-
Notifications
You must be signed in to change notification settings - Fork 924
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ARTEMIS-3042 Add docker multistage build
This adds the possibility to create an artemis image with just the docker build command. First the image is downloaded in an Eclipse Temurin installation and later transferred to an alpine image. Thus, it ensures that only the relevant data is stored in alpine leading to a smaller attack surface.
- Loading branch information
1 parent
eb11b04
commit 2b34b8e
Showing
10 changed files
with
515 additions
and
129 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
# Licensed to the Apache Software Foundation (ASF) under one | ||
# or more contributor license agreements. See the NOTICE file | ||
# distributed with this work for additional information | ||
# regarding copyright ownership. The ASF licenses this file | ||
# to you under the Apache License, Version 2.0 (the | ||
# "License"); you may not use this file except in compliance | ||
# with the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, | ||
# software distributed under the License is distributed on an | ||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
# KIND, either express or implied. See the License for the | ||
# specific language governing permissions and limitations | ||
# under the License. | ||
|
||
# ActiveMQ Artemis | ||
|
||
ARG CURRENT_VERSION=2.17.0 | ||
|
||
FROM eclipse-temurin:11-jdk as builder | ||
ARG CURRENT_VERSION | ||
|
||
ENV VERSION=$CURRENT_VERSION | ||
|
||
RUN apt update -y && apt upgrade -y && apt install tree curl -y | ||
|
||
ADD ./prepare-docker.sh /bin/prepareDocker | ||
WORKDIR /root/artemis-build | ||
COPY docker-run.sh . | ||
RUN bash prepareDocker --from-release --artemis-version ${VERSION} | ||
|
||
|
||
FROM alpine:latest | ||
|
||
ARG CURRENT_VERSION | ||
|
||
ENV VERSION=$CURRENT_VERSION | ||
|
||
RUN apk --no-cache add openjdk17-jre-headless bash libaio\ | ||
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/community | ||
|
||
|
||
LABEL maintainer="Apache ActiveMQ Team" | ||
# Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006 | ||
SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
WORKDIR /opt | ||
|
||
ENV ARTEMIS_USER artemis | ||
ENV ARTEMIS_PASSWORD artemis | ||
ENV ANONYMOUS_LOGIN false | ||
ENV EXTRA_ARGS --http-host 0.0.0.0 --relax-jolokia | ||
|
||
# add user and group for artemis | ||
RUN addgroup -g 1001 artemis && adduser -u 1002 --ingroup artemis --disabled-password artemis | ||
|
||
USER artemis | ||
|
||
COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/ /opt/activemq-artemis | ||
|
||
# Web Server | ||
EXPOSE 8161 \ | ||
# JMX Exporter | ||
9404 \ | ||
# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE | ||
61616 \ | ||
# Port for HORNETQ,STOMP | ||
5445 \ | ||
# Port for AMQP | ||
5672 \ | ||
# Port for MQTT | ||
1883 \ | ||
#Port for STOMP | ||
61613 | ||
|
||
USER root | ||
|
||
RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance | ||
|
||
COPY --from=builder /root/artemis-build/_TMP_/artemis/${VERSION}/docker/docker-run.sh / | ||
|
||
USER artemis | ||
|
||
# Expose some outstanding folders | ||
VOLUME ["/var/lib/artemis-instance"] | ||
WORKDIR /var/lib/artemis-instance | ||
|
||
ENTRYPOINT ["/docker-run.sh"] | ||
CMD ["run"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
# Licensed to the Apache Software Foundation (ASF) under one | ||
# or more contributor license agreements. See the NOTICE file | ||
# distributed with this work for additional information | ||
# regarding copyright ownership. The ASF licenses this file | ||
# to you under the Apache License, Version 2.0 (the | ||
# "License"); you may not use this file except in compliance | ||
# with the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, | ||
# software distributed under the License is distributed on an | ||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
# KIND, either express or implied. See the License for the | ||
# specific language governing permissions and limitations | ||
# under the License. | ||
|
||
# ActiveMQ Artemis | ||
|
||
FROM maven:3-eclipse-temurin-11 as builder | ||
|
||
|
||
RUN apt update -y && apt upgrade -y && apt install tree curl -y | ||
|
||
WORKDIR /root/artemis-build | ||
COPY /artemis-docker/docker-run.sh . | ||
COPY . . | ||
|
||
RUN mvn -q clean install -DskipTests -DskipITs -DskipDocs -DskipDocker -DskipDoc | ||
|
||
FROM alpine:latest | ||
|
||
|
||
RUN apk --no-cache add openjdk17-jre-headless bash libaio\ | ||
--repository=http://dl-cdn.alpinelinux.org/alpine/edge/community | ||
|
||
|
||
LABEL maintainer="Apache ActiveMQ Team" | ||
# Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006 | ||
SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
WORKDIR /opt | ||
|
||
ENV ARTEMIS_USER artemis | ||
ENV ARTEMIS_PASSWORD artemis | ||
ENV ANONYMOUS_LOGIN false | ||
ENV EXTRA_ARGS --http-host 0.0.0.0 --relax-jolokia | ||
|
||
# add user and group for artemis | ||
RUN addgroup -g 1001 artemis && adduser -u 1002 --ingroup artemis --disabled-password artemis | ||
|
||
USER artemis | ||
|
||
COPY --chown=artemis:artemis --from=builder /root/artemis-build/artemis-distribution/target/apache-artemis*-bin/*SNAPSHOT /opt/activemq-artemis/ | ||
|
||
# Web Server | ||
EXPOSE 8161 \ | ||
# JMX Exporter | ||
9404 \ | ||
# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE | ||
61616 \ | ||
# Port for HORNETQ,STOMP | ||
5445 \ | ||
# Port for AMQP | ||
5672 \ | ||
# Port for MQTT | ||
1883 \ | ||
#Port for STOMP | ||
61613 | ||
|
||
USER root | ||
|
||
RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance | ||
|
||
COPY --chown=artemis:artemis --from=builder /root/artemis-build/artemis-docker/docker-run.sh /var/lib/artemis-instance/docker-run.sh | ||
|
||
USER artemis | ||
|
||
# Expose some outstanding folders | ||
VOLUME ["/var/lib/artemis-instance"] | ||
WORKDIR /var/lib/artemis-instance | ||
|
||
ENTRYPOINT ["./docker-run.sh"] | ||
CMD ["run"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# Licensed to the Apache Software Foundation (ASF) under one | ||
# or more contributor license agreements. See the NOTICE file | ||
# distributed with this work for additional information | ||
# regarding copyright ownership. The ASF licenses this file | ||
# to you under the Apache License, Version 2.0 (the | ||
# "License"); you may not use this file except in compliance | ||
# with the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, | ||
# software distributed under the License is distributed on an | ||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
# KIND, either express or implied. See the License for the | ||
# specific language governing permissions and limitations | ||
# under the License. | ||
|
||
# ActiveMQ Artemis | ||
|
||
FROM maven:3-eclipse-temurin-11 as builder | ||
|
||
RUN apt update -y && apt upgrade -y && apt install tree curl -y | ||
|
||
WORKDIR /root/artemis-build | ||
COPY /artemis-docker/docker-run.sh . | ||
COPY . . | ||
|
||
RUN mvn -q clean install -DskipTests -DskipITs -DskipDocs -DskipDocker -DskipDoc | ||
|
||
FROM eclipse-temurin:11-centos7 | ||
LABEL maintainer="Apache ActiveMQ Team" | ||
# Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006 | ||
SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
WORKDIR /opt | ||
|
||
ENV ARTEMIS_USER artemis | ||
ENV ARTEMIS_PASSWORD artemis | ||
ENV ANONYMOUS_LOGIN false | ||
ENV EXTRA_ARGS --http-host 0.0.0.0 --relax-jolokia | ||
|
||
USER root | ||
|
||
# add user and group for artemis | ||
RUN groupadd -g 1001 -r artemis && useradd -r -u 1001 -g artemis artemis \ | ||
&& yum install -y libaio && yum -y clean all | ||
|
||
USER artemis | ||
|
||
COPY --chown=artemis:artemis --from=builder /root/artemis-build/artemis-distribution/target/apache-artemis*-bin/*SNAPSHOT /opt/activemq-artemis/ | ||
|
||
# Web Server | ||
EXPOSE 8161 \ | ||
# JMX Exporter | ||
9404 \ | ||
# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE | ||
61616 \ | ||
# Port for HORNETQ,STOMP | ||
5445 \ | ||
# Port for AMQP | ||
5672 \ | ||
# Port for MQTT | ||
1883 \ | ||
#Port for STOMP | ||
61613 | ||
|
||
USER root | ||
|
||
RUN mkdir /var/lib/artemis-instance && chown -R artemis.artemis /var/lib/artemis-instance | ||
|
||
COPY --chown=artemis:artemis --from=builder /root/artemis-build/artemis-docker/docker-run.sh /var/lib/artemis-instance/docker-run.sh | ||
|
||
USER artemis | ||
|
||
# Expose some outstanding folders | ||
VOLUME ["/var/lib/artemis-instance"] | ||
WORKDIR /var/lib/artemis-instance | ||
|
||
ENTRYPOINT ["./docker-run.sh"] | ||
CMD ["run"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.