Convert to Docker Official Images #152
Conversation
|
Currently, many users use onbuild images to use 3rd party plugins and own configuration. |
|
Okay, understood. How about the remainder of the changes? |
|
If you know your users are successfully using ”ONBUILD" variants and are
fine with their limitations (and you're fine maintaining them), we're
willing to make exceptions there (see "sentry" for example). 👍
(I haven't had a chance to look at the rest of these changes yet, but I do
plan to pre-review this before it hits our queue to try and help out here.)
|
|
Thanks @tianon. A review from you would be good. |
tianon
left a comment
tianon
left a comment
There was a problem hiding this comment.
Had a bit of spare time so I took a first pass. 👍
v0.12/alpine/entrypoint.sh
Outdated
|
|
||
| # If user does not supply config file or plugins, use the default | ||
| if [ "$1" == "fluentd" ]; then | ||
| if ! echo $@ | grep '\-c' ; then |
There was a problem hiding this comment.
This grep is a little bit hacky -- if given multiple -c options, does fluentd not simply prefer the last one specified? It appears to:
$ docker run --rm fluent/fluentd:v1.2.3-debian fluentd -c /dev/null -c /fluentd/etc/fluent.conf
2018-11-22 18:38:07 +0000 [info]: parsing config file is succeeded path="/fluentd/etc/fluent.conf"
...So these default flags could instead be specified like this:
if [ "$1" = 'fluentd' ]; then
shift # remove 'fluentd' so we can prepend easier
set -- fluentd -c /fluentd/etc/fluent.conf -p /fluentd/plugins "$@" # set defaults for "-c" and "-p" (which are then overrideable via the container command)
fiThere was a problem hiding this comment.
This seems even hackier than my solution. Don't you think this will confuse users?
There was a problem hiding this comment.
By "hacky", I mean "fragile". With the current solution, if there's the string -c anywhere in the supplied arguments, it will not apply the default configuration, which is more likely to break.
For the purposes of the official images, I'm much more concerned with the user's usage patterns than what the final generated command ends up being (multiple -c parameters would likely be slightly more confusing for users, but that can be trivially mitigated here by a comment that explains that the behavior of fluentd is to prefer the last-specified-flag for each option given, which is why these get pre-pended to the front of the command string instead of appended to the end). The end goal is to have a reliable means of supplying a default configuration file and a trivial way for users to override it, which the solution I've proposed will provide in all cases I've tested, which I can't say about echo ... | grep '\-c'. The echo solution would be slightly better with something like haveConfig=; for arg; do if [ "$arg" = '-c' ]; then haveConfig=1; break; fi; done; if [ -z "$haveConfig" ]; then set -- "$@" -c ...; fi, but is significantly more verbose.
I think this is likely another place to solicit preference from the maintainer (@repeatedly). 👍
There was a problem hiding this comment.
The latter solution won't catch instances of -c/fluentd/etc/fluent.conf which is still valid.
How about I expand my solution to if ! echo $@ | grep '<SPACE>\-c' ; then, since <SPACE>-[a-zA-Z0-9] should always (?) be treated as a flagged argument, there shouldn't be any false positives and should therefore be less fragile.
| set -o allexport | ||
| source $DEFAULT | ||
| set +o allexport | ||
| fi |
There was a problem hiding this comment.
Is this sourcing code just to set (the now-removed) FLUENTD_CONF and FLUENTD_OPT variables or does it have other uses?
There was a problem hiding this comment.
No idea. I guess this is one for @repeatedly.
There was a problem hiding this comment.
does it have other uses?
Fluentd users sometimes set own environment variable via this mechanizm.
So this image keeps same mechaznim.
| fi | ||
| fi | ||
|
|
||
| exec gosu fluent "$@" |
There was a problem hiding this comment.
Would it be worthwhile to update this for allowing arbitrary --user values? ie something like:
if [ "$(id -u)" = '0' ]; then
exec gosu fluent "$@"
else
exec "$@"
fiThere was a problem hiding this comment.
Not sure this is required for this project.
Best ask @repeatedly.
There was a problem hiding this comment.
Is it important for official images?
We can add this change after become official, right?
There was a problem hiding this comment.
Judging by the language @tianon uses here, I would say that it is not a blocker for Official Images.
Thus adding this change as a subsequent PR sounds reasonable.
|
Thanks for your review @tianon. I will have a look at fixing (mostly adding really) your comments. |
lag-linaro
force-pushed
the
convert-to-docker-official-images
branch
from
4ff7f21 to
f38a9dc
Compare
Note that we can't convert Alpine ARMHF images, as they are not pushed to Docker Hub. This issue was highlighted by @tianon LINK: fluent#152 (comment) This is part of an effort to make FluentD part of Docker's Official Images. Signed-off-by: Lee Jones <[email protected]>
|
Phew! Okay @tianon should be all done. I didn't change the semantics where we search for the Everything else has been fixed up though. I'd really appreciate a review from both @tianon and @repeatedly so we can have this merged. 😃 |
|
question: is it time to get rid of Alpine images ?, basically without Jemalloc there is a lot of memory fragmentation on high load environments, I don't see how that is healthy in a containerized environment. |
For the official images, the backwards compatibility concern with removing isn't a large concern (so this would be fine from our perspective), but the real call there is likely up to @repeatedly (we don't have a strong preference either way). 👍 |
|
@repeatedly could you please review the PR? |
|
I did a quick build test and found the following problem in one of the arm images: looks like related to the missing dependency: |
|
Thank you for testing this @edsiper. Ah, I didn't test the I can fix this, although what I'd really like to do is remove the cross-complied The main/default Dockerfile should support |
lag-linaro
force-pushed
the
convert-to-docker-official-images
branch
2 times, most recently
from
d6aaa84 to
da77e14
Compare
Note that we can't convert Alpine ARMHF images, as they are not pushed to Docker Hub. This issue was highlighted by @tianon LINK: fluent#152 (comment) This is part of an effort to make FluentD part of Docker's Official Images. Signed-off-by: Lee Jones <[email protected]>
|
This pull-request has been rebased, so no more merge conflicts. The Travis failures are due to GPG issues (which aren't anything to do with this PR) and on-build issues where the images are missing. The latter will be automatically rectified once we're in Official Images. |
|
@lag-linaro do you have some build already published somewhere? I have a mixed k8s env with amd64/arm64 and would be happy to test if I can deploy it with the same daemonset... |
There was a problem hiding this comment.
By this patch, we remove FLIENT_UID for #78
We should document proper way for id mapping.
If we break backward compatibility, we should add version tag to new images?
fluent/fluentd-kubernetes-daemonset#213
| set -o allexport | ||
| source $DEFAULT | ||
| set +o allexport | ||
| fi |
There was a problem hiding this comment.
does it have other uses?
Fluentd users sometimes set own environment variable via this mechanizm.
So this image keeps same mechaznim.
| fi | ||
| fi | ||
|
|
||
| exec gosu fluent "$@" |
There was a problem hiding this comment.
Is it important for official images?
We can add this change after become official, right?
I can push a build for you if it helps? |
|
@repeatedly @edsiper @tianon: what's blocking this currently? |
yes a multiarch image in docker hub would help... |
|
No blocker for patch itself. |
It's not multi-arch (no images are), but here is an To pull it on your AArch64 based platform use:
|
Understood. Do you know when this might be resolved? |
|
I just merged #161 |
|
Wonderful. Do you know when it will be done? |
|
@lag-linaro Could you resolve the conflict? |
Yes, I'll do that right away. |
Note that we can't convert Alpine ARMHF images, as they are not pushed to Docker Hub. This issue was highlighted by @tianon LINK: fluent#152 (comment) This is part of an effort to make FluentD part of Docker's Official Images. Signed-off-by: Lee Jones <[email protected]>
As suggested by @tianon LINK: docker-library/official-images#3724 (comment) This is part of an effort to make FluentD part of Docker's Official Images. Signed-off-by: Lee Jones <[email protected]>
As suggested by @tianon LINK: docker-library/official-images#3724 (comment) This is part of an effort to make FluentD part of Docker's Official Images. Also see LINK: https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#apt-get Signed-off-by: Lee Jones <[email protected]>
As suggested by @tianon LINK: docker-library/official-images#3724 (comment) This is part of an effort to make FluentD part of Docker's Official Images. Also see LINK: https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#apt-get Signed-off-by: Lee Jones <[email protected]>
As suggested by @tianon LINK: docker-library/official-images#3724 (comment) This is part of an effort to make FluentD part of Docker's Official Images. Signed-off-by: Lee Jones <[email protected]>
The FluentD package does not provide a 'fluent' user. Until now hacks exist in the entrypoint.sh which provide one manually at run-time. Instead of doing that, let's create the user when the container is created. This issue was highlighted by @tianon LINK: docker-library/official-images#3724 (comment) Signed-off-by: Lee Jones <[email protected]>
If permissions problems exist, they should be overcome properly. For examples see: LINK: docker-library/rabbitmq#60 LINK: docker-library/cassandra#48 LINK: docker-library/mongo#81 LINK: redis/docker-library-redis#48 LINK: docker-library/mysql#161 LINK: MariaDB/mariadb-docker#59 LINK: docker-library/percona#21 LINK: docker-library/ghost#54 LINK: docker-library/postgres#253 As suggested by @tianon LINK: docker-library/official-images#3724 (comment) This is part of an effort to make FluentD part of Docker's Official Images. Signed-off-by: Lee Jones <[email protected]>
This allows us to remove the `FLUENTD_CONF` and `FLUENTD_OPT` envs. As suggested by @tianon LINK: docker-library/official-images#3724 (comment) This is part of an effort to make FluentD part of Docker's Official Images. Signed-off-by: Lee Jones <[email protected]>
lag-linaro
force-pushed
the
convert-to-docker-official-images
branch
from
da77e14 to
223e5fa
Compare
Tiny is much more cross-platform friendly than dumb-init. Signed-off-by: Lee Jones <[email protected]>
Signed-off-by: Lee Jones <[email protected]>
Signed-off-by: Lee Jones <[email protected]>
Signed-off-by: Lee Jones <[email protected]>
lag-linaro
force-pushed
the
convert-to-docker-official-images
branch
from
223e5fa to
5896b1e
Compare
|
Awesome. Will you be submitting the change to Docker's Official Images repo? An updated version of this PR: docker-library/official-images#3724 |
5 participants
When this project last attempted to become part of Docker Official Images, it was heavily reviewed.
This PR attempts to address each of the issues raised by @tianon.
For reference, the last review took place here:
LINK: docker-library/official-images#3724 (comment)