From 2ec255973d7ea6a3e1caa2810941b7aa3c263c21 Mon Sep 17 00:00:00 2001
From: Dominik Rosiek <58699848+sumo-drosiek@users.noreply.github.com>
Date: Fri, 16 Feb 2024 14:21:20 +0100
Subject: [PATCH] feat: build ubi images (#654)

* chore: add ubi Dockerfiles

Signed-off-by: Dominik Rosiek <drosiek@sumologic.com>

* chore: update Makefiles and github actions

Signed-off-by: Dominik Rosiek <drosiek@sumologic.com>

* test

Signed-off-by: Dominik Rosiek <drosiek@sumologic.com>

* Update .github/workflows/dev_builds.yml

---------

Signed-off-by: Dominik Rosiek <drosiek@sumologic.com>
---
 .github/workflows/dev_builds.yml     | 25 +++++++++++++++++
 .github/workflows/release_builds.yml | 26 +++++++++++++++++-
 operator/Dockerfile.ubi              | 41 ++++++++++++++++++++++++++++
 operator/Makefile                    |  7 ++++-
 sidecar/fluentbit/Dockerfile.ubi     | 39 ++++++++++++++++++++++++++
 sidecar/fluentbit/Makefile           |  7 ++++-
 6 files changed, 142 insertions(+), 3 deletions(-)
 create mode 100644 operator/Dockerfile.ubi
 create mode 100644 sidecar/fluentbit/Dockerfile.ubi

diff --git a/.github/workflows/dev_builds.yml b/.github/workflows/dev_builds.yml
index 77adea69..5e67048f 100644
--- a/.github/workflows/dev_builds.yml
+++ b/.github/workflows/dev_builds.yml
@@ -39,9 +39,15 @@ jobs:
       - name: Build and push tailing sidecar multiplatform image
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./sidecar/fluentbit
+      - name: Build and push tailing sidecar ubi image
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./sidecar/fluentbit
       - name: Push tailing sidecar image with latest tag
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE }}:${{ env.LATEST_TAG }}
         working-directory: ./sidecar/fluentbit
+      - name: Push tailing sidecar ubi image with latest tag
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE }}:${{ env.LATEST_TAG }}
+        working-directory: ./sidecar/fluentbit
       - name: Log in to AWS Public ECR to publish tailing sidecar image
         run: make login-ecr
         env:
@@ -50,9 +56,16 @@ jobs:
       - name: Build and push to ECR tailing sidecar multiplatform image
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./sidecar/fluentbit
+      - name: Build and push to ECR tailing sidecar ubi image
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./sidecar/fluentbit
       - name: Push tailing sidecar image with latest tag to ECR
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
         working-directory: ./sidecar/fluentbit
+      - name: Push tailing sidecar ubi image with latest tag to ECR
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
+        working-directory: ./sidecar/fluentbit
+
 
   build-otelcol-sidecar:
     runs-on: ubuntu-20.04
@@ -117,9 +130,15 @@ jobs:
       - name: Build and push tailing sidecar operator multiplatform image
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./operator
+      - name: Build and push tailing sidecar operator ubi image
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./operator
       - name: Push tailing sidecar operator image with latest tag
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE }}:${{ env.LATEST_TAG }}
         working-directory: ./operator
+      - name: Push tailing sidecar operator ubi image with latest tag
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE }}:${{ env.LATEST_TAG }}
+        working-directory: ./operator
       - name: Log in to AWS Public ECR to publish tailing sidecar operator image
         run: make login-ecr
         env:
@@ -128,9 +147,15 @@ jobs:
       - name: Build and push to ECR tailing sidecar operator multiplatform image
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./operator
+      - name: Build and push to ECR tailing sidecar operator ubi image
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./operator
       - name: Push tailing sidecar operator image with latest tag to ECR
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
         working-directory: ./operator
+      - name: Push tailing sidecar operator ubi image with latest tag to ECR
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
+        working-directory: ./operator
 
   push-helm-chart:
     runs-on: ubuntu-20.04
diff --git a/.github/workflows/release_builds.yml b/.github/workflows/release_builds.yml
index 12637838..01bb7dcf 100644
--- a/.github/workflows/release_builds.yml
+++ b/.github/workflows/release_builds.yml
@@ -35,12 +35,18 @@ jobs:
           registry: ghcr.io
           username: USERNAME
           password: ${{ secrets.CR_PAT }}
-      - name: Push tailing sidecar image
+      - name: Build and push tailing sidecar multiplatform image
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./sidecar/fluentbit
+      - name: Build and push tailing sidecar ubi image
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./sidecar/fluentbit
       - name: Push tailing sidecar image with latest tag
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE }}:${{ env.LATEST_TAG }}
         working-directory: ./sidecar/fluentbit
+      - name: Push tailing sidecar ubi image with latest tag
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE }}:${{ env.LATEST_TAG }}
+        working-directory: ./sidecar/fluentbit
       - name: Log in to AWS Public ECR to publish tailing sidecar image
         run: make login-ecr
         env:
@@ -49,9 +55,15 @@ jobs:
       - name: Build and push to ECR tailing sidecar multiplatform image
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./sidecar/fluentbit
+      - name: Build and push to ECR tailing sidecar ubi image
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./sidecar/fluentbit
       - name: Push tailing sidecar image with latest tag to ECR
         run: make build-push-multiplatform TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
         working-directory: ./sidecar/fluentbit
+      - name: Push tailing sidecar ubi image with latest tag to ECR
+        run: make build-push-ubi TAG=${{ env.SIDECAR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
+        working-directory: ./sidecar/fluentbit
 
   build-operator:
     runs-on: ubuntu-20.04
@@ -81,9 +93,15 @@ jobs:
       - name: Build and push tailing sidecar operator multiplatform image
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./operator
+      - name: Build and push tailing sidecar operator ubi image
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./operator
       - name: Push tailing sidecar operator image with latest tag
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE }}:${{ env.LATEST_TAG }}
         working-directory: ./operator
+      - name: Push tailing sidecar operator ubi image with latest tag
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE }}:${{ env.LATEST_TAG }}
+        working-directory: ./operator
       - name: Log in to AWS Public ECR to publish tailing sidecar operator image
         run: make login-ecr
         env:
@@ -92,9 +110,15 @@ jobs:
       - name: Build and push to ECR tailing sidecar operator multiplatform image
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
         working-directory: ./operator
+      - name: Build and push to ECR tailing sidecar operator ubi image
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ steps.extract_tag.outputs.tag }}
+        working-directory: ./operator
       - name: Push tailing sidecar operator image with latest tag to ECR
         run: make build-push-multiplatform IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
         working-directory: ./operator
+      - name: Push tailing sidecar operator ubi image with latest tag to ECR
+        run: make build-push-ubi IMG=${{ env.OPERATOR_IMAGE_ECR }}:${{ env.LATEST_TAG }}
+        working-directory: ./operator
 
   push-helm-chart:
     runs-on: ubuntu-20.04
diff --git a/operator/Dockerfile.ubi b/operator/Dockerfile.ubi
new file mode 100644
index 00000000..46a3c1d4
--- /dev/null
+++ b/operator/Dockerfile.ubi
@@ -0,0 +1,41 @@
+# Build the manager binary
+FROM golang:1.21.3 as builder
+
+WORKDIR /workspace
+
+# Copy the go source
+COPY go.mod go.sum ./
+
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+COPY . .
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go config.go
+
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.6
+
+ARG VERSION=${VERSION}
+ARG RELEASE_NUMBER=${RELEASE_NUMBER}
+
+ENV SUMMARY="UBI based Tailing Sidecar Operator" \
+    DESCRIPTION="Tailing Sidecar Operator adds streaming sidecar containers which use tailing sidecar image to Pods."
+
+LABEL name="Tailing Sidecar Operator" \
+      maintainer="collection@sumologic.com" \
+      vendor="Sumo Logic" \
+      version=${VERSION} \
+      release=${RELEASE_NUMBER} \
+      summary="$SUMMARY" \
+      description="$DESCRIPTION" \
+      io.k8s.description="$DESCRIPTION"
+
+ADD https://raw.githubusercontent.com/SumoLogic/tailing-sidecar/release-v0.3/LICENSE /licenses/LICENSE
+
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER nonroot:nonroot
+
+ENTRYPOINT ["/manager"]
diff --git a/operator/Makefile b/operator/Makefile
index 47419052..e163407c 100755
--- a/operator/Makefile
+++ b/operator/Makefile
@@ -13,6 +13,7 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 
 # Image URL to use all building/pushing image targets
 IMG ?= localhost:32000/sumologic/tailing-sidecar-operator:latest
+DOCKERFILE ?= Dockerfile
 
 # Image URL for tailing sidecar
 TAILING_SIDECAR_IMG ?= localhost:32000/sumologic/tailing-sidecar:latest
@@ -174,7 +175,7 @@ generate: controller-gen
 
 # Build the docker image
 docker-build:
-	docker build . -t ${IMG}
+	docker build . -f ${DOCKERFILE} -t ${IMG}
 
 # Push the docker image
 docker-push:
@@ -187,6 +188,10 @@ build-push-multiplatform:
 		--tag ${IMG} \
 		.
 
+build-push-ubi:
+	$(MAKE) docker-build DOCKERFILE=${DOCKERFILE}.ubi IMG=${IMG}-ubi
+	$(MAKE) docker-push DOCKERFILE=${DOCKERFILE}.ubi IMG=${IMG}-ubi
+
 # find or download controller-gen
 # download controller-gen if necessary
 controller-gen:
diff --git a/sidecar/fluentbit/Dockerfile.ubi b/sidecar/fluentbit/Dockerfile.ubi
new file mode 100644
index 00000000..e2a64fab
--- /dev/null
+++ b/sidecar/fluentbit/Dockerfile.ubi
@@ -0,0 +1,39 @@
+FROM golang:1.20.7 as go-builder
+RUN mkdir /build
+ADD ./out_gstdout /build/
+WORKDIR /build
+RUN make all
+
+# ToDo: build and use the latest fluent-bit image
+FROM public.ecr.aws/sumologic/fluent-bit:1.6.10-sumo-2-ubi
+
+ARG VERSION=${VERSION}
+ARG RELEASE_NUMBER=${RELEASE_NUMBER}
+
+ENV SUMMARY="UBI based Tailing Sidecar" \
+    DESCRIPTION="Tailing sidecar is a streaming sidecar container which can be used with Tailing Sidecar Operator."
+
+LABEL name="Tailing Sidecar" \
+      maintainer="collection@sumologic.com" \
+      vendor="Sumo Logic" \
+      version=${VERSION} \
+      release=${RELEASE_NUMBER} \
+      summary="$SUMMARY" \
+      description="$DESCRIPTION" \
+      io.k8s.description="$DESCRIPTION"
+
+ADD https://raw.githubusercontent.com/SumoLogic/tailing-sidecar/release-v0.3/LICENSE /licenses/LICENSE
+
+ENV LOG_LEVEL=warning
+
+COPY --from=go-builder \
+  /build/out_gstdout.so \
+  /tailing-sidecar/lib/
+
+COPY conf/fluent-bit.conf \
+  conf/plugins.conf \
+  /fluent-bit/etc/
+
+USER nobody
+
+CMD ["/fluent-bit/bin/fluent-bit", "-c", "/fluent-bit/etc/fluent-bit.conf", "--quiet"]
diff --git a/sidecar/fluentbit/Makefile b/sidecar/fluentbit/Makefile
index 9f466414..853597e9 100755
--- a/sidecar/fluentbit/Makefile
+++ b/sidecar/fluentbit/Makefile
@@ -8,11 +8,12 @@ mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST)))
 root_dir := $(dir $(abspath $(mkfile_path)/..))
 
 TAG ?= "localhost:32000/sumologic/tailing-sidecar:latest"
+DOCKERFILE ?= Dockerfile
 
 all: build push
 
 build:
-	docker build --tag $(TAG) --file Dockerfile .
+	docker build --tag $(TAG) --file ${DOCKERFILE} .
 
 build-test-image: build
 
@@ -30,6 +31,10 @@ build-push-multiplatform:
 		--tag ${TAG} \
 		.
 
+build-push-ubi:
+	$(MAKE) build DOCKERFILE=${DOCKERFILE}.ubi TAG=${TAG}-ubi
+	$(MAKE) push DOCKERFILE=${DOCKERFILE}.ubi TAG=${TAG}-ubi
+
 push:
 	docker push $(TAG)