-
Notifications
You must be signed in to change notification settings - Fork 525
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
automate the ironbank generation (#8537)
(cherry picked from commit 682a0e5) # Conflicts: # Makefile # magefile.go
- Loading branch information
1 parent
5e74a90
commit 9acaca6
Showing
6 changed files
with
577 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
################################################################################ | ||
# Build stage 0 | ||
# Extract APM Server and make various file manipulations. | ||
################################################################################ | ||
ARG BASE_REGISTRY=registry1.dsop.io | ||
ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 | ||
ARG BASE_TAG=8.6 | ||
|
||
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS builder | ||
|
||
ARG ELASTIC_STACK={{ beat_version }} | ||
ARG ELASTIC_PRODUCT=apm-server | ||
ARG OS_AND_ARCH=linux-x86_64 | ||
|
||
RUN mkdir /usr/share/${ELASTIC_PRODUCT} | ||
WORKDIR /usr/share/${ELASTIC_PRODUCT} | ||
COPY --chown=1000:0 ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz . | ||
RUN tar --strip-components=1 -zxf ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz | ||
# Support arbitrary user ids | ||
# Ensure that group permissions are the same as user permissions. | ||
# This will help when relying on GID-0 to run Kibana, rather than UID-1000. | ||
# OpenShift does this, for example. | ||
# REF: https://docs.okd.io/latest/openshift_images/create-images.html | ||
RUN chmod -R g=u /usr/share/${ELASTIC_PRODUCT} | ||
|
||
# Create auxiliar folders and assing default permissions. | ||
RUN mkdir /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs && \ | ||
chown -R root:root /usr/share/${ELASTIC_PRODUCT} && \ | ||
find /usr/share/${ELASTIC_PRODUCT} -type d -exec chmod 0750 {} \; && \ | ||
find /usr/share/${ELASTIC_PRODUCT} -type f -exec chmod 0640 {} \; && \ | ||
chmod 0750 /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT} && \ | ||
chmod 0770 /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs | ||
|
||
################################################################################ | ||
# Build stage 1 | ||
# Copy prepared files from the previous stage and complete the image. | ||
################################################################################ | ||
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} | ||
|
||
ARG ELASTIC_PRODUCT=apm-server | ||
|
||
COPY LICENSE /licenses/elastic-${ELASTIC_PRODUCT} | ||
|
||
# Add a dumb init process | ||
COPY tinit /tinit | ||
RUN chmod +x /tinit | ||
|
||
# Bring in product from the initial stage. | ||
COPY --from=prep_files --chown=1000:0 /usr/share/${ELASTIC_PRODUCT} /usr/share/${ELASTIC_PRODUCT} | ||
WORKDIR /usr/share/${ELASTIC_PRODUCT} | ||
RUN ln -s /usr/share/${ELASTIC_PRODUCT} /opt/${ELASTIC_PRODUCT} | ||
|
||
ENV ELASTIC_CONTAINER true | ||
RUN ln -s /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT} /usr/bin/${ELASTIC_PRODUCT} | ||
|
||
# Support arbitrary user ids | ||
# Ensure gid 0 write permissions for OpenShift. | ||
RUN chmod -R g+w /usr/share/${ELASTIC_PRODUCT} | ||
|
||
# config file ("${ELASTIC_PRODUCT}.yml") can only be writable by the owner | ||
RUN chmod go-w /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT}.yml | ||
|
||
# Remove the suid bit everywhere to mitigate "Stack Clash" | ||
RUN find / -xdev -perm -4000 -exec chmod u-s {} + | ||
|
||
# Provide a non-root user to run the process. | ||
RUN groupadd --gid 1000 ${ELASTIC_PRODUCT} && useradd --uid 1000 --gid 1000 --home-dir /usr/share/${ELASTIC_PRODUCT} --no-create-home ${ELASTIC_PRODUCT} | ||
USER ${ELASTIC_PRODUCT} | ||
|
||
EXPOSE 8200 | ||
ENTRYPOINT ["/tinit", "--", "/usr/share/apm-server/apm-server"] | ||
CMD ["-environment", "container"] | ||
|
||
HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD (curl -I -f --max-time 5 https://localhost:8200 || curl -I -f --max-time 5 http://localhost:8200 || exit 1) |
Oops, something went wrong.