Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dockerfile: update to bookworm base image #8916

Merged
merged 5 commits into from
Jun 6, 2024
Merged

dockerfile: update to bookworm base image #8916

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
1343a92
dockerfile: update to bookworm base image
patrick-stephens Jun 5, 2024
58e6506
dockerfile: switch to libssl3
patrick-stephens Jun 5, 2024
3291fc7
dockerfile: switch to libffi8
patrick-stephens Jun 5, 2024
3fec011
dockerfile: add libcap2
patrick-stephens Jun 5, 2024
d578e90
dockerfile: switch to libldap-2.5
patrick-stephens Jun 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 18 additions & 16 deletions dockerfiles/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ ARG RELEASE_VERSION=3.0.7
FROM multiarch/qemu-user-static:x86_64-arm as qemu-arm32
FROM multiarch/qemu-user-static:x86_64-aarch64 as qemu-arm64

FROM debian:bullseye-slim as builder-base
FROM debian:bookworm-slim as builder-base

COPY --from=qemu-arm32 /usr/bin/qemu-arm-static /usr/bin/
COPY --from=qemu-arm64 /usr/bin/qemu-aarch64-static /usr/bin/
Expand All @@ -33,7 +33,7 @@ RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log
ENV DEBIAN_FRONTEND noninteractive

# hadolint ignore=DL3008
RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list && \
RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/sources.list && \
apt-get update && \
apt-get install -y --no-install-recommends \
build-essential \
Expand All @@ -46,7 +46,7 @@ RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/
libssl-dev \
libsasl2-dev \
pkg-config \
libsystemd-dev/bullseye-backports \
libsystemd-dev/bookworm-backports \
zlib1g-dev \
libpq-dev \
postgresql-server-dev-all \
Expand Down Expand Up @@ -97,30 +97,30 @@ RUN /fluent-bit/bin/fluent-bit -J > /fluent-bit/etc/schema.json

# Simple example of how to properly extract packages for reuse in distroless
# Taken from: https://github.com/GoogleContainerTools/distroless/issues/863
FROM debian:bullseye-slim as deb-extractor
FROM debian:bookworm-slim as deb-extractor
COPY --from=qemu-arm32 /usr/bin/qemu-arm-static /usr/bin/
COPY --from=qemu-arm64 /usr/bin/qemu-aarch64-static /usr/bin/

# We download all debs locally then extract them into a directory we can use as the root for distroless.
# We also include some extra handling for the status files that some tooling uses for scanning, etc.
WORKDIR /tmp
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list && \
RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/sources.list && \
apt-get update && \
apt-get download \
libssl1.1 \
libssl3 \
libsasl2-2 \
pkg-config \
libpq5 \
libsystemd0/bullseye-backports \
libsystemd0/bookworm-backports \
zlib1g \
ca-certificates \
libatomic1 \
libgcrypt20 \
libzstd1 \
liblz4-1 \
libgssapi-krb5-2 \
libldap-2.4-2 \
libldap-2.5 \
libgpg-error0 \
libkrb5-3 \
libk5crypto3 \
Expand All @@ -135,9 +135,11 @@ RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/
libnettle8 \
libhogweed6 \
libgmp10 \
libffi7 \
libffi8 \
liblzma5 \
libyaml-0-2 && \
libyaml-0-2 \
libcap2 \
&& \
mkdir -p /dpkg/var/lib/dpkg/status.d/ && \
for deb in *.deb; do \
package_name=$(dpkg-deb -I "${deb}" | awk '/^ Package: .*$/ {print $2}'); \
Expand All @@ -152,7 +154,7 @@ RUN find /dpkg/ -type d -empty -delete && \

# We want latest at time of build
# hadolint ignore=DL3006
FROM gcr.io/distroless/cc-debian11 as production
FROM gcr.io/distroless/cc-debian12 as production
ARG RELEASE_VERSION
ENV FLUENT_BIT_VERSION=${RELEASE_VERSION}
LABEL description="Fluent Bit multi-architecture container image" \
Expand Down Expand Up @@ -183,7 +185,7 @@ EXPOSE 2020
ENTRYPOINT [ "/fluent-bit/bin/fluent-bit" ]
CMD ["/fluent-bit/bin/fluent-bit", "-c", "/fluent-bit/etc/fluent-bit.conf"]

FROM debian:bullseye-slim as debug
FROM debian:bookworm-slim as debug
ARG RELEASE_VERSION
ENV FLUENT_BIT_VERSION=${RELEASE_VERSION}
LABEL description="Fluent Bit multi-architecture debug container image" \
Expand All @@ -204,14 +206,14 @@ COPY --from=qemu-arm64 /usr/bin/qemu-aarch64-static /usr/bin/
ENV DEBIAN_FRONTEND noninteractive

# hadolint ignore=DL3008
RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list && \
RUN echo "deb http://deb.debian.org/debian bookworm-backports main" >> /etc/apt/sources.list && \
apt-get update && \
apt-get install -y --no-install-recommends \
libssl1.1 \
libssl3 \
libsasl2-2 \
pkg-config \
libpq5 \
libsystemd0/bullseye-backports \
libsystemd0/bookworm-backports \
zlib1g \
ca-certificates \
libatomic1 \
Expand All @@ -225,7 +227,7 @@ RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/
openssl \
htop atop strace iotop sysstat ncdu logrotate hdparm pciutils psmisc tree pv \
cmake make tar flex bison \
libssl-dev libsasl2-dev libsystemd-dev/bullseye-backports zlib1g-dev libpq-dev libyaml-dev postgresql-server-dev-all \
libssl-dev libsasl2-dev libsystemd-dev/bookworm-backports zlib1g-dev libpq-dev libyaml-dev postgresql-server-dev-all \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

Expand Down
Loading