From 7e6b88e91c3a39006f37af992825fc3adf55faa2 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Wed, 16 Jun 2021 11:35:26 +0200 Subject: [PATCH] Use Debian instead of Alpine in container image This commit changes the base image for the build and controller container images to Debian slim. Reason for this is that it has proven to be hard to produce working executables for AMD64, ARM64 and ARMv7 at all times using Alpine, due to them being dynamically linked and compiled using CGO, and Alpine having constraints like musl that create an extra barrier, especially in combination with our exotic set of dependency constraints. There are a number of trade-offs we have to live with by doing this, not limited to: * An increased build time, the full release pipeline used to take 25-35 minutes, based on the images we have build for testing purposes this seems to have become 35-40 minutes. * An increased image size of roughly two times the (compressed) size of the Alpine based image. Signed-off-by: Hidde Beydals --- Dockerfile | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 56f25d64..3775d267 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,15 @@ -# Docker buildkit multi-arch build requires golang alpine -FROM golang:1.16-alpine as builder +FROM golang:1.16-buster as builder -RUN apk add --no-cache gcc pkgconfig libc-dev binutils-gold musl~=1.2 libgit2-dev~=1.1 +# Up-to-date libgit2 dependencies are only available in +# >=bullseye (testing). +RUN echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list \ + && echo "deb-src http://deb.debian.org/debian testing main" >> /etc/apt/sources.list +RUN set -eux; \ + apt-get update \ + && apt-get install -y libgit2-dev/testing zlib1g-dev/testing libssh2-1-dev/testing libpcre3-dev/testing \ + && apt-get clean \ + && apt-get autoremove --purge -y \ + && rm -rf /var/lib/apt/lists/* WORKDIR /workspace @@ -24,21 +32,26 @@ COPY internal/ internal/ # build without specifing the arch RUN CGO_ENABLED=1 go build -o source-controller main.go -FROM alpine:3.13 +FROM debian:buster-slim as controller # link repo to the GitHub Container Registry image LABEL org.opencontainers.image.source="https://github.com/fluxcd/source-controller" -RUN apk add --no-cache ca-certificates tini libgit2~=1.1 musl~=1.2 +# Up-to-date libgit2 dependencies are only available in +# >=bullseye (testing). +RUN echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list \ + && echo "deb-src http://deb.debian.org/debian testing main" >> /etc/apt/sources.list +RUN set -eux; \ + apt-get update \ + && apt-get install -y ca-certificates libgit2-1.1 \ + && apt-get clean \ + && apt-get autoremove --purge -y \ + && rm -rf /var/lib/apt/lists/* COPY --from=builder /workspace/source-controller /usr/local/bin/ -# Create minimal nsswitch.conf file to prioritize the usage of /etc/hosts over DNS queries. -# https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-354316460 -RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf - -RUN addgroup -S controller && adduser -S controller -G controller +RUN groupadd controller && \ + useradd --gid controller --shell /bin/sh --create-home controller USER controller - -ENTRYPOINT [ "/sbin/tini", "--", "source-controller" ] +ENTRYPOINT ["source-controller"]