From 93d1ada2c86edfd422892279b7ed3c9a18cba74a Mon Sep 17 00:00:00 2001 From: Johann Hoffmann Date: Thu, 18 Aug 2022 12:38:12 +0200 Subject: [PATCH 1/4] Switch to Debian-slim base images Signed-off-by: Johann Hoffmann --- Dockerfile | 22 +++++++++++----------- docker-entrypoint.sh | 4 ++-- wait-for-postgres.sh | 4 ++-- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 31ca167..708b64e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,16 @@ -ARG ALPINE_VERSION=3.16.2 +ARG DEBIAN_VERSION=11.4-slim ARG POCO_VERSION=poco-tip-v1 ARG FMTLIB_VERSION=9.0.0 ARG CPPKAFKA_VERSION=tip-v1 ARG JSON_VALIDATOR_VERSION=2.1.0 -FROM alpine:$ALPINE_VERSION AS build-base +FROM debian:$DEBIAN_VERSION AS build-base -RUN apk add --update --no-cache \ +RUN apt-get update && apt-get install --no-install-recommends -y \ make cmake g++ git \ - unixodbc-dev postgresql-dev mariadb-dev \ - librdkafka-dev boost-dev openssl-dev \ - zlib-dev nlohmann-json + unixodbc-dev libpq-dev libmariadb-dev libmariadbclient-dev-compat \ + librdkafka-dev libboost-all-dev libssl-dev \ + zlib1g-dev nlohmann-json3-dev FROM build-base AS poco-build @@ -90,21 +90,21 @@ WORKDIR /owls/cmake-build RUN cmake .. RUN cmake --build . --config Release -j8 -FROM alpine:$ALPINE_VERSION +FROM debian:$DEBIAN_VERSION ENV OWLS_USER=owls \ OWLS_ROOT=/owls-data \ OWLS_CONFIG=/owls-data -RUN addgroup -S "$OWLS_USER" && \ - adduser -S -G "$OWLS_USER" "$OWLS_USER" +RUN useradd "$OWLS_USER" RUN mkdir /openwifi RUN mkdir -p "$OWLS_ROOT" "$OWLS_CONFIG" && \ chown "$OWLS_USER": "$OWLS_ROOT" "$OWLS_CONFIG" -RUN apk add --update --no-cache librdkafka su-exec gettext ca-certificates bash jq curl \ - mariadb-connector-c libpq unixodbc postgresql-client +RUN apt-get update && apt-get install --no-install-recommends -y \ + librdkafka++1 gosu gettext ca-certificates bash jq curl wget \ + libmariadb-dev-compat libpq5 unixodbc COPY test_scripts/curl/cli /cli diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 4bb276b..2814f0b 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -e if [ "$SELFSIGNED_CERTS" = 'true' ]; then @@ -53,7 +53,7 @@ if [ "$1" = '/openwifi/owls' -a "$(id -u)" = '0' ]; then if [ "$RUN_CHOWN" = 'true' ]; then chown -R "$OWLS_USER": "$OWLS_ROOT" "$OWLS_CONFIG" fi - exec su-exec "$OWLS_USER" "$@" + exec gosu "$OWLS_USER" "$@" fi exec "$@" diff --git a/wait-for-postgres.sh b/wait-for-postgres.sh index 86ed806..8d3e6c9 100755 --- a/wait-for-postgres.sh +++ b/wait-for-postgres.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # wait-for-postgres.sh set -e @@ -20,7 +20,7 @@ if [ "$1" = '/openwifi/owls' -a "$(id -u)" = '0' ]; then if [ "$RUN_CHOWN" = 'true' ]; then chown -R "$OWLS_USER": "$OWLS_ROOT" "$OWLS_CONFIG" fi - exec su-exec "$OWLS_USER" "$@" + exec gosu "$OWLS_USER" "$@" fi exec "$@" From 4e4b6f09f410cbc84fa5527ddfa272ca1faa98db Mon Sep 17 00:00:00 2001 From: Johann Hoffmann Date: Thu, 18 Aug 2022 13:16:03 +0200 Subject: [PATCH 2/4] Add ca-certificates package to build base image Signed-off-by: Johann Hoffmann --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 708b64e..a83640d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y \ make cmake g++ git \ unixodbc-dev libpq-dev libmariadb-dev libmariadbclient-dev-compat \ librdkafka-dev libboost-all-dev libssl-dev \ - zlib1g-dev nlohmann-json3-dev + zlib1g-dev nlohmann-json3-dev ca-certificates FROM build-base AS poco-build From a601f684e870aa6206172f30385c91469293193f Mon Sep 17 00:00:00 2001 From: Johann Hoffmann Date: Fri, 19 Aug 2022 16:11:28 +0200 Subject: [PATCH 3/4] Create necessary library links in Docker image Signed-off-by: Johann Hoffmann --- Dockerfile | 2 ++ helm/values.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a83640d..ac2796f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -118,6 +118,8 @@ COPY --from=owls-build /owls/cmake-build/owls /openwifi/owls COPY --from=cppkafka-build /cppkafka/cmake-build/src/lib/* /lib/ COPY --from=poco-build /poco/cmake-build/lib/* /lib/ +RUN ldconfig + EXPOSE 16007 17007 16107 ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/helm/values.yaml b/helm/values.yaml index 79bdcfd..9f9a942 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -97,7 +97,7 @@ resources: {} # memory: 128Mi securityContext: - fsGroup: 101 + fsGroup: 1000 nodeSelector: {} From f90b54ff0e51f6f88ec9511f375b99e1c81bc0d0 Mon Sep 17 00:00:00 2001 From: Johann Hoffmann Date: Fri, 19 Aug 2022 17:19:22 +0200 Subject: [PATCH 4/4] Fix self-signed cert file extension for Debian Signed-off-by: Johann Hoffmann --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ac2796f..7ff12ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -112,7 +112,7 @@ COPY owls.properties.tmpl / COPY docker-entrypoint.sh / COPY wait-for-postgres.sh / RUN wget https://raw.githubusercontent.com/Telecominfraproject/wlan-cloud-ucentral-deploy/main/docker-compose/certs/restapi-ca.pem \ - -O /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem + -O /usr/local/share/ca-certificates/restapi-ca-selfsigned.crt COPY --from=owls-build /owls/cmake-build/owls /openwifi/owls COPY --from=cppkafka-build /cppkafka/cmake-build/src/lib/* /lib/