From 0dff428193ab9d40cbc659261a94dc065f7417a2 Mon Sep 17 00:00:00 2001 From: SamTV12345 <40429738+SamTV12345@users.noreply.github.com> Date: Tue, 6 Dec 2022 22:21:09 +0100 Subject: [PATCH] ARTEMIS-3042 Add docker multistage build This adds the possibility to create an artemis image with just the docker build command. First the image is downloaded in an Eclipse Temurin installation and later transferred to an alpine image. Thus, it ensures that only the relevant data is stored in alpine leading to a smaller attack surface. --- artemis-docker/Dockerfile-alpine | 91 ++++++++++++++++++++++++++++++++ artemis-docker/docker-run.sh | 4 +- artemis-docker/prepare-docker.sh | 2 +- 3 files changed, 93 insertions(+), 4 deletions(-) create mode 100644 artemis-docker/Dockerfile-alpine diff --git a/artemis-docker/Dockerfile-alpine b/artemis-docker/Dockerfile-alpine new file mode 100644 index 000000000000..80e309d3e6c3 --- /dev/null +++ b/artemis-docker/Dockerfile-alpine @@ -0,0 +1,91 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# ActiveMQ Artemis + +ARG CURRENT_VERSION=2.17.0 + +FROM eclipse-temurin:11-jdk as builder +ARG CURRENT_VERSION + +ENV VERSION=$CURRENT_VERSION + +RUN apt update -y && apt upgrade -y && apt install tree curl -y + +ADD ./prepare-docker.sh /bin/prepareDocker +WORKDIR /root/artemis-build +COPY ./Dockerfile-alpine . +COPY ./docker-run.sh . +RUN prepareDocker --from-release --artemis-version ${VERSION} + + +FROM alpine:latest + +ARG CURRENT_VERSION + +ENV VERSION=$CURRENT_VERSION + +RUN apk --no-cache add openjdk17-jre-headless bash libaio\ + --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community + + +LABEL maintainer="Apache ActiveMQ Team" +# Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006 +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +WORKDIR /opt + +ENV ARTEMIS_USER artemis +ENV ARTEMIS_PASSWORD artemis +ENV ANONYMOUS_LOGIN false +ENV EXTRA_ARGS --http-host 0.0.0.0 --relax-jolokia + +# add user and group for artemis +RUN addgroup -g 1001 artemis && adduser -u 1002 --ingroup artemis --disabled-password artemis + +USER artemis + +COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/ /opt/activemq-artemis + +# Web Server +EXPOSE 8161 \ +# JMX Exporter + 9404 \ +# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE + 61616 \ +# Port for HORNETQ,STOMP + 5445 \ +# Port for AMQP + 5672 \ +# Port for MQTT + 1883 \ +#Port for STOMP + 61613 + +USER root + +RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance + +COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/docker/docker-run.sh / + +USER artemis + +# Expose some outstanding folders +VOLUME ["/var/lib/artemis-instance"] +WORKDIR /var/lib/artemis-instance + +ENTRYPOINT ["/docker-run.sh"] +CMD ["run"] \ No newline at end of file diff --git a/artemis-docker/docker-run.sh b/artemis-docker/docker-run.sh index ba7ee6814374..009127f25fa4 100755 --- a/artemis-docker/docker-run.sh +++ b/artemis-docker/docker-run.sh @@ -44,6 +44,4 @@ else echo "broker already created, ignoring creation" fi -exec ./bin/artemis "$@" - - +exec ./bin/artemis "$@" \ No newline at end of file diff --git a/artemis-docker/prepare-docker.sh b/artemis-docker/prepare-docker.sh index 9952d95ba6ee..afb3882acf1d 100755 --- a/artemis-docker/prepare-docker.sh +++ b/artemis-docker/prepare-docker.sh @@ -187,4 +187,4 @@ cp ./docker-run.sh "$ARTEMIS_DIST_DIR/docker" echo "Docker file support files at:" tree "$ARTEMIS_DIST_DIR/docker" -next_step +next_step \ No newline at end of file