Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to redhat/ubi9 for UBI based images #342

Merged
merged 7 commits into from
Jan 7, 2025
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

## Unreleased

- Update to redhat/ubi9 for UBI based images
([342](https://github.com/pulumi/pulumi-docker-containers/pull/342))

- Include uv in images that provide Python
-([341](https://github.com/pulumi/pulumi-docker-containers/pull/341))

Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Each of the images described above (except the full `pulumi/pulumi` image) are b
- `-debian-amd64`: Image manifest for the `linux/amd64` platform.
- `-debian-arm64`: Image manifest for the `linux/arm64` platform.
- `-debian`: Manifest list of `-debian-amd64` and `-debian-arm64`. Executing `docker pull` against this tag will grab the appropriate image for the supported platform you are currently running, and thus should be the default choice.
- [redhat/ubi8-minimal](https://hub.docker.com/r/redhat/ubi8-minimal), tagged with a suffix of `-ubi`. UBI images use [`microdnf`](https://github.com/rpm-software-management/microdnf) as a package manager instead of yum to minimize the size of the image. We currently only support `linux/amd64` for our UBI SDK images.
- [redhat/ubi9-minimal](https://hub.docker.com/r/redhat/ubi9-minimal), tagged with a suffix of `-ubi`. UBI images use [`microdnf`](https://github.com/rpm-software-management/microdnf) as a package manager instead of yum to minimize the size of the image. We currently only support `linux/amd64` for our UBI SDK images.

Images with no suffix tag are identical to the corresponding `-debian` tag.

Expand Down
5 changes: 2 additions & 3 deletions docker/base/Dockerfile.ubi
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
# syntax = docker/dockerfile:experimental
FROM redhat/ubi8-minimal:latest as builder
FROM redhat/ubi9-minimal:latest as builder
ARG PULUMI_VERSION
RUN microdnf install -y \
curl \
make \
gcc \
git \
Expand All @@ -13,7 +12,7 @@ RUN curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION

# The runtime container
# This is our base container, so let's copy all the runtimes to .pulumi/bin
FROM redhat/ubi8-minimal:latest
FROM redhat/ubi9-minimal:latest
LABEL org.opencontainers.image.description="Pulumi CLI container, bring your own SDK"
WORKDIR /pulumi
COPY --from=builder /root/.pulumi/bin bin
Expand Down
6 changes: 2 additions & 4 deletions docker/dotnet/Dockerfile.ubi
Original file line number Diff line number Diff line change
@@ -1,23 +1,21 @@
# syntax = docker/dockerfile:experimental
# Interim container so we can copy pulumi binaries
FROM redhat/ubi8-minimal:latest as builder
FROM redhat/ubi9-minimal:latest as builder
ARG PULUMI_VERSION
RUN microdnf install -y \
curl \
gzip \
tar
# Install the Pulumi SDK, including the CLI and language runtimes.
RUN curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION

# The runtime container
FROM redhat/ubi8-minimal:latest
FROM redhat/ubi9-minimal:latest
ARG LANGUAGE_VERSION
LABEL org.opencontainers.image.description="Pulumi CLI container for dotnet"
WORKDIR /pulumi/projects

RUN microdnf install -y \
ca-certificates \
curl \
# Required by the dotnet-install script, which calls `find`:
findutils \
git \
Expand Down
6 changes: 2 additions & 4 deletions docker/go/Dockerfile.ubi
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
# syntax = docker/dockerfile:experimental
# Interim container so we can copy pulumi binaries
FROM redhat/ubi8-minimal:latest as builder
FROM redhat/ubi9-minimal:latest as builder
ARG PULUMI_VERSION
RUN microdnf install -y \
curl \
gzip \
tar
# Install the Pulumi SDK, including the CLI and language runtimes.
Expand All @@ -23,13 +22,12 @@ RUN curl -fsSLo /tmp/go.tgz https://golang.org/dl/go${RUNTIME_VERSION}.linux-amd
go version

# The runtime container
FROM redhat/ubi8-minimal:latest
FROM redhat/ubi9-minimal:latest
LABEL org.opencontainers.image.description="Pulumi CLI container for go"
WORKDIR /pulumi/projects

# Install needed tools, like git
RUN microdnf install -y \
curl \
git \
tar \
ca-certificates; \
Expand Down
6 changes: 2 additions & 4 deletions docker/java/Dockerfile.ubi
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
# syntax = docker/dockerfile:experimental
# Interim container so we can copy pulumi binaries
# Must be defined first
FROM redhat/ubi8-minimal:latest as builder
FROM redhat/ubi9-minimal:latest as builder
ARG PULUMI_VERSION
RUN microdnf install -y \
curl \
git \
tar \
unzip
Expand All @@ -13,15 +12,14 @@ RUN microdnf install -y \
RUN curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION

# The runtime container
FROM redhat/ubi8-minimal:latest
FROM redhat/ubi9-minimal:latest
LABEL org.opencontainers.image.description="Pulumi CLI container for Java"
WORKDIR /pulumi/projects

RUN microdnf install -y \
git \
tar \
java-21-openjdk-devel \
curl \
unzip \
zip \
findutils \
Expand Down
6 changes: 2 additions & 4 deletions docker/nodejs/Dockerfile.ubi
Original file line number Diff line number Diff line change
@@ -1,23 +1,21 @@
# syntax = docker/dockerfile:experimental
# Interim container so we can copy pulumi binaries
FROM redhat/ubi8-minimal:latest as builder
FROM redhat/ubi9-minimal:latest as builder
ARG PULUMI_VERSION
RUN microdnf install -y \
curl \
gzip \
tar
# Install the Pulumi SDK, including the CLI and language runtimes.
RUN curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION

# The runtime container
FROM redhat/ubi8-minimal:latest
FROM redhat/ubi9-minimal:latest
ARG LANGUAGE_VERSION
LABEL org.opencontainers.image.description="Pulumi CLI container for nodejs"
WORKDIR /pulumi/projects

RUN microdnf install -y \
ca-certificates \
curl \
git \
tar \
unzip
Expand Down
4 changes: 2 additions & 2 deletions docker/python/Dockerfile.ubi
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# syntax = docker/dockerfile:experimental
# Interim container so we can copy pulumi binaries
FROM redhat/ubi8-minimal:latest as builder
FROM redhat/ubi9-minimal:latest as builder
ARG PULUMI_VERSION
RUN microdnf install -y \
gzip \
Expand All @@ -9,7 +9,7 @@ RUN microdnf install -y \
RUN curl -fsSL https://get.pulumi.com/ | bash -s -- --version $PULUMI_VERSION

# The runtime container
FROM redhat/ubi8-minimal:latest
FROM redhat/ubi9-minimal:latest
ARG LANGUAGE_VERSION
LABEL org.opencontainers.image.description="Pulumi CLI container for python"
WORKDIR /pulumi/projects
Expand Down
4 changes: 4 additions & 0 deletions tests/containers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -399,6 +399,10 @@ func TestEnvironment(t *testing.T) {
if imageVariant == "pulumi" {
expectedPath += ":/root/.pulumi/bin"
}
// When running in bash, the UBI images include /root/.local/bin:/root/bin:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this intentional, or de we need to exclude these? Does this pull in any additional binaries for the user that might not be expected?

Copy link
Contributor Author

@julienp julienp Jan 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a change in the UBI9 images, the stock bashrc now includes:

# User specific environment
if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
then
    PATH="$HOME/.local/bin:$HOME/bin:$PATH"
fi
export PATH

This seems OK to me. We have tests for the binaries we provide to ensure they are at the path we expect, and there are no binaries in these folders in our images. Users would have to explicitly install something, which I think makes this ok.

I'd also rather not make the images behave too differently from stock UBI9 for users by changing the default bashrc.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good!

if isUBI(t) {
expectedPath = "/root/.local/bin:/root/bin:" + expectedPath
}
requireOutputWithBash(t, expectedPath, "printenv", "PATH")
})

Expand Down
Loading