Address review feedback on es default docker image (elastic#126330)

breskeby · breskeby · commit e2c39367f117 · 2025-05-02T15:47:19.000+02:00
This addresses feedback we got for our default image at docker-library/official-images#18692 This also introduces separate docker source files to make maintaining those easier. We cannot take over all suggested changes as we require certain settings to have our packaging tests pass as expected. (cherry picked from commit ca19573) # Conflicts: # build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/DockerBase.java # distribution/docker/src/docker/Dockerfile
diff --git a/.ci/scripts/packaging-test.sh b/.ci/scripts/packaging-test.sh
@@ -3,7 +3,7 @@
 # opensuse 15 has a missing dep for systemd
 
 if which zypper > /dev/null ; then
-    sudo zypper install -y insserv-compat
+    sudo zypper install -y insserv-compat docker-buildx
 fi
 
 if [ -e /etc/sysctl.d/99-gce.conf ]; then
diff --git a/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/DockerBase.java b/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/DockerBase.java
@@ -19,15 +19,16 @@ public enum DockerBase {
     UBI("docker.elastic.co/ubi8/ubi-minimal:latest", "-ubi8", "microdnf"),
 
     // The Iron Bank base image is UBI (albeit hardened), but we are required to parameterize the Docker build
-    IRON_BANK("${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}", "-ironbank", "yum"),
+    IRON_BANK("${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}", "-ironbank", "yum", "Dockerfile"),
 
     // Chainguard based wolfi image with latest jdk
     // This is usually updated via renovatebot
     // spotless:off
     WOLFI(
         "docker.elastic.co/wolfi/chainguard-base:latest@sha256:1c7f5aa0e7997455b8500d095c7a90e617102d3941eb0757ac62cfea509e09b9",
         "-wolfi",
-        "apk"
+        "apk",
+        "Dockerfile"
     ),
     // spotless:on
 
@@ -43,15 +44,17 @@ public enum DockerBase {
     private final String image;
     private final String suffix;
     private final String packageManager;
+    private final String dockerfile;
 
     DockerBase(String image, String suffix) {
-        this(image, suffix, "apt-get");
+        this(image, suffix, "apt-get", "dockerfile");
     }
 
-    DockerBase(String image, String suffix, String packageManager) {
+    DockerBase(String image, String suffix, String packageManager, String dockerfile) {
         this.image = image;
         this.suffix = suffix;
         this.packageManager = packageManager;
+        this.dockerfile = dockerfile;
     }
 
     public String getImage() {
@@ -65,4 +68,8 @@ public String getSuffix() {
     public String getPackageManager() {
         return packageManager;
     }
+
+    public String getDockerfile() {
+        return dockerfile;
+    }
 }
diff --git a/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/docker/DockerBuildTask.java b/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/docker/DockerBuildTask.java
@@ -170,6 +170,7 @@ private void pullBaseImage(String baseImage) {
                         maybeConfigureDockerConfig(spec);
                         spec.executable("docker");
                         spec.args("pull");
+                        spec.environment("DOCKER_BUILDKIT", "1");
                         spec.args(baseImage);
                     });
 
@@ -205,7 +206,7 @@ public void execute() {
                 maybeConfigureDockerConfig(spec);
 
                 spec.executable("docker");
-
+                spec.environment("DOCKER_BUILDKIT", "1");
                 if (isCrossPlatform) {
                     spec.args("buildx");
                 }
diff --git a/distribution/docker/build.gradle b/distribution/docker/build.gradle
@@ -201,9 +201,10 @@ ext.dockerBuildContext = { Architecture architecture, DockerBase base ->
         from projectDir.resolve("src/docker/config")
       }
     }
-    from(projectDir.resolve("src/docker/Dockerfile")) {
+    from(projectDir.resolve("src/docker/${base.dockerfile}")) {
       expand(varExpansions)
       filter SquashNewlinesFilter
+      rename base.dockerfile, "Dockerfile"
     }
   }
 }
@@ -360,8 +361,7 @@ void addTransformDockerContextTask(Architecture architecture, DockerBase base) {
     String distributionFolderName = "elasticsearch-${VersionProperties.elasticsearch}"
 
     from(tarTree("${project.buildDir}/distributions/${archiveName}.tar.gz")) {
-
-      if (base != DockerBase.IRON_BANK) {
+      if (base != DockerBase.IRON_BANK && base != DockerBase.DEFAULT) {
         // iron bank always needs a COPY with the tarball file path
         eachFile { FileCopyDetails details ->
           if (details.name.equals("Dockerfile")) {
@@ -372,6 +372,17 @@ void addTransformDockerContextTask(Architecture architecture, DockerBase base) {
           }
         }
       }
+      if (base == DockerBase.DEFAULT) {
+        // iron bank always needs a COPY with the tarball file path
+        eachFile { FileCopyDetails details ->
+          if (details.name.equals("Dockerfile")) {
+            filter { String contents ->
+              return contents.replaceAll('^RUN *.*artifacts-no-kpi.*$', "COPY $distributionFolderName .")
+                .replaceAll('^RUN tar -zxf /tmp/elasticsearch.tar.gz --strip-components=1 &&', "RUN ")
+            }
+          }
+        }
+      }
     }
     into "${project.buildDir}/docker-context/${archiveName}"
 

Original file line number	Diff line number	Diff line change
`@@ -201,9 +201,10 @@ ext.dockerBuildContext = { Architecture architecture, DockerBase base ->`
`201`	`201`	`from projectDir.resolve("src/docker/config")`
`202`	`202`	`}`
`203`	`203`	`}`
`204`		`- from(projectDir.resolve("src/docker/Dockerfile")) {`
	`204`	`+ from(projectDir.resolve("src/docker/${base.dockerfile}")) {`
`205`	`205`	`expand(varExpansions)`
`206`	`206`	`filter SquashNewlinesFilter`
	`207`	`+ rename base.dockerfile, "Dockerfile"`
`207`	`208`	`}`
`208`	`209`	`}`
`209`	`210`	`}`
`@@ -360,8 +361,7 @@ void addTransformDockerContextTask(Architecture architecture, DockerBase base) {`
`360`	`361`	`String distributionFolderName = "elasticsearch-${VersionProperties.elasticsearch}"`
`361`	`362`
`362`	`363`	`from(tarTree("${project.buildDir}/distributions/${archiveName}.tar.gz")) {`
`363`		`-`
`364`		`- if (base != DockerBase.IRON_BANK) {`
	`364`	`+ if (base != DockerBase.IRON_BANK && base != DockerBase.DEFAULT) {`
`365`	`365`	`// iron bank always needs a COPY with the tarball file path`
`366`	`366`	`eachFile { FileCopyDetails details ->`
`367`	`367`	`if (details.name.equals("Dockerfile")) {`
`@@ -372,6 +372,17 @@ void addTransformDockerContextTask(Architecture architecture, DockerBase base) {`
`372`	`372`	`}`
`373`	`373`	`}`
`374`	`374`	`}`
	`375`	`+ if (base == DockerBase.DEFAULT) {`
	`376`	`+ // iron bank always needs a COPY with the tarball file path`
	`377`	`+ eachFile { FileCopyDetails details ->`
	`378`	`+ if (details.name.equals("Dockerfile")) {`
	`379`	`+ filter { String contents ->`
	`380`	`+ return contents.replaceAll('^RUN .artifacts-no-kpi.*$', "COPY $distributionFolderName .")`
	`381`	`+ .replaceAll('^RUN tar -zxf /tmp/elasticsearch.tar.gz --strip-components=1 &&', "RUN ")`
	`382`	`+ }`
	`383`	`+ }`
	`384`	`+ }`
	`385`	`+ }`
`375`	`386`	`}`
`376`	`387`	`into "${project.buildDir}/docker-context/${archiveName}"`
`377`	`388`