From 9a7fb1a59ed76d44b5cda380369e07ad0da73223 Mon Sep 17 00:00:00 2001 From: Mohammadi Iram <89964724+MohammadiIram@users.noreply.github.com> Date: Fri, 11 Oct 2024 17:34:49 +0530 Subject: [PATCH] Review Dockerfile and RPM files for building odh-kf-notebook-controller and odh-notebook-controller in Konflux (#118) * Review Dockerfile and RPM files for building odh-kf-notebook-controller in Konflux * Review Dockerfile and RPM files for building odh-notebook-controller in konflux * Review Dockerfile and RPM files for building odh-notebook-controller in konflux * Review Dockerfile and RPM files for building odh-kf-notebook-controller in Konflux --- .../notebook-controller/Dockerfile.konflux | 71 +++++++++++++++++++ components/notebook-controller/rpms.in.yaml | 5 ++ components/notebook-controller/rpms.lock.yaml | 22 ++++++ components/notebook-controller/ubi.repo | 71 +++++++++++++++++++ .../Dockerfile.konflux | 66 +++++++++++++++++ .../odh-notebook-controller/rpms.in.yaml | 5 ++ .../odh-notebook-controller/rpms.lock.yaml | 22 ++++++ components/odh-notebook-controller/ubi.repo | 71 +++++++++++++++++++ 8 files changed, 333 insertions(+) create mode 100644 components/notebook-controller/Dockerfile.konflux create mode 100644 components/notebook-controller/rpms.in.yaml create mode 100644 components/notebook-controller/rpms.lock.yaml create mode 100644 components/notebook-controller/ubi.repo create mode 100644 components/odh-notebook-controller/Dockerfile.konflux create mode 100644 components/odh-notebook-controller/rpms.in.yaml create mode 100644 components/odh-notebook-controller/rpms.lock.yaml create mode 100644 components/odh-notebook-controller/ubi.repo diff --git a/components/notebook-controller/Dockerfile.konflux b/components/notebook-controller/Dockerfile.konflux new file mode 100644 index 00000000000..a923fe63543 --- /dev/null +++ b/components/notebook-controller/Dockerfile.konflux @@ -0,0 +1,71 @@ +# Build arguments +ARG SOURCE_CODE=. +ARG CI_CONTAINER_VERSION="unknown" +ARG GOLANG_VERSION=1.21 + +# Use ubi8/go-toolset as base image +FROM registry.access.redhat.com/ubi8/go-toolset@sha256:4ec05fd5b355106cc0d990021a05b71bbfb9231e4f5bdc0c5316515edf6a1c96 as builder +ARG TARGETOS +ARG TARGETARCH + +## Build args to be used at this step +ARG SOURCE_CODE + + +#WORKDIR /workspace + +WORKDIR /opt/rhods +# Copy the Go Modules manifests +COPY ${SOURCE_CODE}/notebook-controller ./notebook-controller +COPY ${SOURCE_CODE}/odh-notebook-controller ./odh-notebook-controller + +WORKDIR /opt/rhods/odh-notebook-controller + +## Build the odh-notebook-controller +USER root + +# Build +RUN CGO_ENABLED=1 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} GO111MODULE=on go build -tags strictfipsruntime -a -o ./bin/manager main.go + +# cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer +#RUN cd /workspace/odh-notebook-controller && go mod download + +#WORKDIR /workspace/odh-notebook-controller +# Use ubi8/ubi-minimal as base image +FROM registry.redhat.io/ubi8/ubi-minimal@sha256:7583ca0ea52001562bd81a961da3f75222209e6192e4e413ee226cff97dbd48c + +## Build args to be used at this step +ARG CI_CONTAINER_VERSION + +## Install additional packages +RUN microdnf install -y shadow-utils &&\ + microdnf clean all + +## Create a non-root user with UID 1001 +RUN useradd --uid 1001 --create-home --user-group --system rhods + + +## Set workdir directory to user home +WORKDIR /home/rhods + +## Copy odh-notebook-controller-manager binary from builder stage +COPY --from=builder /opt/rhods/odh-notebook-controller/bin/manager . + + +## Switch to a non-root user +USER 1001:0 + +ENTRYPOINT [ "/manager" ] + +LABEL com.redhat.component="odh-notebook-controller-container" \ + name="managed-open-data-hub/odh-notebook-controller-rhel8" \ + version="${CI_CONTAINER_VERSION}" \ + git.url="${CI_KUBEFLOW_UPSTREAM_URL}" \ + git.commit="${CI_KUBEFLOW_UPSTREAM_COMMIT}" \ + summary="odh-notebook-controller" \ + io.openshift.expose-services="" \ + io.k8s.display-name="odh-notebook-controller" \ + maintainer="['managed-open-data-hub@redhat.com']" \ + description="odh-notebook-controller" \ + com.redhat.license_terms="https://www.redhat.com/licenses/Red_Hat_Standard_EULA_20191108.pdf" \ No newline at end of file diff --git a/components/notebook-controller/rpms.in.yaml b/components/notebook-controller/rpms.in.yaml new file mode 100644 index 00000000000..108234011ad --- /dev/null +++ b/components/notebook-controller/rpms.in.yaml @@ -0,0 +1,5 @@ +contentOrigin: + repofiles: + - ubi.repo +packages: + - shadow-utils \ No newline at end of file diff --git a/components/notebook-controller/rpms.lock.yaml b/components/notebook-controller/rpms.lock.yaml new file mode 100644 index 00000000000..7d7f10772ec --- /dev/null +++ b/components/notebook-controller/rpms.lock.yaml @@ -0,0 +1,22 @@ +--- +lockfileVersion: 1 +lockfileVendor: redhat +arches: +- arch: x86_64 + packages: + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/Packages/l/libsemanage-2.9-9.el8_6.x86_64.rpm + repoid: ubi-8-baseos-rpms + size: 172128 + checksum: sha256:1f686a73273028ca85b5a6ac858292d7b7d2fcbe379d6912ba12fc0a49ac4cce + name: libsemanage + evr: 2.9-9.el8_6 + sourcerpm: libsemanage-2.9-9.el8_6.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/Packages/s/shadow-utils-4.6-22.el8.x86_64.rpm + repoid: ubi-8-baseos-rpms + size: 1292332 + checksum: sha256:ea73ee201451bbca0d6d14ca434c93800f01c8fb1b9daef727a5af1a27356d07 + name: shadow-utils + evr: 2:4.6-22.el8 + sourcerpm: shadow-utils-4.6-22.el8.src.rpm + source: [] + module_metadata: [] \ No newline at end of file diff --git a/components/notebook-controller/ubi.repo b/components/notebook-controller/ubi.repo new file mode 100644 index 00000000000..e479489fb16 --- /dev/null +++ b/components/notebook-controller/ubi.repo @@ -0,0 +1,71 @@ +[ubi-8-baseos-rpms] +name = Red Hat Universal Base Image 8 (RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-baseos-debug-rpms] +name = Red Hat Universal Base Image 8 (Debug RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-baseos-source] +name = Red Hat Universal Base Image 8 (Source RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-appstream-rpms] +name = Red Hat Universal Base Image 8 (RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-appstream-debug-rpms] +name = Red Hat Universal Base Image 8 (Debug RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-appstream-source] +name = Red Hat Universal Base Image 8 (Source RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-codeready-builder-rpms] +name = Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-codeready-builder] +name = Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/os +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + + +[ubi-8-codeready-builder-debug-rpms] +name = Red Hat Universal Base Image 8 (Debug RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-codeready-builder-source] +name = Red Hat Universal Base Image 8 (Source RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 +Footer \ No newline at end of file diff --git a/components/odh-notebook-controller/Dockerfile.konflux b/components/odh-notebook-controller/Dockerfile.konflux new file mode 100644 index 00000000000..6fcdddbed7a --- /dev/null +++ b/components/odh-notebook-controller/Dockerfile.konflux @@ -0,0 +1,66 @@ +# Build arguments +ARG SOURCE_CODE=. +ARG CI_CONTAINER_VERSION="unknown" + +# Use ubi8/go-toolset as base image +FROM registry.access.redhat.com/ubi8/go-toolset@sha256:4ec05fd5b355106cc0d990021a05b71bbfb9231e4f5bdc0c5316515edf6a1c96 as builder +ARG TARGETOS +ARG TARGETARCH + +## Build args to be used at this step +ARG SOURCE_CODE + +WORKDIR /workspace + +# Copy the Go Modules manifests +COPY ${SOURCE_CODE}/notebook-controller ./notebook-controller +# This is necessary because the Jupyter controller now depends on +# components/common +COPY ${SOURCE_CODE}/common ./common + +# Copy the Go Modules manifests +COPY notebook-controller /workspace/notebook-controller +COPY common /workspace/common + +# cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer +RUN cd /workspace/notebook-controller && go mod download + +WORKDIR /workspace/notebook-controller + +user root + +# Build +RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -tags strictfipsruntime -a -mod=mod -o manager main.go + +# Use ubi8/ubi-minimal as base image +FROM registry.redhat.io/ubi8/ubi-minimal@sha256:7583ca0ea52001562bd81a961da3f75222209e6192e4e413ee226cff97dbd48c + +## Build args to be used at this step +ARG CI_CONTAINER_VERSION + +## Install additional packages +RUN microdnf install -y shadow-utils &&\ + microdnf clean all + +## Create a non-root user with UID 1001 +RUN useradd --uid 1001 --create-home --user-group --system rhods + +WORKDIR /home/rhods + +COPY --from=builder /workspace/notebook-controller/manager . +COPY --from=builder /workspace/notebook-controller/third_party/license.txt third_party/license.txt +# COPY --from=builder /go/pkg/mod/github.com/hashicorp third_party/hashicorp +ENTRYPOINT ["/manager"] + +LABEL com.redhat.component="odh-kf-notebook-controller-container" \ + name="managed-open-data-hub/odh-kf-notebook-controller-rhel8" \ + version="${CI_CONTAINER_VERSION}" \ + git.url="${CI_KUBEFLOW_UPSTREAM_URL}" \ + git.commit="${CI_KUBEFLOW_UPSTREAM_COMMIT}" \ + summary="odh-kf-notebook-controller" \ + io.openshift.expose-services="" \ + io.k8s.display-name="odh-kf-notebook-controller" \ + maintainer="['managed-open-data-hub@redhat.com']" \ + description="odh-kf-notebook-controller" \ + com.redhat.license_terms="https://www.redhat.com/licenses/Red_Hat_Standard_EULA_20191108.pdf" diff --git a/components/odh-notebook-controller/rpms.in.yaml b/components/odh-notebook-controller/rpms.in.yaml new file mode 100644 index 00000000000..108234011ad --- /dev/null +++ b/components/odh-notebook-controller/rpms.in.yaml @@ -0,0 +1,5 @@ +contentOrigin: + repofiles: + - ubi.repo +packages: + - shadow-utils \ No newline at end of file diff --git a/components/odh-notebook-controller/rpms.lock.yaml b/components/odh-notebook-controller/rpms.lock.yaml new file mode 100644 index 00000000000..7d7f10772ec --- /dev/null +++ b/components/odh-notebook-controller/rpms.lock.yaml @@ -0,0 +1,22 @@ +--- +lockfileVersion: 1 +lockfileVendor: redhat +arches: +- arch: x86_64 + packages: + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/Packages/l/libsemanage-2.9-9.el8_6.x86_64.rpm + repoid: ubi-8-baseos-rpms + size: 172128 + checksum: sha256:1f686a73273028ca85b5a6ac858292d7b7d2fcbe379d6912ba12fc0a49ac4cce + name: libsemanage + evr: 2.9-9.el8_6 + sourcerpm: libsemanage-2.9-9.el8_6.src.rpm + - url: https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/Packages/s/shadow-utils-4.6-22.el8.x86_64.rpm + repoid: ubi-8-baseos-rpms + size: 1292332 + checksum: sha256:ea73ee201451bbca0d6d14ca434c93800f01c8fb1b9daef727a5af1a27356d07 + name: shadow-utils + evr: 2:4.6-22.el8 + sourcerpm: shadow-utils-4.6-22.el8.src.rpm + source: [] + module_metadata: [] \ No newline at end of file diff --git a/components/odh-notebook-controller/ubi.repo b/components/odh-notebook-controller/ubi.repo new file mode 100644 index 00000000000..e479489fb16 --- /dev/null +++ b/components/odh-notebook-controller/ubi.repo @@ -0,0 +1,71 @@ +[ubi-8-baseos-rpms] +name = Red Hat Universal Base Image 8 (RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-baseos-debug-rpms] +name = Red Hat Universal Base Image 8 (Debug RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-baseos-source] +name = Red Hat Universal Base Image 8 (Source RPMs) - BaseOS +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-appstream-rpms] +name = Red Hat Universal Base Image 8 (RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-appstream-debug-rpms] +name = Red Hat Universal Base Image 8 (Debug RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-appstream-source] +name = Red Hat Universal Base Image 8 (Source RPMs) - AppStream +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-codeready-builder-rpms] +name = Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/os +enabled = 1 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-codeready-builder] +name = Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/os +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + + +[ubi-8-codeready-builder-debug-rpms] +name = Red Hat Universal Base Image 8 (Debug RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/debug +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 + +[ubi-8-codeready-builder-source] +name = Red Hat Universal Base Image 8 (Source RPMs) - CodeReady Builder +baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/source/SRPMS +enabled = 0 +gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +gpgcheck = 1 +Footer \ No newline at end of file