Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add new image for ekuiper #13986

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

Rory-Z
Copy link
Contributor

@Rory-Z Rory-Z commented Feb 1, 2023

Signed-off-by: Rory Z [email protected]


Checklist for Review

NOTE: This checklist is intended for the use of the Official Images maintainers both to track the status of your PR and to help inform you and others of where we're at. As such, please leave the "checking" of items to the repository maintainers. If there is a point below for which you would like to provide additional information or note completion, please do so by commenting on the PR. Thanks! (and thanks for staying patient with us ❤️)

  • associated with or contacted upstream?
  • available under an OSI-approved license?
  • does it fit into one of the common categories? ("service", "language stack", "base distribution")
  • is it reasonably popular, or does it solve a particular use case well?
  • does a documentation PR exist? (should be reviewed and merged at roughly the same time so that we don't have an empty image page on the Hub for very long)
  • official-images maintainer dockerization review for best practices and cache gotchas/improvements (ala the official review guidelines)?
  • 2+ official-images maintainer dockerization review?
  • existing official images have been considered as a base? (ie, if foobar needs Node.js, has FROM node:... instead of grabbing node via other means been considered?)
  • if FROM scratch, tarballs only exist in a single commit within the associated history?
  • passes current tests? any simple new tests that might be appropriate to add? (https://github.com/docker-library/official-images/tree/master/test)

@Rory-Z
Copy link
Contributor Author

Rory-Z commented Feb 1, 2023

Hello all, I don't know why the 'Naughty' check failed, it tell me tag not found in manifest for "golang": "1.18.5" and tag not found in manifest for "golang": "1.18.5-alpine" and tag not found in manifest for "python": "3.8.12-slim-bullseye", but in docker hub, there is all exist, so I was confused
Any ideas ?

@yosifkit
Copy link
Member

yosifkit commented Feb 1, 2023

Background:

Tags in the [official-images] library file[s] are only built through an update to that library file or as a result of its base image being updated (ie, an image FROM debian:buster would be rebuilt when debian:buster is built).

-https://github.com/docker-library/official-images/tree/2f086314307c04e1de77f0a515f20671e60d40bb#library-definition-files

Since our build system makes heavy use of Docker build cache, just rebuilding the all of the Dockerfiles won't cause any change. So we rely on periodic base image updates to address things like CVE updates and bug fixes in OS packages:

We strive to publish updated images at least monthly for Debian. We also rebuild earlier if there is a critical security need. Many Official Images are maintained by the community or their respective upstream projects, like Ubuntu, Alpine, and Oracle Linux, and are subject to their own maintenance schedule.

- https://github.com/docker-library/faq/tree/0ad5fd60288109c875a54a37f6581b2deaa836db#why-does-my-security-scanner-show-that-an-image-has-cves

While the golang:1.18.5-alpine is available for users to pull from Docker Hub, official images should only be based on current/supported images. This ensures that when a base image like Debian or Alpine is updated, that all dependent images are in the rebuild tree (if it is based on an image no longer in a library file it would not be subject to these periodic rebuilds).

The recommendation is to use a more generic tag like golang:1.18-alpine so that the dependent image automatically gets rebuilt with the patch updates. The currently active tags for 1.18*-alpine are in the library file:

Tags: 1.18.10-alpine3.17, 1.18-alpine3.17, 1.18.10-alpine, 1.18-alpine

Unfortunately, those are going to go away today with the release of Go 1.20 (docker-library/golang#451), so either a 1.19* or 1.20* image would be the only options.


The same is true for the python image, the 3.8.12-slim-bullseye is on Docker Hub, but it is not actively supported, so a 3.8-slim-bullseye would keep the image more up-to-date.

Tags: 3.8.16-slim-bullseye, 3.8-slim-bullseye, 3.8.16-slim, 3.8-slim

@Rory-Z
Copy link
Contributor Author

Rory-Z commented Feb 2, 2023

Hi @yosifkit, Thanks for for your detailed answers, now all check are passed

@github-actions
Copy link

github-actions bot commented Feb 2, 2023

Diff for d641654:
diff --git a/_bashbrew-cat b/_bashbrew-cat
index bdfae4a..633ac89 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1 +1,20 @@
-Maintainers: New Image! :D (@docker-library-bot)
+Maintainers: Rory Z <[email protected]> (@rory-z)
+GitRepo: https://github.com/lf-edge/ekuiper-docker.git
+GitFetch: refs/heads/main
+
+Tags: 1.8.0, 1.8, 1, latest
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: fac81d8f7bfdaf8c36ddaa7c7d76b784cc3eb6fd
+Directory: 1.8
+
+Tags: 1.8.0-slim, 1.8-slim, 1-slim, slim
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: fac81d8f7bfdaf8c36ddaa7c7d76b784cc3eb6fd
+Directory: 1.8
+File: Dockerfile-slim
+
+Tags: 1.8.0-slim-python, 1.8-slim-python, 1-slim-python, slim-python
+Architectures: amd64, arm32v7, arm64v8
+GitCommit: fac81d8f7bfdaf8c36ddaa7c7d76b784cc3eb6fd
+Directory: 1.8
+File: Dockerfile-slim-python
diff --git a/_bashbrew-list b/_bashbrew-list
index e69de29..8063cf6 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -0,0 +1,12 @@
+ekuiper:1
+ekuiper:1-slim
+ekuiper:1-slim-python
+ekuiper:1.8
+ekuiper:1.8-slim
+ekuiper:1.8-slim-python
+ekuiper:1.8.0
+ekuiper:1.8.0-slim
+ekuiper:1.8.0-slim-python
+ekuiper:latest
+ekuiper:slim
+ekuiper:slim-python
diff --git a/_bashbrew-list-build-order b/_bashbrew-list-build-order
index e69de29..4fc6568 100644
--- a/_bashbrew-list-build-order
+++ b/_bashbrew-list-build-order
@@ -0,0 +1,3 @@
+ekuiper:latest
+ekuiper:slim
+ekuiper:slim-python
diff --git a/ekuiper_latest/Dockerfile b/ekuiper_latest/Dockerfile
new file mode 100644
index 0000000..0b2bbe0
--- /dev/null
+++ b/ekuiper_latest/Dockerfile
@@ -0,0 +1,44 @@
+FROM golang:1.19-alpine AS builder
+
+RUN apk add gcc make git libc-dev zip curl jq bash binutils-gold pkgconfig zeromq-dev && \
+    mkdir /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
+
+WORKDIR /go
+
+ENV VSN=1.8.0
+RUN curl --silent --show-error -kfL -o ekuiper.tar.gz "https://github.com/lf-edge/ekuiper/archive/refs/tags/${VSN}.tar.gz" && \
+    mkdir -p ekuiper && \
+    tar -zxf ekuiper.tar.gz -C ekuiper --strip-components 1 && \
+    cd ekuiper && \
+    make build_with_edgex
+
+FROM alpine:3.16
+
+# Set environment vars
+ENV KUIPER_HOME="/kuiper" \
+    KUIPER_USER="kuiper" \
+    KUIPER_USER_ID="1001" \
+    KUIPER__BASIC__CONSOLELOG=true
+
+WORKDIR ${KUIPER_HOME}
+
+RUN apk add sed libzmq
+
+# Set appropriate ownership to allow binary full access to KUIPER_HOME dir
+RUN adduser -DH -s /sbin/nologin -u ${KUIPER_USER_ID} ${KUIPER_USER} && \
+    chown -Rh ${KUIPER_USER}:${KUIPER_USER} ${KUIPER_HOME} && \
+    mkdir -p /usr/local/taos && \
+    chown -Rh ${KUIPER_USER}:${KUIPER_USER} /usr/local/taos
+
+# Run the kuiper process under the kuiper user
+USER ${KUIPER_USER}
+
+COPY --chown=${KUIPER_USER}:${KUIPER_USER} docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
+COPY --chown=${KUIPER_USER}:${KUIPER_USER} --from=builder /go/ekuiper/_build/kuiper-* /kuiper/
+
+VOLUME ["${KUIPER_HOME}/etc", "${KUIPER_HOME}/data", "${KUIPER_HOME}/plugins", "${KUIPER_HOME}/log"]
+EXPOSE 9081 20498
+
+ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
+
+CMD ["./bin/kuiperd"]
diff --git a/ekuiper_latest/docker-entrypoint.sh b/ekuiper_latest/docker-entrypoint.sh
new file mode 100755
index 0000000..3bd7e54
--- /dev/null
+++ b/ekuiper_latest/docker-entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright 2021 EMQ Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if [ ! -z "$DEBUG" ]; then
+    set -ex
+else
+    set -e
+fi
+
+KUIPER_HOME=${KUIPER_HOME:-"/kuiper"}
+
+exec "$@"
diff --git a/ekuiper_slim-python/Dockerfile-slim-python b/ekuiper_slim-python/Dockerfile-slim-python
new file mode 100644
index 0000000..02b1b79
--- /dev/null
+++ b/ekuiper_slim-python/Dockerfile-slim-python
@@ -0,0 +1,45 @@
+FROM golang:1.19 AS builder
+
+RUN apt update -y --no-install-recommends && \
+    apt install -y --no-install-recommends make git curl procps zip libucl-dev zlib1g-dev pkg-config libczmq-dev build-essential debhelper jq zip
+
+RUN curl --silent --show-error -kfL -o upx.tar.xz "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-src.tar.xz" && \
+    mkdir -p /usr/local/upx && \
+    tar -xf upx.tar.xz -C /usr/local/upx --strip-components 1 && \
+    cd /usr/local/upx && \
+    make all && \
+    ln -s /usr/local/upx/src/upx.out /usr/bin/upx
+
+WORKDIR /go
+
+ENV VSN=1.8.0
+RUN curl --silent --show-error -kfL -o ekuiper.tar.gz "https://github.com/lf-edge/ekuiper/archive/refs/tags/${VSN}.tar.gz" && \
+    mkdir -p ekuiper && \
+    tar -zxf ekuiper.tar.gz -C ekuiper --strip-components 1 && \
+    cd ekuiper && \
+    make build_with_edgex_and_script
+
+FROM python:3.8-slim-bullseye
+
+COPY --from=builder /go/ekuiper/_build/kuiper-* /kuiper/
+COPY --from=builder /go/ekuiper/sdk/python /sdk/python
+COPY docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
+
+RUN apt-get update --no-install-recommends && \
+    apt-get install -y --no-install-recommends gcc pkg-config libczmq-dev libffi-dev wget cmake make git && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+WORKDIR /sdk/python
+RUN python3 setup.py sdist && python3 setup.py install
+
+ENV KUIPER_HOME="/kuiper" \
+    KUIPER__BASIC__CONSOLELOG=true
+
+WORKDIR ${KUIPER_HOME}
+
+EXPOSE 9081 20498
+
+ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
+
+CMD ["./bin/kuiperd"]
diff --git a/ekuiper_slim-python/docker-entrypoint.sh b/ekuiper_slim-python/docker-entrypoint.sh
new file mode 100755
index 0000000..3bd7e54
--- /dev/null
+++ b/ekuiper_slim-python/docker-entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright 2021 EMQ Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if [ ! -z "$DEBUG" ]; then
+    set -ex
+else
+    set -e
+fi
+
+KUIPER_HOME=${KUIPER_HOME:-"/kuiper"}
+
+exec "$@"
diff --git a/ekuiper_slim/Dockerfile-slim b/ekuiper_slim/Dockerfile-slim
new file mode 100644
index 0000000..8012a69
--- /dev/null
+++ b/ekuiper_slim/Dockerfile-slim
@@ -0,0 +1,41 @@
+FROM golang:1.19 AS builder
+
+RUN apt update -y --no-install-recommends && \
+    apt install -y --no-install-recommends make git curl procps zip libucl-dev zlib1g-dev pkg-config libczmq-dev build-essential debhelper jq zip
+
+RUN curl --silent --show-error -kfL -o upx.tar.xz "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-src.tar.xz" && \
+    mkdir -p /usr/local/upx && \
+    tar -xf upx.tar.xz -C /usr/local/upx --strip-components 1 && \
+    cd /usr/local/upx && \
+    make all && \
+    ln -s /usr/local/upx/src/upx.out /usr/bin/upx
+
+WORKDIR /go
+
+ENV VSN=1.8.0
+RUN curl --silent --show-error -kfL -o ekuiper.tar.gz "https://github.com/lf-edge/ekuiper/archive/refs/tags/${VSN}.tar.gz" && \
+    mkdir -p ekuiper && \
+    tar -zxf ekuiper.tar.gz -C ekuiper --strip-components 1 && \
+    cd ekuiper && \
+    make build_with_edgex
+
+FROM debian:buster
+
+COPY docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
+COPY --from=builder /go/ekuiper/_build/kuiper-* /kuiper/
+
+RUN apt-get update --no-install-recommends && \
+    apt-get install -y --no-install-recommends pkg-config libczmq-dev wget && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ENV KUIPER_HOME="/kuiper" \
+    KUIPER__BASIC__CONSOLELOG=true
+
+WORKDIR ${KUIPER_HOME}
+
+EXPOSE 9081 20498
+
+ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
+
+CMD ["./bin/kuiperd"]
diff --git a/ekuiper_slim/docker-entrypoint.sh b/ekuiper_slim/docker-entrypoint.sh
new file mode 100755
index 0000000..3bd7e54
--- /dev/null
+++ b/ekuiper_slim/docker-entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Copyright 2021 EMQ Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if [ ! -z "$DEBUG" ]; then
+    set -ex
+else
+    set -e
+fi
+
+KUIPER_HOME=${KUIPER_HOME:-"/kuiper"}
+
+exec "$@"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants