Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build static binaries for Docker, so that we can use 'scratch' image #1766

Merged
merged 2 commits into from
Jun 14, 2021
Merged

Build static binaries for Docker, so that we can use 'scratch' image #1766

merged 2 commits into from
Jun 14, 2021

Conversation

ylebre
Copy link
Contributor

@ylebre ylebre commented Jun 4, 2021

This should fix issue #1765

@ylebre ylebre requested a review from labkode as a code owner June 4, 2021 14:26
@update-docs
Copy link

update-docs bot commented Jun 4, 2021

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@ylebre ylebre changed the title Build static binaries for Docker, so that we can use 'stratch' image Build static binaries for Docker, so that we can use 'scratch' image Jun 4, 2021
@IljaN
Copy link
Member

IljaN commented Jun 6, 2021
edited
Loading

There could be dragons, see owncloud/ocis#375

@ishank011
Copy link
Contributor

@SamuAlfageme can you take a look?

@michielbdejong
Copy link
Contributor

I'm trying this out in cs3org/ocm-test-suite#27.
So far it works, but I must say the new very slim image is hard to debug, for instance:

docker run -it --entrypoint /bin/sh revad

fails because there is no /bin/sh.

@SamuAlfageme
Copy link
Contributor

@ylebre great catch, I did forget to set the CGO_ENABLED variable on the ENVs builder step from the Dockerfile(s).

@IljaN I'll also review what cgo dependencies are we still using and how can we avoid them if that is the case.

@SamuAlfageme
Copy link
Contributor

@michielbdejong I totally empathize. Using the binary FROM scratch is great to reduce the attack surface and size of the image, but can make debugging inside the container very cumbersome.

I have used this scratch-debugger script in the past. But if you're developing locally, I'll recommend you create an image with your OS of choice as base and then copying the revad binary --from the cs3org/revad image.

In the future, things like ephemeral containers in k8s kubernetes/enhancements#277 will make that task easier.

We can also reconsider using busybox or alpine if this becomes too annoying in the future

SamuAlfageme
SamuAlfageme previously approved these changes Jun 8, 2021
View reviewed changes
@SamuAlfageme
Copy link
Contributor

@ylebre could you add a changelog entry for your fix?

@ylebre
Copy link
Contributor Author

ylebre commented Jun 8, 2021

@SamuAlfageme sure thing, added to the PR now.

@michielbdejong michielbdejong mentioned this pull request Jun 11, 2021
Merged
@SamuAlfageme SamuAlfageme self-requested a review June 14, 2021 15:43
@SamuAlfageme SamuAlfageme merged commit 07adb3f into cs3org:master Jun 14, 2021
@SamuAlfageme
Copy link
Contributor

@ylebre thx a bunch!

@ylebre ylebre deleted the static-build branch June 14, 2021 19:09
SamuAlfageme added a commit to SamuAlfageme/reva that referenced this pull request Jun 16, 2021
@SamuAlfageme
Revert "Build static binaries for Docker, so that we can use 'scratch…
1d7a4c5 
…' image (cs3org#1766)"

This partially reverts commit 07adb3f as there are a few issues
when trying to run revad e.g. go-sqlite3 requires it:

2021-06-15 15:39:31.314 ERR go/src/github/cs3org/reva/cmd/revad/runtime/runtime.go:197 > error starting the http server error="http service dataprovider could not be started,: localfs: error initializing db: localfs: error preparing statement: Binary was compiled with 'CGO_ENABLED=0', go-sqlite3 requires cgo to work. This is a stub" pid=1
@SamuAlfageme SamuAlfageme mentioned this pull request Jun 16, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SamuAlfageme SamuAlfageme SamuAlfageme approved these changes

@labkode labkode Awaiting requested review from labkode labkode is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ylebre @IljaN @ishank011 @michielbdejong @SamuAlfageme