New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Development image upgraded to ubi8 #1335
Conversation
9bbe285
to
af6052c
Compare
d141f78
to
7f5f59c
Compare
invalid certificate error message changed due to upgrade on openssl-libs dep from openssl-libs-1.1.1g-15.el8_3.x86_64 in centos8 to openssl-libs-1.1.1k-6.el8_5.x86_64 in ubi8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple of changes I've mentioned but also another question I have is that if this PR is intended to replace the s2i process with a Dockerfile instead shoudln't we be removing all the s2i resources? Or are we still going to rely on those for downstream image builds and use Dockerfile only for upstream?
Tested the general behaviour after fixing the permissions issue and everything seems to be working as expected; integration tests, unit tests and syncing local filesystem changes to container.
Dockerfile.devel
Outdated
LUA_CPATH="./lua_modules/lib/lua/5.1/?.so;;" \ | ||
LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/app-root/lib" | ||
|
||
RUN yum install -y luarocks && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be luarocks-${LUAROCKS_VERSION}
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assumed that it was read by the env var. I did not change from the dockerfile in s2i-openresty repo: https://github.com/3scale/s2i-openresty/blob/96676dbb1a231eb892bb8c2163b3470f6e625527/Dockerfile#L52
I will add it anyway, being explicit is much better.
# no need to access those from docker | ||
- /home/centos/.docker | ||
- /home/centos/.git | ||
working_dir: /opt/app-root/src/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This breaks existing environments because the permissions are not the same, either need to take care of this ourselves OR document that the project should just be recreated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not get that about breaking existing environments. The new image "quay.io/3scale/apicast-ci:openresty-1.19.3" or custom image builds from the Dockerfile.devel
have HOME
set to /opt/app-root/src/
and the running user should not have permission issues.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I get your point.
If you run "make development", the image being loaded will be quay.io/3scale/apicast-ci:openresty-1.19.3
and there should not be any permission issue.
Only if you run "make development IMAGE=mycustom_image", then you need to make sure that "my_custom_image" is ubi8 based and has been built with "make dev-build" target. Usually the devel image is not custom image. Only when we neeed to upgrade some dep existing in the devel image, we need to test the new devel image with a custom image before pushing a new release
No. This PR is meant to build development image from a local Dockerfile.devel instead of from Removal of s2i and building upstream runtime image is currently WIP in the following branch: https://github.com/3scale/APIcast/tree/remove-s2i |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So after testing again and reproducing the permissions issues it seems like the best solution is to notify the developers (community?) that the new changes require either those dirs to be removed or simply to delete the project and reclone it.
Otherwise nothing else left to review here and the changes look good to me.
what
Dockerfile.devel
with the devel image contentspec/resty/openssl/x509_spec.lua
unittest. Reason:openssl-libs
dep:openssl-libs-1.1.1g-15.el8_3.x86_64
incentos8
->openssl-libs-1.1.1k-6.el8_5.x86_64
inubi8
verification steps
run development image
Inside the container, download dependencies
Inside the container, run apicast
Send request from externally from the host