ubi :: update docker files to use ubi8 (NationalSecurityAgency#743)

dev-mlb · Apr 11, 2024 · c827864 · c827864
1 parent 94403d9
commit c827864
Show file tree

Hide file tree

Showing 4 changed files with 117 additions and 0 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,9 @@
+.github/
+.idea/
+contrib/ci/
+contrib/docker/
+contrib/elasticsearch/
+contrib/helm/
+target/
+target-idea/
+.mvn-classpath
diff --git a/DEVELOPING.md b/DEVELOPING.md
@@ -715,6 +715,14 @@ Once the build succeeds, we can start a container:
 docker run -it --rm -p 8001:8001 --hostname emissary --name emissary emissary:test
 ```
 
+### Build and Run Emissary UBI8 Docker Image
+
+From the root of the project, simply run:
+```
+docker compose -f contrib/docker/docker-compose.ubi8.yml up --build
+```
+Then from a browser, assuming container is running locally, go to http://localhost:8001/ to see the endpoints.
+
 ### Running Emissary with Kubernetes
 
 A sample standalone instance of Emissary running in Kubernetes

diff --git a/contrib/docker/Dockerfile.ubi8 b/contrib/docker/Dockerfile.ubi8
@@ -0,0 +1,73 @@
+ARG IMG_NAME=redhat/ubi8
+ARG IMG_TAG=8.8-1067
+FROM ${IMG_NAME}:${IMG_TAG} as base
+
+ARG java_version=11
+ARG user=emissary
+ARG group=emissary
+ARG uid=1000
+ARG gid=1000
+
+ENV JAVA_HOME /usr/lib/jvm/java-${java_version}-amazon-corretto
+ENV JAVA_TOOL_OPTIONS -Dfile.encoding=UTF8
+ENV PROJECT_BASE=/opt/emissary
+
+RUN rpm --import https://yum.corretto.aws/corretto.key \
+     && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \
+     && yum install -y java-${java_version}-amazon-corretto-devel \
+     && dnf install -y langpacks-en glibc-all-langpacks \
+     && groupadd -g ${gid} ${group} \
+     && useradd -u ${uid} -g ${group} -m -s /bin/sh ${user} \
+     && yum clean all -y \
+     && rm -rf /var/cache/yum
+
+
+
+FROM base as build
+
+ARG maven_version=3.9.6
+ENV MAVEN_OPTS -Xms512M -Xmx1024M -Xss1M -XX:MaxPermSize=128M -Djava.awt.headless=true
+ENV MAVEN_HOME /opt/maven
+
+RUN curl -L -o /tmp/maven.tar.gz https://dlcdn.apache.org/maven/maven-3/${maven_version}/binaries/apache-maven-${maven_version}-bin.tar.gz \
+     && tar xvf /tmp/maven.tar.gz -C /opt \
+     && ln -s /opt/apache-maven-${maven_version} ${MAVEN_HOME} \
+     && ln -s /opt/maven/bin/mvn /usr/bin/mvn
+
+COPY . /opt/emissary
+RUN chown -R ${user}:${group} /opt/emissary \
+    && chmod -R 744 /opt/emissary  \
+    && (rm -f .mvn-classpath || true)
+
+USER ${user}
+WORKDIR /opt/emissary
+RUN --mount=type=cache,uid=${uid},gid=${gid},target=/home/${user}/.m2 mvn clean package -Pdist
+
+
+
+FROM base
+
+COPY --from=build /opt/emissary/target/emissary-*-dist.tar.gz /tmp
+
+RUN tar -xf /tmp/emissary-*-dist.tar.gz -C /opt/ \
+    && version=`ls /opt | grep emissary- | awk '{ print $1 }'`  \
+    && echo "Linking /opt/${version} to /opt/emissary"  \
+    && ln -s /opt/${version} /opt/emissary  \
+    && mkdir -p /opt/emissary/localoutput  \
+    && mkdir -p /opt/emissary/target/data  \
+    && chmod -R a+rw /opt/emissary \
+    && chown -R ${user}:${group} /opt/emissary* \
+    && rm -f /tmp/*
+
+USER ${user}
+
+WORKDIR /opt/emissary
+
+VOLUME /opt/emissary/target/data
+VOLUME /opt/emissary/localoutput
+
+EXPOSE 8001
+
+ENTRYPOINT ["./emissary"]
+
+CMD ["server", "-a", "2", "-p", "8001"]
diff --git a/contrib/docker/docker-compose.ubi8.yml b/contrib/docker/docker-compose.ubi8.yml
@@ -0,0 +1,27 @@
+---
+version: "3"
+
+services:
+  emissary-server:
+    image: emissary-ubi8
+    build:
+      context: ../../
+      dockerfile: contrib/docker/Dockerfile.ubi8
+    environment:
+      - PROJECT_BASE=/opt/emissary
+      - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000 -Dfile.encoding=UTF8
+    hostname: "emissary-server"
+    command: "server -a 5 -p 8001 -s http -h emissary-server"
+    ports:
+      - "8000:8000"
+      - "8001:8001"
+    expose:
+      - '8000'
+      - '8001'
+    volumes:
+      - input:/opt/emissary/target/data
+      - output:/opt/emissary/localoutput
+
+volumes:
+  input:
+  output: