Merge pull request Kong#576 from Kong/chore/ubi-minimal

[FT-2378] [ENGEN-452] Use ubi-minimal and add "rhel-minimal" image

.github/workflows/test.yml

@@ -5,10 +5,11 @@ jobs:
   test:
     name: Build & Test
     runs-on: ubuntu-20.04
+    timeout-minutes: 30
 
     strategy:
       matrix:
-        image: [alpine, ubuntu, rhel]
+        image: [alpine, ubuntu, rhel, rhel-minimal]
 
     env:
       BASE: ${{ matrix.image }}

.github/workflows/version2_test.yml

@@ -5,6 +5,7 @@ jobs:
   test:
     name: Build & Test Version 2
     runs-on: ubuntu-20.04
+    timeout-minutes: 30
 
     strategy:
       matrix:

.gitignore

@@ -4,3 +4,6 @@ kong-build-tools
 kong
 *.bak
 submit
+**/*.deb
+**/*.rpm
+**/*.apk

Dockerfile.rpm

@@ -1,8 +1,22 @@
-FROM redhat/ubi8
+FROM redhat/ubi8-minimal
+
+LABEL maintainer="Kong Docker Maintainers <[email protected]> (@team-gateway-bot)"
 
 ARG KONG_VERSION=2.8.1
 ENV KONG_VERSION $KONG_VERSION
 
+# RedHat required labels
+LABEL name="Kong" \
+      vendor="Kong" \
+      version="$KONG_VERSION" \
+      release="1" \
+      url="https://konghq.com" \
+      summary="Next-Generation API Platform for Modern Architectures" \
+      description="Next-Generation API Platform for Modern Architectures"
+
+# RedHat required LICENSE file approved path
+COPY LICENSE /licenses/
+
 ARG KONG_SHA256="8bae61982b8d439e12037e24432adc185f87113989c27c89521d8cc024b38ddc"
 
 ARG ASSET=remote
@@ -13,12 +27,24 @@ COPY kong.rpm /tmp/kong.rpm
 # hadolint ignore=DL3015
 RUN set -ex; \
     if [ "$ASSET" = "remote" ] ; then \
-      VERSION=$(grep '^VERSION_ID' /etc/os-release | cut -d = -f 2 | sed -e 's/^"//' -e 's/"$//' | cut -d . -f 1) \
+      VERSION=$(sed -n -e 's/^VERSION_ID="\(.*\)\.[0-9]"/\1/p' /etc/os-release) \
       && DOWNLOAD_URL="https://download.konghq.com/gateway-${KONG_VERSION%%.*}.x-rhel-$VERSION/Packages/k/kong-$KONG_VERSION.rhel$VERSION.amd64.rpm" \
       && curl -fL $DOWNLOAD_URL -o /tmp/kong.rpm \
       && echo "$KONG_SHA256  /tmp/kong.rpm" | sha256sum -c -; \
     fi \
-    && yum install -y /tmp/kong.rpm \
+    # findutils provides xargs (temporarily)
+    && microdnf install --assumeyes --nodocs \
+      findutils \
+      shadow-utils \
+      unzip \
+    && rpm -qpR /tmp/kong.rpm \
+      | grep -v rpmlib \
+      | xargs -n1 -t microdnf install --assumeyes --nodocs \
+    # Please update the rhel install docs if the below line is changed so that
+    # end users can properly install Kong along with its required dependencies
+    # and that our CI does not diverge from our docs.
+    && rpm -iv /tmp/kong.rpm \
+    && microdnf -y clean all \
     && rm /tmp/kong.rpm \
     && chown kong:0 /usr/local/bin/kong \
     && chown -R kong:0 /usr/local/kong \

Makefile

@@ -3,15 +3,26 @@
 KONG_BUILD_TOOLS?=4.25.3
 PACKAGE?=apk
 BASE?=alpine
-ASSET_LOCATION?=remote
 
+DOCKER_TAG_PREFIX?=kong
+
+RHEL_REGISTRY?=scan.connect.redhat.com
+RHEL_REGISTRY_REPO?=$(RHEL_REGISTRY)/ospid-dd198cd0-ed8b-41bd-9c18-65fd85059d31/kong
+
+build: ASSET_LOCATION?=ce
+build: DOCKER_TAG?=$(DOCKER_TAG_PREFIX)-$(BASE)
 build:
-	docker build --no-cache -t kong-$(BASE) $(BASE)/
+	docker build --no-cache --build-arg ASSET=$(ASSET_LOCATION) -t $(DOCKER_TAG) $(BASE)/
 
+build_v2: ASSET_LOCATION?=remote
+build_v2: DOCKER_TAG?=$(DOCKER_TAG_PREFIX)-$(PACKAGE)
 build_v2:
-	docker build --no-cache --build-arg ASSET=$(ASSET_LOCATION) -t kong-$(PACKAGE) -f Dockerfile.$(PACKAGE) .
+	docker build --no-cache --build-arg ASSET=$(ASSET_LOCATION) -t $(DOCKER_TAG) -f Dockerfile.$(PACKAGE) .
 
 .PHONY: test
+
+
+test: KONG_DOCKER_TAG?=$(DOCKER_TAG)
 test:
 	if cd kong-build-tools; \
 	then git pull; \
@@ -20,6 +31,10 @@ test:
 	BASE=$(BASE) ./tests/test.sh --suite "Docker-Kong test suite"
 
 release-rhel: build
-	echo $$RHEL_REGISTRY_KEY | docker login -u unused scan.connect.redhat.com --password-stdin
-	docker tag kong-rhel scan.connect.redhat.com/ospid-dd198cd0-ed8b-41bd-9c18-65fd85059d31/kong:$$TAG
-	docker push scan.connect.redhat.com/ospid-dd198cd0-ed8b-41bd-9c18-65fd85059d31/kong:$$TAG
+	echo '$(RHEL_REGISTRY_KEY)' \
+		| docker login -u unused $(RHEL_REGISTRY) --password-stdin
+	docker tag kong-rhel $(RHEL_REGISTRY_REPO)/kong:$$TAG
+	docker push $(RHEL_REGISTRY_REPO)/kong:$$TAG
+	docker tag kong-rhel-minimal $(RHEL_REGISTRY_REPO)/kong:$$TAG-minimal
+	docker push $(RHEL_REGISTRY_REPO)/kong:$$TAG-minimal
+

customize/packer.lua

@@ -64,6 +64,14 @@ local platforms = {
       "yum -y install zip",
       "yum -y install gcc gcc-c++ make",
     },
+  }, {
+    check = "stat /usr/bin/microdnf",  -- check for ubi-minimal
+    commands = {                       -- run before anything else in build container
+      "microdnf -y install git",
+      "microdnf -y install unzip",
+      "microdnf -y install zip",
+      "microdnf -y install gcc gcc-c++ make",
+    },
   }, {
     check = "apt -v",         -- check for Ubuntu
     commands = {              -- run before anything else in build container

rhel-minimal/Dockerfile

@@ -0,0 +1,80 @@
+ARG RHEL_VERSION=7
+
+FROM registry.access.redhat.com/ubi${RHEL_VERSION}/ubi-minimal
+
+LABEL maintainer="Kong Docker Maintainers <[email protected]> (@team-gateway-bot)"
+
+ARG KONG_VERSION=2.8.1
+ENV KONG_VERSION $KONG_VERSION
+
+ARG KONG_SHA256="4f2d073122c97be80de301e6037d0913f15de1d8bb6eea2871542e9a4c164c72"
+
+# RedHat required labels
+LABEL name="Kong" \
+      vendor="Kong" \
+      version="$KONG_VERSION" \
+      release="1" \
+      url="https://konghq.com" \
+      summary="Next-Generation API Platform for Modern Architectures" \
+      description="Next-Generation API Platform for Modern Architectures"
+
+# RedHat required LICENSE file approved path
+COPY LICENSE /licenses/
+
+ARG ASSET=ce
+ENV ASSET $ASSET
+
+ARG EE_PORTS
+
+COPY kong.rpm /tmp/kong.rpm
+
+ARG RHEL_VERSION
+ENV RHEL_VERSION $RHEL_VERSION
+
+RUN set -ex; \
+    if [ "$ASSET" = "ce" ] ; then \
+      curl -fL "https://download.konghq.com/gateway-${KONG_VERSION%%.*}.x-rhel-${RHEL_VERSION}/Packages/k/kong-${KONG_VERSION}.rhel${RHEL_VERSION}.amd64.rpm" -o /tmp/kong.rpm \
+      && echo "$KONG_SHA256  /tmp/kong.rpm" | sha256sum -c -; \
+    else \
+      microdnf update -y ; \
+    fi \
+    # findutils provides xargs (temporarily)
+    && microdnf install --assumeyes --nodocs \
+      findutils \
+      shadow-utils \
+      unzip \
+    && rpm -qpR /tmp/kong.rpm \
+      | grep -v rpmlib \
+      | xargs -n1 -t microdnf install --assumeyes --nodocs \
+    && rm -fr /var/cache/yum/* /tmp/yum_save*.yumtx /root/.pki \
+    # Please update the rhel install docs if the below line is changed so that
+    # end users can properly install Kong along with its required dependencies
+    # and that our CI does not diverge from our docs.
+    && rpm -iv /tmp/kong.rpm \
+    && microdnf clean all \
+    && rm /tmp/kong.rpm \
+    && chown kong:0 /usr/local/bin/kong \
+    && chown -R kong:0 /usr/local/kong \
+    && ln -s /usr/local/openresty/bin/resty /usr/local/bin/resty \
+    && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/luajit \
+    && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/lua \
+    && ln -s /usr/local/openresty/nginx/sbin/nginx /usr/local/bin/nginx \
+    # ubi-minimal comes with libz in /usr/lib64 but is sometimes missing the
+    # symlink from the versioned filenames to the unversioned.. version
+    # lua-ffi-zlib expects, and the zlib-devel pkg previously provided libz.so
+    && [ -s /usr/lib64/libz.so ] || ln -vs /usr/lib64/libz.so.1 /usr/lib64/libz.so \
+    && kong version
+
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+USER kong
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+EXPOSE 8000 8443 8001 8444 $EE_PORTS
+
+STOPSIGNAL SIGQUIT
+
+HEALTHCHECK --interval=10s --timeout=10s --retries=10 CMD kong health
+
+CMD ["kong", "docker-start"]