Skip to content

Commit

Permalink
[v13] Update docker images (#27502)
Browse files Browse the repository at this point in the history
* Update base Ubuntu image to 20.04 (#26905)

* Update base Ubuntu image to 22.04

* Revert the ubuntu image to 20.04

* Update the Dockerfile comment

* Add CentOS 7 note

* Add Connect note

* Move Connect build to a new Docker container (#27175)

* Move Connect build to a new Docker container

* Update comments

* Update comments
Remove unused packages and unused arguments

* Always use UID=1000 for building teleterm.
  • Loading branch information
jakule authored Jun 8, 2023
1 parent c3bf567 commit f2a3318
Show file tree
Hide file tree
Showing 4 changed files with 73 additions and 16 deletions.
26 changes: 12 additions & 14 deletions build.assets/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,18 +1,16 @@
# This Dockerfile makes the "build box": the container used to build official
# releases of Teleport and its documentation.
# This Dockerfile makes the "build box" the container used to:
# * run test and linters in CI
# * building other Docker images
#
# For Teleport releases we're using CentOS 7 box to keep the binaries compatible
# with older Linux distributions (glibc 2.17+).
#
# Check the README to learn how to safely introduce changes to Dockerfiles.

# Use Ubuntu 18.04 as base to get an older glibc version.
# Using a newer base image will build against a newer glibc, which creates a
# runtime requirement for the host to have newer glibc too. For example,
# teleport built on any newer Ubuntu version will not run on Centos 7 because
# of this.

## LIBFIDO2 ###################################################################

# Build libfido2 separately for isolation, speed and flexibility.
FROM buildpack-deps:18.04 AS libfido2
FROM buildpack-deps:20.04 AS libfido2

RUN apt-get update && \
apt-get install -y --no-install-recommends cmake && \
Expand Down Expand Up @@ -64,7 +62,7 @@ RUN git clone --depth=1 https://github.com/Yubico/libfido2.git -b 1.13.0 && \

## LIBBPF #####################################################################

FROM buildpack-deps:18.04 AS libbpf
FROM buildpack-deps:20.04 AS libbpf

# Install required dependencies
RUN apt-get update -y --fix-missing && \
Expand Down Expand Up @@ -96,7 +94,7 @@ RUN mkdir -p /opt && cd /opt && \
# 4. Fast, language-dependent dependencies
# 5. Multi-stage layer copies

FROM ubuntu:18.04 AS buildbox
FROM ubuntu:20.04 AS buildbox

COPY locale.gen /etc/locale.gen
COPY profile /etc/profile
Expand Down Expand Up @@ -124,8 +122,8 @@ RUN apt-get -y update && \
apt-utils \
build-essential \
ca-certificates \
clang-10 \
clang-format-10 \
clang \
clang-format \
curl \
default-jre \
`if [ "$BUILDARCH" = "amd64" ] ; then echo gcc-multilib; fi` \
Expand All @@ -137,7 +135,7 @@ RUN apt-get -y update && \
libpam-dev \
libsqlite3-0 \
libssl-dev \
llvm-10 \
llvm \
locales \
mingw-w64 \
mingw-w64-x86-64-dev \
Expand Down
46 changes: 46 additions & 0 deletions build.assets/Dockerfile-connect
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# This Dockerfile makes the "build box connect" the container used
# to build the Teleport Connect.
#
# This image is base on the node image, which is based on Debian Buster.
# Using it as a image allows us to link agains the same version of
# glibc as Node.js.
#
# Check the README to learn how to safely introduce changes to Dockerfiles.

## BUILDBOX-CONNECT ###################################################################

# Pin the tag to Debian Buster to make sure the Glibc compatibility.
ARG NODE_VERSION
FROM node:${NODE_VERSION}-buster AS buildbox

COPY locale.gen /etc/locale.gen
COPY profile /etc/profile
ENV LANGUAGE="en_US.UTF-8" \
LANG="en_US.UTF-8" \
LC_ALL="en_US.UTF-8" \
LC_CTYPE="en_US.UTF-8" \
DEBIAN_FRONTEND="noninteractive"

# Install packages.
RUN apt-get -y update && \
apt-get install -q -y --no-install-recommends \
build-essential \
ca-certificates \
git \
libc6-dev \
libssl-dev \
locales \
openssh-client \
pkg-config \
python3-pip \
python3-setuptools \
python3-wheel \
# Used during tag builds to build the RPM package of Connect.
rpm \
&& \
dpkg-reconfigure locales && \
apt-get -y clean && \
rm -rf /var/lib/apt/lists/*

# Do not create the ci user as we do on other images, as node image
# already has node user with UID:GID 1000:1000 user.
16 changes: 14 additions & 2 deletions build.assets/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -233,12 +233,24 @@ ifeq ($(CONNECT_VERSION),)
CONNECT_VERSION := $(BUILDBOX_VERSION)-dev
endif

#
# Builds a Docker buildbox for Linux Connect builds
#
.PHONY:buildbox-connect
buildbox-connect:
if [[ $${DRONE} == "true" ]] && ! docker inspect --type=image $(BUILDBOX_CONNECT) 2>&1 >/dev/null; then docker pull $(BUILDBOX_CONNECT) || true; fi; \
DOCKER_BUILDKIT=1 docker build \
--build-arg NODE_VERSION=$(NODE_VERSION) \
--cache-from $(BUILDBOX_CONNECT) \
--tag $(BUILDBOX_CONNECT) -f Dockerfile-connect . ;

#
# Builds Teleport Connect inside the buildbox container.
#
.PHONY:teleterm
teleterm: buildbox
docker run $(DOCKERFLAGS) $(NOROOT) $(BUILDBOX) \
teleterm: buildbox-connect
# Always run this image as user 1000, as the Node base image assumes that.
docker run $(DOCKERFLAGS) -u 1000:1000 $(BUILDBOX_CONNECT) \
bash -c "cd $(SRCDIR) && export CONNECT_TSH_BIN_PATH=\$$PWD/../teleport/build/tsh && yarn install --frozen-lockfile && yarn build-term && yarn package-term -c.extraMetadata.version=$(CONNECT_VERSION)"

# Builds webassets inside Docker.
Expand Down
1 change: 1 addition & 0 deletions build.assets/images.mk
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ BUILDBOX_CENTOS7_FIPS=$(BUILDBOX_BASE_NAME)-centos7-fips:$(BUILDBOX_VERSION)
BUILDBOX_ARM=$(BUILDBOX_BASE_NAME)-arm:$(BUILDBOX_VERSION)
BUILDBOX_ARM_FIPS=$(BUILDBOX_BASE_NAME)-arm-fips:$(BUILDBOX_VERSION)
BUILDBOX_UI=$(BUILDBOX_BASE_NAME)-ui:$(BUILDBOX_VERSION)
BUILDBOX_CONNECT=$(BUILDBOX_BASE_NAME)-connect:$(BUILDBOX_VERSION)
BUILDBOX_CENTOS7_ASSETS=$(BUILDBOX_BASE_NAME)-centos7-assets:$(BUILDBOX_VERSION)

.PHONY:show-buildbox-base-image
Expand Down

0 comments on commit f2a3318

Please sign in to comment.