Jul 2020 23:50:24 +0300 Subject: [PATCH 1/8] Dockerfile based build on alpine plus create postgres-operator-secure image from scratch --- BUILD.md | 13 +++++++++++++ Dockerfile | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 BUILD.md create mode 100644 Dockerfile diff --git a/BUILD.md b/BUILD.md new file mode 100644 index 000000000..935df748a --- /dev/null +++ b/BUILD.md @@ -0,0 +1,13 @@ +# Developers +[developer docs](docs/developer.md) + +# Build both code and image using Dockerfile +```shell +docker build . +``` + +This solution is ideal when you also want to push to docker hub (docker.io) and share/test your image directly from there. + +Dockerfile builds two versions of the image: one with full alpine os, and a more secure one, from scratch (which is the last one, and the default). + + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..2a498d461 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,54 @@ +# Non-official builder image. It's mainly for automating docker hub builds. +# official Dockerfile resides in docker/, and it's called by Makefile targets. + +########################################################### +### builder imageA ############################### +########################################################### +FROM golang:1.14.6-alpine AS builder + +RUN apk --no-cache add ca-certificates make git && update-ca-certificates +WORKDIR /go/src/github.com/zalando/postgres-operator/ +COPY . . +RUN make linux + +########################################################### +### operator image -> the version with full alpine image ## +########################################################### +## This is optional, only as example. Only last image is used +FROM alpine:3.12.0 as postgres-operator-alpine +MAINTAINER Team ACID @ Zalando +LABEL org.opencontainers.image.authors "Team ACID @ Zalando " +LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.title "zalando/posgress-operator" +LABEL org.opencontainers.image.description "posgress-operator-alpine - full alpine image" +# We need root certificates to deal with teams api over https +RUN apk --no-cache add ca-certificates && update-ca-certificates +COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / +RUN addgroup -g 1000 pgo +RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo +USER 1000:1000 +ENTRYPOINT ["/postgres-operator"] + +################################################################ +### operator image -> the more secure version (from scratch) ### +################################################################ +FROM scratch AS postgres-operator-secure +MAINTAINER Team ACID @ Zalando +LABEL org.opencontainers.image.authors "Team ACID @ Zalando " +LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.title "zalando/posgress-operator" +LABEL org.opencontainers.image.description "posgress-operator-secure from scratch image" + +COPY --from=builder /etc/passwd /etc/group /etc/ + +# We need root certificates to deal with teams api over https +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / + +USER nobody +ENTRYPOINT ["/postgres-operator"] + From 7f1d10d83a06b71dac09768974348ce1e71ff202 Mon Sep 17 00:00:00 2001 From: ReSearchITEng Date: Wed, 22 Jul 2020 22:09:27 +0300 Subject: [PATCH 2/8] code build plus image build - all in docker --- docker/Dockerfile | 52 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 520fd2d07..2a498d461 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,14 +1,54 @@ -FROM alpine -MAINTAINER Team ACID @ Zalando +# Non-official builder image. It's mainly for automating docker hub builds. +# official Dockerfile resides in docker/, and it's called by Makefile targets. -# We need root certificates to deal with teams api over https -RUN apk --no-cache add ca-certificates +########################################################### +### builder imageA ############################### +########################################################### +FROM golang:1.14.6-alpine AS builder -COPY build/* / +RUN apk --no-cache add ca-certificates make git && update-ca-certificates +WORKDIR /go/src/github.com/zalando/postgres-operator/ +COPY . . +RUN make linux +########################################################### +### operator image -> the version with full alpine image ## +########################################################### +## This is optional, only as example. Only last image is used +FROM alpine:3.12.0 as postgres-operator-alpine +MAINTAINER Team ACID @ Zalando +LABEL org.opencontainers.image.authors "Team ACID @ Zalando " +LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.title "zalando/posgress-operator" +LABEL org.opencontainers.image.description "posgress-operator-alpine - full alpine image" +# We need root certificates to deal with teams api over https +RUN apk --no-cache add ca-certificates && update-ca-certificates +COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / RUN addgroup -g 1000 pgo RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo - USER 1000:1000 +ENTRYPOINT ["/postgres-operator"] +################################################################ +### operator image -> the more secure version (from scratch) ### +################################################################ +FROM scratch AS postgres-operator-secure +MAINTAINER Team ACID @ Zalando +LABEL org.opencontainers.image.authors "Team ACID @ Zalando " +LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.title "zalando/posgress-operator" +LABEL org.opencontainers.image.description "posgress-operator-secure from scratch image" + +COPY --from=builder /etc/passwd /etc/group /etc/ + +# We need root certificates to deal with teams api over https +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / + +USER nobody ENTRYPOINT ["/postgres-operator"] + From 9d45f06974a1effc2690c1db81d549fb08f1cb5c Mon Sep 17 00:00:00 2001 From: ReSearchITEng Date: Wed, 22 Jul 2020 22:22:41 +0300 Subject: [PATCH 3/8] Update Dockerfile --- Dockerfile | 106 ++++++++++++++++++++++++++--------------------------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2a498d461..9c566c907 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,54 +1,54 @@ -# Non-official builder image. It's mainly for automating docker hub builds. -# official Dockerfile resides in docker/, and it's called by Makefile targets. - -########################################################### -### builder imageA ############################### -########################################################### -FROM golang:1.14.6-alpine AS builder - -RUN apk --no-cache add ca-certificates make git && update-ca-certificates -WORKDIR /go/src/github.com/zalando/postgres-operator/ -COPY . . -RUN make linux - -########################################################### -### operator image -> the version with full alpine image ## -########################################################### -## This is optional, only as example. Only last image is used -FROM alpine:3.12.0 as postgres-operator-alpine -MAINTAINER Team ACID @ Zalando -LABEL org.opencontainers.image.authors "Team ACID @ Zalando " -LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.title "zalando/posgress-operator" -LABEL org.opencontainers.image.description "posgress-operator-alpine - full alpine image" -# We need root certificates to deal with teams api over https -RUN apk --no-cache add ca-certificates && update-ca-certificates -COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / -RUN addgroup -g 1000 pgo -RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo -USER 1000:1000 -ENTRYPOINT ["/postgres-operator"] - -################################################################ -### operator image -> the more secure version (from scratch) ### -################################################################ -FROM scratch AS postgres-operator-secure -MAINTAINER Team ACID @ Zalando -LABEL org.opencontainers.image.authors "Team ACID @ Zalando " -LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.title "zalando/posgress-operator" -LABEL org.opencontainers.image.description "posgress-operator-secure from scratch image" - -COPY --from=builder /etc/passwd /etc/group /etc/ - -# We need root certificates to deal with teams api over https -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / - -USER nobody -ENTRYPOINT ["/postgres-operator"] +# # Non-official builder image. It's mainly for automating docker hub builds. +# # official Dockerfile resides in docker/, and it's called by Makefile targets. + +# ########################################################### +# ### builder imageA ############################### +# ########################################################### +# FROM golang:1.14.6-alpine AS builder + +# RUN apk --no-cache add ca-certificates make git && update-ca-certificates +# WORKDIR /go/src/github.com/zalando/postgres-operator/ +# COPY . . +# RUN make linux + +# ########################################################### +# ### operator image -> the version with full alpine image ## +# ########################################################### +# ## This is optional, only as example. Only last image is used +# FROM alpine:3.12.0 as postgres-operator-alpine +# MAINTAINER Team ACID @ Zalando +# LABEL org.opencontainers.image.authors "Team ACID @ Zalando " +# LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" +# LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" +# LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" +# LABEL org.opencontainers.image.title "zalando/posgress-operator" +# LABEL org.opencontainers.image.description "posgress-operator-alpine - full alpine image" +# # We need root certificates to deal with teams api over https +# RUN apk --no-cache add ca-certificates && update-ca-certificates +# COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / +# RUN addgroup -g 1000 pgo +# RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo +# USER 1000:1000 +# ENTRYPOINT ["/postgres-operator"] + +# ################################################################ +# ### operator image -> the more secure version (from scratch) ### +# ################################################################ +# FROM scratch AS postgres-operator-secure +# MAINTAINER Team ACID @ Zalando +# LABEL org.opencontainers.image.authors "Team ACID @ Zalando " +# LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" +# LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" +# LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" +# LABEL org.opencontainers.image.title "zalando/posgress-operator" +# LABEL org.opencontainers.image.description "posgress-operator-secure from scratch image" + +# COPY --from=builder /etc/passwd /etc/group /etc/ + +# # We need root certificates to deal with teams api over https +# COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +# COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / + +# USER nobody +# ENTRYPOINT ["/postgres-operator"] From e78c87bfcead025713b746dbccf5afaa764ce68a Mon Sep 17 00:00:00 2001 From: ReSearchITEng Date: Wed, 22 Jul 2020 23:53:49 +0300 Subject: [PATCH 4/8] as requested, move all to docker directory. Add more docs --- BUILD.md | 10 ++----- Dockerfile | 54 ---------------------------------- docker/DebugDockerfile | 30 ++++++++++++++++--- docker/Dockerfile | 26 ++-------------- docker/NoBuildDebugDockerfile | 19 ++++++++++++ docker/NoBuildDockerfile | 15 ++++++++++ docker/NotFromScrachDockerfile | 30 +++++++++++++++++++ docker/README.md | 30 +++++++++++++++++++ docs/developer.md | 7 +++++ 9 files changed, 131 insertions(+), 90 deletions(-) delete mode 100644 Dockerfile create mode 100644 docker/NoBuildDebugDockerfile create mode 100644 docker/NoBuildDockerfile create mode 100644 docker/NotFromScrachDockerfile create mode 100644 docker/README.md diff --git a/BUILD.md b/BUILD.md index 935df748a..3c82d9f38 100644 --- a/BUILD.md +++ b/BUILD.md @@ -1,13 +1,7 @@ # Developers [developer docs](docs/developer.md) -# Build both code and image using Dockerfile -```shell -docker build . -``` - -This solution is ideal when you also want to push to docker hub (docker.io) and share/test your image directly from there. - -Dockerfile builds two versions of the image: one with full alpine os, and a more secure one, from scratch (which is the last one, and the default). +# In docker builds +[docker based builds](docker/README.md) diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 9c566c907..000000000 --- a/Dockerfile +++ /dev/null @@ -1,54 +0,0 @@ -# # Non-official builder image. It's mainly for automating docker hub builds. -# # official Dockerfile resides in docker/, and it's called by Makefile targets. - -# ########################################################### -# ### builder imageA ############################### -# ########################################################### -# FROM golang:1.14.6-alpine AS builder - -# RUN apk --no-cache add ca-certificates make git && update-ca-certificates -# WORKDIR /go/src/github.com/zalando/postgres-operator/ -# COPY . . -# RUN make linux - -# ########################################################### -# ### operator image -> the version with full alpine image ## -# ########################################################### -# ## This is optional, only as example. Only last image is used -# FROM alpine:3.12.0 as postgres-operator-alpine -# MAINTAINER Team ACID @ Zalando -# LABEL org.opencontainers.image.authors "Team ACID @ Zalando " -# LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" -# LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" -# LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" -# LABEL org.opencontainers.image.title "zalando/posgress-operator" -# LABEL org.opencontainers.image.description "posgress-operator-alpine - full alpine image" -# # We need root certificates to deal with teams api over https -# RUN apk --no-cache add ca-certificates && update-ca-certificates -# COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / -# RUN addgroup -g 1000 pgo -# RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo -# USER 1000:1000 -# ENTRYPOINT ["/postgres-operator"] - -# ################################################################ -# ### operator image -> the more secure version (from scratch) ### -# ################################################################ -# FROM scratch AS postgres-operator-secure -# MAINTAINER Team ACID @ Zalando -# LABEL org.opencontainers.image.authors "Team ACID @ Zalando " -# LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" -# LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" -# LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" -# LABEL org.opencontainers.image.title "zalando/posgress-operator" -# LABEL org.opencontainers.image.description "posgress-operator-secure from scratch image" - -# COPY --from=builder /etc/passwd /etc/group /etc/ - -# # We need root certificates to deal with teams api over https -# COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -# COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / - -# USER nobody -# ENTRYPOINT ["/postgres-operator"] - diff --git a/docker/DebugDockerfile b/docker/DebugDockerfile index 0c11fe3b4..ddb3e6648 100644 --- a/docker/DebugDockerfile +++ b/docker/DebugDockerfile @@ -1,19 +1,41 @@ -FROM alpine +########################################################### +### builder image ############################### +########################################################### +FROM golang:1.14.6-alpine AS builder + +RUN apk --no-cache add ca-certificates make git && update-ca-certificates +WORKDIR /go/src/github.com/zalando/postgres-operator/ +COPY . . +RUN make linux + +########################################################### +### operator image -> debug version ################## +########################################################### +FROM golang:1.14.6-alpine AS postgres-operator-debug MAINTAINER Team ACID @ Zalando +LABEL org.opencontainers.image.authors "Team ACID @ Zalando " +LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.title "zalando/posgress-operator" +LABEL org.opencontainers.image.description "posgress-operator-debug" # We need root certificates to deal with teams api over https -RUN apk --no-cache add ca-certificates go git musl-dev +COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / -COPY build/* / +# We need root certificates to deal with teams api over https +RUN apk --no-cache add ca-certificates git musl-dev RUN addgroup -g 1000 pgo RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo RUN go get github.com/derekparker/delve/cmd/dlv -RUN cp /root/go/bin/dlv /dlv +RUN cp /go/bin/dlv /dlv RUN chown -R pgo:pgo /dlv USER pgo:pgo +EXPOSE 7777 RUN ls -l / CMD ["/dlv", "--listen=:7777", "--headless=true", "--api-version=2", "exec", "/postgres-operator"] + diff --git a/docker/Dockerfile b/docker/Dockerfile index 2a498d461..9715f5fe0 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,8 +1,5 @@ -# Non-official builder image. It's mainly for automating docker hub builds. -# official Dockerfile resides in docker/, and it's called by Makefile targets. - ########################################################### -### builder imageA ############################### +### builder image ############################### ########################################################### FROM golang:1.14.6-alpine AS builder @@ -11,26 +8,6 @@ WORKDIR /go/src/github.com/zalando/postgres-operator/ COPY . . RUN make linux -########################################################### -### operator image -> the version with full alpine image ## -########################################################### -## This is optional, only as example. Only last image is used -FROM alpine:3.12.0 as postgres-operator-alpine -MAINTAINER Team ACID @ Zalando -LABEL org.opencontainers.image.authors "Team ACID @ Zalando " -LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.title "zalando/posgress-operator" -LABEL org.opencontainers.image.description "posgress-operator-alpine - full alpine image" -# We need root certificates to deal with teams api over https -RUN apk --no-cache add ca-certificates && update-ca-certificates -COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / -RUN addgroup -g 1000 pgo -RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo -USER 1000:1000 -ENTRYPOINT ["/postgres-operator"] - ################################################################ ### operator image -> the more secure version (from scratch) ### ################################################################ @@ -52,3 +29,4 @@ COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / USER nobody ENTRYPOINT ["/postgres-operator"] + diff --git a/docker/NoBuildDebugDockerfile b/docker/NoBuildDebugDockerfile new file mode 100644 index 000000000..0c11fe3b4 --- /dev/null +++ b/docker/NoBuildDebugDockerfile @@ -0,0 +1,19 @@ +FROM alpine +MAINTAINER Team ACID @ Zalando + +# We need root certificates to deal with teams api over https +RUN apk --no-cache add ca-certificates go git musl-dev + +COPY build/* / + +RUN addgroup -g 1000 pgo +RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo + +RUN go get github.com/derekparker/delve/cmd/dlv +RUN cp /root/go/bin/dlv /dlv +RUN chown -R pgo:pgo /dlv + +USER pgo:pgo +RUN ls -l / + +CMD ["/dlv", "--listen=:7777", "--headless=true", "--api-version=2", "exec", "/postgres-operator"] diff --git a/docker/NoBuildDockerfile b/docker/NoBuildDockerfile new file mode 100644 index 000000000..86d8f187c --- /dev/null +++ b/docker/NoBuildDockerfile @@ -0,0 +1,15 @@ +FROM alpine +MAINTAINER Team ACID @ Zalando + +# We need root certificates to deal with teams api over https +RUN apk --no-cache add ca-certificates + +COPY build/* / + +RUN addgroup -g 1000 pgo +RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo + +USER pgo:pgo + +ENTRYPOINT ["/postgres-operator"] + diff --git a/docker/NotFromScrachDockerfile b/docker/NotFromScrachDockerfile new file mode 100644 index 000000000..e6beabf9d --- /dev/null +++ b/docker/NotFromScrachDockerfile @@ -0,0 +1,30 @@ +########################################################### +### builder image ############################### +########################################################### +FROM golang:1.14.6-alpine AS builder + +RUN apk --no-cache add ca-certificates make git && update-ca-certificates +WORKDIR /go/src/github.com/zalando/postgres-operator/ +COPY . . +RUN make linux + +########################################################### +### operator image -> the version with full alpine image ## +########################################################### +## This is optional, only as example. Only last image is used +FROM alpine:3.12.0 as postgres-operator-alpine +MAINTAINER Team ACID @ Zalando +LABEL org.opencontainers.image.authors "Team ACID @ Zalando " +LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.title "zalando/posgress-operator" +LABEL org.opencontainers.image.description "posgress-operator-alpine - full alpine image" +# We need root certificates to deal with teams api over https +RUN apk --no-cache add ca-certificates && update-ca-certificates +COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / +RUN addgroup -g 1000 pgo +RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo +USER pgo:pgo +ENTRYPOINT ["/postgres-operator"] + diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 000000000..180de03b7 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,30 @@ +# Developers +[developer docs](docs/developer.md) + +[build docs](../BUILD.md) + +# Build both code and image using Dockerfile +Most Dockerfiles both build the code as well as the image. + +# Choose the desired build flavour: +- Dockerfile -> builds more secure version of the image (from scratch instead of basing on alpine) +- DebugDockerfile -> builds a debug version of the image, based on alpine and uses "github.com/derekparker/delve/cmd/dlv". Port :7777 +- NotFromScrachDockerfile -> alpine based image (notFromScratch like in Dockerfile ) +- NoBuildDockerfile -> alpine based image, without the build, it expects binary is build outside. This is the older version of the Dockerfile file. +- NoBuildDebugDockerfile -> alpine based image, without the build, it expects binary is build outside. This is the older version of the DebugDocker file. + +# Command: +```shell +docker build -f docker/Dockerfile . +docker build -f docker/DebugDockerfile . +docker build -f docker/NotFromScrachDockerfile . +``` + +# docker.io +This solution works also when you want to build your fork using docker hub (docker.io) (and share/test your image directly from there). + +For automating docker build. Make sure you pass the context to root of it project. +Same for for docker hub (docker.io) builds: +set the **Dockerfile** column to `docker/DebugDockerfile` and **context** column to `/` + + diff --git a/docs/developer.md b/docs/developer.md index 6e0fc33c8..42641ddbe 100644 --- a/docs/developer.md +++ b/docs/developer.md @@ -3,6 +3,13 @@ Read this guide if you want to debug the operator, fix bugs or contribute new features and tests. +## Simple build + +To simply build the code and create an image, follow the instructions at: +[docker based code and image build](../docker/README.md) + +For setting a full development environment, follow the steps below. + ## Setting up Go Postgres Operator is written in Go. Use the [installation instructions](https://golang.org/doc/install#install) From 974f9a0cb45e7da2c06fa748d606d10e5c50273f Mon Sep 17 00:00:00 2001 From: ReSearchITEng Date: Thu, 23 Jul 2020 00:13:44 +0300 Subject: [PATCH 5/8] keep old Dockerfile as original, as it's used by Travis --- docker/DebugDockerfile | 30 ++++-------------------- docker/Dockerfile | 33 +++++++------------------- docker/NoBuildDebugDockerfile | 19 --------------- docker/NoBuildDockerfile | 15 ------------ docker/README.md | 16 ++++++------- docker/WithBuildDebugDockerfile | 41 +++++++++++++++++++++++++++++++++ docker/WithBuildDockerfile | 32 +++++++++++++++++++++++++ 7 files changed, 92 insertions(+), 94 deletions(-) delete mode 100644 docker/NoBuildDebugDockerfile delete mode 100644 docker/NoBuildDockerfile create mode 100644 docker/WithBuildDebugDockerfile create mode 100644 docker/WithBuildDockerfile diff --git a/docker/DebugDockerfile b/docker/DebugDockerfile index ddb3e6648..0c11fe3b4 100644 --- a/docker/DebugDockerfile +++ b/docker/DebugDockerfile @@ -1,41 +1,19 @@ -########################################################### -### builder image ############################### -########################################################### -FROM golang:1.14.6-alpine AS builder - -RUN apk --no-cache add ca-certificates make git && update-ca-certificates -WORKDIR /go/src/github.com/zalando/postgres-operator/ -COPY . . -RUN make linux - -########################################################### -### operator image -> debug version ################## -########################################################### -FROM golang:1.14.6-alpine AS postgres-operator-debug +FROM alpine MAINTAINER Team ACID @ Zalando -LABEL org.opencontainers.image.authors "Team ACID @ Zalando " -LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.title "zalando/posgress-operator" -LABEL org.opencontainers.image.description "posgress-operator-debug" # We need root certificates to deal with teams api over https -COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / +RUN apk --no-cache add ca-certificates go git musl-dev -# We need root certificates to deal with teams api over https -RUN apk --no-cache add ca-certificates git musl-dev +COPY build/* / RUN addgroup -g 1000 pgo RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo RUN go get github.com/derekparker/delve/cmd/dlv -RUN cp /go/bin/dlv /dlv +RUN cp /root/go/bin/dlv /dlv RUN chown -R pgo:pgo /dlv USER pgo:pgo -EXPOSE 7777 RUN ls -l / CMD ["/dlv", "--listen=:7777", "--headless=true", "--api-version=2", "exec", "/postgres-operator"] - diff --git a/docker/Dockerfile b/docker/Dockerfile index 9715f5fe0..86d8f187c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,32 +1,15 @@ -########################################################### -### builder image ############################### -########################################################### -FROM golang:1.14.6-alpine AS builder +FROM alpine +MAINTAINER Team ACID @ Zalando -RUN apk --no-cache add ca-certificates make git && update-ca-certificates -WORKDIR /go/src/github.com/zalando/postgres-operator/ -COPY . . -RUN make linux +# We need root certificates to deal with teams api over https +RUN apk --no-cache add ca-certificates -################################################################ -### operator image -> the more secure version (from scratch) ### -################################################################ -FROM scratch AS postgres-operator-secure -MAINTAINER Team ACID @ Zalando -LABEL org.opencontainers.image.authors "Team ACID @ Zalando " -LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" -LABEL org.opencontainers.image.title "zalando/posgress-operator" -LABEL org.opencontainers.image.description "posgress-operator-secure from scratch image" +COPY build/* / -COPY --from=builder /etc/passwd /etc/group /etc/ +RUN addgroup -g 1000 pgo +RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo -# We need root certificates to deal with teams api over https -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / +USER pgo:pgo -USER nobody ENTRYPOINT ["/postgres-operator"] - diff --git a/docker/NoBuildDebugDockerfile b/docker/NoBuildDebugDockerfile deleted file mode 100644 index 0c11fe3b4..000000000 --- a/docker/NoBuildDebugDockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM alpine -MAINTAINER Team ACID @ Zalando - -# We need root certificates to deal with teams api over https -RUN apk --no-cache add ca-certificates go git musl-dev - -COPY build/* / - -RUN addgroup -g 1000 pgo -RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo - -RUN go get github.com/derekparker/delve/cmd/dlv -RUN cp /root/go/bin/dlv /dlv -RUN chown -R pgo:pgo /dlv - -USER pgo:pgo -RUN ls -l / - -CMD ["/dlv", "--listen=:7777", "--headless=true", "--api-version=2", "exec", "/postgres-operator"] diff --git a/docker/NoBuildDockerfile b/docker/NoBuildDockerfile deleted file mode 100644 index 86d8f187c..000000000 --- a/docker/NoBuildDockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM alpine -MAINTAINER Team ACID @ Zalando - -# We need root certificates to deal with teams api over https -RUN apk --no-cache add ca-certificates - -COPY build/* / - -RUN addgroup -g 1000 pgo -RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo - -USER pgo:pgo - -ENTRYPOINT ["/postgres-operator"] - diff --git a/docker/README.md b/docker/README.md index 180de03b7..84ef97aca 100644 --- a/docker/README.md +++ b/docker/README.md @@ -7,17 +7,15 @@ Most Dockerfiles both build the code as well as the image. # Choose the desired build flavour: -- Dockerfile -> builds more secure version of the image (from scratch instead of basing on alpine) -- DebugDockerfile -> builds a debug version of the image, based on alpine and uses "github.com/derekparker/delve/cmd/dlv". Port :7777 +- WithBuildDockerfile -> builds code as well as more secure a version of the image (from scratch instead of basing on alpine) +- WithBuildDebugDockerfile -> builds a debug version of the image, based on alpine and uses "github.com/derekparker/delve/cmd/dlv". exposes port :7777 - NotFromScrachDockerfile -> alpine based image (notFromScratch like in Dockerfile ) -- NoBuildDockerfile -> alpine based image, without the build, it expects binary is build outside. This is the older version of the Dockerfile file. -- NoBuildDebugDockerfile -> alpine based image, without the build, it expects binary is build outside. This is the older version of the DebugDocker file. +- Dockerfile -> alpine based image, without the build, it expects binary is build outside. This is used by Makefile (& Travis) +- DebugDockerfile -> alpine based image, without the build, it expects binary is build outside. This is used by Makefile (& Travis) to make debug image. -# Command: +# Command example: ```shell -docker build -f docker/Dockerfile . -docker build -f docker/DebugDockerfile . -docker build -f docker/NotFromScrachDockerfile . +docker build -f docker/WithBuildDockerfile . ``` # docker.io @@ -25,6 +23,6 @@ This solution works also when you want to build your fork using docker hub (dock For automating docker build. Make sure you pass the context to root of it project. Same for for docker hub (docker.io) builds: -set the **Dockerfile** column to `docker/DebugDockerfile` and **context** column to `/` +set the **Dockerfile** column to `docker/WithBuildDockerfile` and **context** column to `/` diff --git a/docker/WithBuildDebugDockerfile b/docker/WithBuildDebugDockerfile new file mode 100644 index 000000000..ddb3e6648 --- /dev/null +++ b/docker/WithBuildDebugDockerfile @@ -0,0 +1,41 @@ +########################################################### +### builder image ############################### +########################################################### +FROM golang:1.14.6-alpine AS builder + +RUN apk --no-cache add ca-certificates make git && update-ca-certificates +WORKDIR /go/src/github.com/zalando/postgres-operator/ +COPY . . +RUN make linux + +########################################################### +### operator image -> debug version ################## +########################################################### +FROM golang:1.14.6-alpine AS postgres-operator-debug +MAINTAINER Team ACID @ Zalando +LABEL org.opencontainers.image.authors "Team ACID @ Zalando " +LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.title "zalando/posgress-operator" +LABEL org.opencontainers.image.description "posgress-operator-debug" + +# We need root certificates to deal with teams api over https +COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / + +# We need root certificates to deal with teams api over https +RUN apk --no-cache add ca-certificates git musl-dev + +RUN addgroup -g 1000 pgo +RUN adduser -D -u 1000 -G pgo -g 'Postgres Operator' pgo + +RUN go get github.com/derekparker/delve/cmd/dlv +RUN cp /go/bin/dlv /dlv +RUN chown -R pgo:pgo /dlv + +USER pgo:pgo +EXPOSE 7777 +RUN ls -l / + +CMD ["/dlv", "--listen=:7777", "--headless=true", "--api-version=2", "exec", "/postgres-operator"] + diff --git a/docker/WithBuildDockerfile b/docker/WithBuildDockerfile new file mode 100644 index 000000000..9715f5fe0 --- /dev/null +++ b/docker/WithBuildDockerfile @@ -0,0 +1,32 @@ +########################################################### +### builder image ############################### +########################################################### +FROM golang:1.14.6-alpine AS builder + +RUN apk --no-cache add ca-certificates make git && update-ca-certificates +WORKDIR /go/src/github.com/zalando/postgres-operator/ +COPY . . +RUN make linux + +################################################################ +### operator image -> the more secure version (from scratch) ### +################################################################ +FROM scratch AS postgres-operator-secure +MAINTAINER Team ACID @ Zalando +LABEL org.opencontainers.image.authors "Team ACID @ Zalando " +LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.documentation "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.source "https://github.com/zalando/postgres-operator/" +LABEL org.opencontainers.image.title "zalando/posgress-operator" +LABEL org.opencontainers.image.description "posgress-operator-secure from scratch image" + +COPY --from=builder /etc/passwd /etc/group /etc/ + +# We need root certificates to deal with teams api over https +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=builder /go/src/github.com/zalando/postgres-operator/build/* / + +USER nobody +ENTRYPOINT ["/postgres-operator"] + + From 2972edd4af09d03f5c85eec253f66d8fb2c5f787 Mon Sep 17 00:00:00 2001 From: ReSearchITEng Date: Mon, 22 Mar 2021 10:27:44 +0200 Subject: [PATCH 6/8] update golang to 1.15 --- docker/DebugDockerfile | 2 +- docker/NotFromScrachDockerfile | 4 ++-- docker/WithBuildDebugDockerfile | 4 ++-- docker/WithBuildDockerfile | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker/DebugDockerfile b/docker/DebugDockerfile index 0c11fe3b4..39c334935 100644 --- a/docker/DebugDockerfile +++ b/docker/DebugDockerfile @@ -1,4 +1,4 @@ -FROM alpine +FROM alpine:3.13.2 MAINTAINER Team ACID @ Zalando # We need root certificates to deal with teams api over https diff --git a/docker/NotFromScrachDockerfile b/docker/NotFromScrachDockerfile index e6beabf9d..c1020f432 100644 --- a/docker/NotFromScrachDockerfile +++ b/docker/NotFromScrachDockerfile @@ -1,7 +1,7 @@ ########################################################### ### builder image ############################### ########################################################### -FROM golang:1.14.6-alpine AS builder +FROM golang:1.15.10-alpine3.13 AS builder RUN apk --no-cache add ca-certificates make git && update-ca-certificates WORKDIR /go/src/github.com/zalando/postgres-operator/ @@ -12,7 +12,7 @@ RUN make linux ### operator image -> the version with full alpine image ## ########################################################### ## This is optional, only as example. Only last image is used -FROM alpine:3.12.0 as postgres-operator-alpine +FROM alpine:3.13.2 as postgres-operator-alpine MAINTAINER Team ACID @ Zalando LABEL org.opencontainers.image.authors "Team ACID @ Zalando " LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" diff --git a/docker/WithBuildDebugDockerfile b/docker/WithBuildDebugDockerfile index ddb3e6648..f204e4d5e 100644 --- a/docker/WithBuildDebugDockerfile +++ b/docker/WithBuildDebugDockerfile @@ -1,7 +1,7 @@ ########################################################### ### builder image ############################### ########################################################### -FROM golang:1.14.6-alpine AS builder +FROM golang:1.15.10-alpine3.13 AS builder RUN apk --no-cache add ca-certificates make git && update-ca-certificates WORKDIR /go/src/github.com/zalando/postgres-operator/ @@ -11,7 +11,7 @@ RUN make linux ########################################################### ### operator image -> debug version ################## ########################################################### -FROM golang:1.14.6-alpine AS postgres-operator-debug +FROM golang:1.15.10-alpine3.13 AS postgres-operator-debug MAINTAINER Team ACID @ Zalando LABEL org.opencontainers.image.authors "Team ACID @ Zalando " LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" diff --git a/docker/WithBuildDockerfile b/docker/WithBuildDockerfile index 9715f5fe0..e8ad3330e 100644 --- a/docker/WithBuildDockerfile +++ b/docker/WithBuildDockerfile @@ -1,7 +1,7 @@ ########################################################### ### builder image ############################### ########################################################### -FROM golang:1.14.6-alpine AS builder +FROM golang:1.15.10-alpine3.13 AS builder RUN apk --no-cache add ca-certificates make git && update-ca-certificates WORKDIR /go/src/github.com/zalando/postgres-operator/ From d24d763ded3802b3a1779ccb8b6803e946404e0d Mon Sep 17 00:00:00 2001 From: ReSearchITEng Date: Tue, 1 Feb 2022 20:28:10 +0200 Subject: [PATCH 7/8] update golang 1.17 --- docker/NotFromScrachDockerfile | 2 +- docker/README.md | 4 ++++ docker/WithBuildDebugDockerfile | 10 +++++++--- docker/WithBuildDockerfile | 8 ++++++-- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/docker/NotFromScrachDockerfile b/docker/NotFromScrachDockerfile index c1020f432..f6075489c 100644 --- a/docker/NotFromScrachDockerfile +++ b/docker/NotFromScrachDockerfile @@ -1,7 +1,7 @@ ########################################################### ### builder image ############################### ########################################################### -FROM golang:1.15.10-alpine3.13 AS builder +FROM golang:1.17.6-alpine3.15 AS builder RUN apk --no-cache add ca-certificates make git && update-ca-certificates WORKDIR /go/src/github.com/zalando/postgres-operator/ diff --git a/docker/README.md b/docker/README.md index 84ef97aca..0004313d1 100644 --- a/docker/README.md +++ b/docker/README.md @@ -17,6 +17,10 @@ Most Dockerfiles both build the code as well as the image. ```shell docker build -f docker/WithBuildDockerfile . ``` +OR, using proxy and eventually also internal go mirrors +```shell +docker build -f docker/WithBuildDockerfile . --build-arg HTTP_PROXY=http://proxy.corp.example.com:1234 --build-arg HTTPS_PROXY=http://proxy.corp.example.com:1234 --build-arg NO_PROXY=.corp.example.com --build-arg GOPROXY=http://golang-intranet-proxy.corp.example.com:8081/repository/goproxy/ --build-arg GOSUMDB=off +``` # docker.io This solution works also when you want to build your fork using docker hub (docker.io) (and share/test your image directly from there). diff --git a/docker/WithBuildDebugDockerfile b/docker/WithBuildDebugDockerfile index f204e4d5e..681c7684d 100644 --- a/docker/WithBuildDebugDockerfile +++ b/docker/WithBuildDebugDockerfile @@ -1,8 +1,12 @@ ########################################################### ### builder image ############################### ########################################################### -FROM golang:1.15.10-alpine3.13 AS builder - +ARG GOPROXY=https://proxy.golang.org +#ARG GONOPROXY +#ARG GOPRIVATE +ARG GOSUMDB=sum.golang.org +#ARG GONOSUMDB +FROM golang:1.17.6-alpine3.15 AS builder RUN apk --no-cache add ca-certificates make git && update-ca-certificates WORKDIR /go/src/github.com/zalando/postgres-operator/ COPY . . @@ -11,7 +15,7 @@ RUN make linux ########################################################### ### operator image -> debug version ################## ########################################################### -FROM golang:1.15.10-alpine3.13 AS postgres-operator-debug +FROM golang:1.17.6-alpine3.15 AS postgres-operator-debug MAINTAINER Team ACID @ Zalando LABEL org.opencontainers.image.authors "Team ACID @ Zalando " LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/" diff --git a/docker/WithBuildDockerfile b/docker/WithBuildDockerfile index e8ad3330e..08ed59093 100644 --- a/docker/WithBuildDockerfile +++ b/docker/WithBuildDockerfile @@ -1,8 +1,12 @@ ########################################################### ### builder image ############################### ########################################################### -FROM golang:1.15.10-alpine3.13 AS builder - +ARG GOPROXY=https://proxy.golang.org +#ARG GONOPROXY +#ARG GOPRIVATE +ARG GOSUMDB=sum.golang.org +#ARG GONOSUMDB +FROM golang:1.17.6-alpine3.15 AS builder RUN apk --no-cache add ca-certificates make git && update-ca-certificates WORKDIR /go/src/github.com/zalando/postgres-operator/ COPY . . From 812f549ce7c1471cd369f6545507906c5ba9bbdb Mon Sep 17 00:00:00 2001 From: ReSearchITEng Date: Tue, 1 Feb 2022 20:31:22 +0200 Subject: [PATCH 8/8] alpine 3.15.0 --- docker/DebugDockerfile | 2 +- docker/NotFromScrachDockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/DebugDockerfile b/docker/DebugDockerfile index 39c334935..aaf0a4f7a 100644 --- a/docker/DebugDockerfile +++ b/docker/DebugDockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.13.2 +FROM alpine:3.15.0 MAINTAINER Team ACID @ Zalando # We need root certificates to deal with teams api over https diff --git a/docker/NotFromScrachDockerfile b/docker/NotFromScrachDockerfile index f6075489c..9fc9c0798 100644 --- a/docker/NotFromScrachDockerfile +++ b/docker/NotFromScrachDockerfile @@ -12,7 +12,7 @@ RUN make linux ### operator image -> the version with full alpine image ## ########################################################### ## This is optional, only as example. Only last image is used -FROM alpine:3.13.2 as postgres-operator-alpine +FROM alpine:3.15.0 as postgres-operator-alpine MAINTAINER Team ACID @ Zalando LABEL org.opencontainers.image.authors "Team ACID @ Zalando " LABEL org.opencontainers.image.url "https://github.com/zalando/postgres-operator/"