Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(container image): fix ssl3 runtime dep, update to debian 12 bookworm, upgrade rust #116

Merged
merged 4 commits into from
Dec 27, 2023
Merged

fix(container image): fix ssl3 runtime dep, update to debian 12 bookworm, upgrade rust #116

merged 4 commits into from
Dec 27, 2023

Conversation

philjb
Copy link
Contributor

@philjb philjb commented Dec 22, 2023
edited
Loading

Sinker got ssl security updates that requires libssl.so.3 which debian bullseye doesn't have. So sinker pods can't run. To resolve, i upgraded to bookworm images, upgraded rust to 1.74, copied over what the iox dockerfile does to bring in the libssl3 libraries, added a sinker user (also following iox's dockerfile).

apt install libssl3 was the critical piece.

The new runtime container image is 122MB. The previous image is 94MB.

pod error

/usr/local/bin/sinker: error while loading shared libraries: libssl.so.3: cannot open shared object file: No such file or directory

I believe this works although proving it on my M2 Max is difficult.

@philjb
fix(container image): update to dedian 12 bookworm
a152009 
Sinker got ssl security updates that requires libssl.so.3 which debian
bullseye doesn't have. Update to bookworm image.
@philjb philjb enabled auto-merge December 22, 2023 22:26
@philjb philjb changed the title fix(container image): update to dedian 12 bookworm fix(container image): update to debian 12 bookworm Dec 22, 2023
@philjb philjb disabled auto-merge December 22, 2023 22:47
@philjb
Copy link
Contributor Author

philjb commented Dec 22, 2023

no it appears bookworm-slim doesn't have libssl.so.3 either.

@philjb philjb marked this pull request as draft December 22, 2023 22:47
@philjb
chore: install libssl3, create sinker user
2dbe878 
Updates the sinker dockerfile following what iox does for a runtime
image with libssl3 libraries, also create sinker user and group
on the container.
@philjb philjb marked this pull request as ready for review December 26, 2023 16:05
@philjb
Copy link
Contributor Author

philjb commented Dec 26, 2023
edited
Loading

I'm not sure i can specify specific image shas in the docker file and support multiplatform builds. If this is important, i can work out an if/then for the shas as args. EDIT: I found the multiplaform shas

This pr is ready to review.

@philjb
chore: use multiplatform shas for images
3eb4bb1 
docker buildx imagetools inspect <image> will show the overall
manifest sha unlike docker hub which only shows shas for specific
platforms.
@philjb philjb enabled auto-merge December 26, 2023 16:50
@philjb philjb changed the title fix(container image): update to debian 12 bookworm fix(container image): fix ssl3 runtime dep, update to debian 12 bookworm, upgrade rust Dec 26, 2023
@philjb
Copy link
Contributor Author

philjb commented Dec 26, 2023
edited
Loading

I tested an image from this docker file in local dev - it runs.

by editing apps/tubernetes/infra/sinker/deployment.libsonnet to have the sinker image point to the local registry that tilt/kind set up and also pushing the built image to the registry.

@philjb philjb merged commit 934f7fc into main Dec 27, 2023
2 checks passed
@philjb philjb deleted the pjb-runtime-container-image-update branch December 27, 2023 14:22
@philjb
Copy link
Contributor Author

philjb commented Jan 4, 2024

In bisecting an issue with the sinker readiness and liveness probes, i discovered it wasn't the ssl dep upgrade that need libssl3 but the rust toolchain upgrade in #83

see comment https://github.com/influxdata/k8s-idpe/pull/35968#issuecomment-1876291232

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcdavoli marcdavoli marcdavoli approved these changes

@mkmik mkmik Awaiting requested review from mkmik

@cannonpalms cannonpalms Awaiting requested review from cannonpalms

@eumoh1601 eumoh1601 Awaiting requested review from eumoh1601

@wikoion wikoion Awaiting requested review from wikoion

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@philjb @marcdavoli