feat: Add image for OpenSearch Dashboards

CHANGELOG.md

@@ -11,6 +11,7 @@ All notable changes to this project will be documented in this file.
 - opensearch: Use build-repo.stackable.tech instead of Maven Central ([#1222]).
 - opensearch: Add the `opensearch-prometheus-exporter` plugin to the image ([#1223]).
 - opensearch: Replace the demo configuration of the OpenSearch Security plugin with a minimal one ([#1228]).
+- opensearch: Add an image for Opensearch Dashboards with version `3.1.0` ([#1248]).
 - nifi: Backport NIFI-14848 to NiFi ([#1225])
 
 ### Changed
@@ -31,6 +32,7 @@ All notable changes to this project will be documented in this file.
 [#1225]: https://github.com/stackabletech/docker-images/pull/1225
 [#1228]: https://github.com/stackabletech/docker-images/pull/1228
 [#1230]: https://github.com/stackabletech/docker-images/pull/1230
+[#1248]: https://github.com/stackabletech/docker-images/pull/1248
 
 ## [25.7.0] - 2025-07-23
 

opensearch-dashboards/Dockerfile

@@ -0,0 +1,154 @@
+# syntax=docker/dockerfile:1.16.0@sha256:e2dd261f92e4b763d789984f6eab84be66ab4f5f08052316d8eb8f173593acf7
+# check=error=true
+
+FROM local-image/opensearch-dashboards/security-dashboards-plugin AS security-dashboards-plugin
+FROM local-image/opensearch-dashboards/opensearch-build AS opensearch-build
+FROM local-image/stackable-devel AS opensearch-dashboards-builder
+
+ARG PRODUCT
+ARG RELEASE
+ARG OPENSEARCH_DASHBOARDS_SECURITY_DASHBOARDS_PLUGIN
+ARG NODEJS_VERSION
+ARG YARN_VERSION
+ARG STACKABLE_USER_UID
+ARG TARGETARCH
+
+WORKDIR /stackable
+
+COPY --chown=${STACKABLE_USER_UID}:0 opensearch-dashboards/stackable/patches/patchable.toml /stackable/src/opensearch-dashboards/stackable/patches/patchable.toml
+COPY --chown=${STACKABLE_USER_UID}:0 opensearch-dashboards/stackable/patches/${PRODUCT} /stackable/src/opensearch-dashboards/stackable/patches/${PRODUCT}
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=security-dashboards-plugin \
+    /stackable/src/opensearch-dashboards/security-dashboards-plugin/patchable-work/worktree/${OPENSEARCH_DASHBOARDS_SECURITY_DASHBOARDS_PLUGIN} \
+    /stackable/security-dashboards-plugin
+
+# tar, xz - extract nodejs bundle
+# unzip - extract plugin from archive
+RUN <<EOF
+ARCH="${TARGETARCH/amd64/x64}"
+microdnf update
+microdnf install tar xz unzip
+microdnf clean all
+rm -rf /var/cache/yum
+curl "https://nodejs.org/dist/v${NODEJS_VERSION}/node-v${NODEJS_VERSION}-linux-${ARCH}.tar.xz" | tar -xJC /usr/local --strip-components=1
+npm install -g yarn@${YARN_VERSION}
+EOF
+
+USER ${STACKABLE_USER_UID}
+
+RUN <<EOF
+ARCH="${TARGETARCH/amd64/x64}"
+cd "$(/stackable/patchable --images-repo-root=src checkout opensearch-dashboards ${PRODUCT})"
+cp -r /stackable/security-dashboards-plugin plugins/security-dashboards-plugin
+NEW_VERSION="${PRODUCT}-stackable${RELEASE}"
+# Create snapshot of the source code including custom patches
+tar -czf /stackable/opensearch-dashboards-${NEW_VERSION}-src.tar.gz .
+HUSKY=0 yarn osd bootstrap --single-version=loose
+yarn build-platform --release
+mkdir /stackable/opensearch-dashboards
+tar -xzf target/opensearch-dashboards-${PRODUCT}-linux-${ARCH}.tar.gz -C /stackable/opensearch-dashboards --strip-components=1
+cd plugins/security-dashboards-plugin
+yarn build
+unzip build/security-dashboards-${OPENSEARCH_DASHBOARDS_SECURITY_DASHBOARDS_PLUGIN}.zip -d /stackable/security-dashboards-plugin
+mv /stackable/security-dashboards-plugin/opensearch-dashboards/securityDashboards /stackable/opensearch-dashboards/plugins/securityDashboards
+EOF
+
+
+RUN <<EOF
+# Change the group permissions already in the builder image to reduce
+# the size of the final image.
+# see https://github.com/stackabletech/docker-images/issues/961
+chmod -R g=u /stackable
+EOF
+
+FROM local-image/vector AS final
+
+ARG PRODUCT
+ARG RELEASE
+ARG NODEJS
+ARG STACKABLE_USER_UID
+
+ARG NAME="OpenSearch Dashboards"
+ARG DESCRIPTION="This image is currently not deployed by a Stackable Operator."
+ARG HOME=/stackable
+ARG OPENSEARCH_DASHBOARDS_HOME=${HOME}/opensearch-dashboards
+
+LABEL \
+  name="OpenSearch Dashboards" \
+  maintainer="[email protected]" \
+  vendor="Stackable GmbH" \
+  version="${PRODUCT}" \
+  release="${RELEASE}" \
+  summary="The Stackable image for OpenSearch Dashboards." \
+  description="This image is currently not deployed by a Stackable Operator."
+
+# # https://github.com/opencontainers/image-spec/blob/036563a4a268d7c08b51a08f05a02a0fe74c7268/annotations.md#annotations
+LABEL org.opencontainers.image.version="${PRODUCT}"
+LABEL org.opencontainers.image.revision="${RELEASE}"
+LABEL org.opencontainers.image.title="${NAME}"
+LABEL org.opencontainers.image.description="${DESCRIPTION}"
+
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-dashboards-builder \
+    /stackable/opensearch-dashboards \
+    /stackable/opensearch-dashboards-${PRODUCT}-stackable${RELEASE}
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-dashboards-builder \
+    /stackable/opensearch-dashboards-${PRODUCT}-stackable${RELEASE}-src.tar.gz \
+    /stackable/opensearch-dashboards-${PRODUCT}-stackable${RELEASE}-src.tar.gz
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-build \
+    /stackable/opensearch-dashboards-docker-entrypoint.sh \
+    /stackable/opensearch-dashboards-${PRODUCT}-stackable${RELEASE}/opensearch-dashboards-docker-entrypoint.sh
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-build \
+    /stackable/opensearch_dashboards.yml \
+    /stackable/opensearch-dashboards-${PRODUCT}-stackable${RELEASE}/config/opensearch_dashboards.yml
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-dashboards-builder \
+    /usr/local/bin/node \
+    /usr/local/bin/node
+
+RUN <<EOF
+microdnf update
+microdnf clean all
+rm -rf /var/cache/yum
+EOF
+
+RUN <<EOF
+# # All files and folders owned by root group to support running as arbitrary users.
+# # This is best practice as all container users will belong to the root group (0).
+chown ${STACKABLE_USER_UID}:0 ${HOME}
+chmod g=u /stackable/opensearch-dashboards-${PRODUCT}-stackable${RELEASE}
+chmod g=u /stackable/opensearch-dashboards-${PRODUCT}-stackable${RELEASE}/opensearch-dashboards-docker-entrypoint.sh
+chmod g=u /stackable/opensearch-dashboards-${PRODUCT}-stackable${RELEASE}/config/opensearch_dashboards.yml
+chmod g=u /stackable/*-src.tar.gz
+ln -s /stackable/opensearch-dashboards-${PRODUCT}-stackable${RELEASE} ${OPENSEARCH_DASHBOARDS_HOME}
+chown -h ${STACKABLE_USER_UID}:0 ${OPENSEARCH_DASHBOARDS_HOME}
+
+# ----------------------------------------
+# Checks
+# This section is to run final checks to ensure the created final images
+# adhere to several minimal requirements like:
+# - check file permissions and ownerships
+# ----------------------------------------
+
+# Check that permissions and ownership in /stackable are set correctly
+# This will fail and stop the build if any mismatches are found.
+/bin/check-permissions-ownership.sh /stackable ${STACKABLE_USER_UID} 0
+EOF
+
+USER ${STACKABLE_USER_UID}
+
+ENV HOME=${HOME}
+ENV OPENSEARCH_DASHBOARDS_HOME=${OPENSEARCH_DASHBOARDS_HOME}
+ENV PATH="${PATH}:/${OPENSEARCH_DASHBOARDS_HOME}:${OPENSEARCH_DASHBOARDS_HOME}/bin"
+
+WORKDIR ${OPENSEARCH_DASHBOARDS_HOME}
+CMD ["opensearch-dashboards-docker-entrypoint.sh"]

opensearch-dashboards/README.md

@@ -0,0 +1,8 @@
+# OpenSearch
+
+This is the Stackable Data Platform (SDP) OCI image for [OpenSearch Dashboards](https://github.com/opensearch-project/opensearch-dashboards).
+
+The image includes:
+
+- OpenSearch Dashboards
+- `securityDashboards` plugin

opensearch-dashboards/boil-config.toml

@@ -0,0 +1,10 @@
+[versions."3.1.0".local-images]
+stackable-devel = "1.0.0"
+"opensearch-dashboards/security-dashboards-plugin"= "3.1.0.0"
+"opensearch-dashboards/opensearch-build"= "3.1.0"
+"vector" = "0.47.0"
+
+[versions."3.1.0".build-arguments]
+nodejs-version = "20.18.3"
+nifi-opa-authorizer-plugin-version = "0.1.0"
+yarn-version = "1.22.19"

opensearch-dashboards/opensearch-build/Dockerfile

@@ -0,0 +1,21 @@
+# syntax=docker/dockerfile:1.16.0@sha256:e2dd261f92e4b763d789984f6eab84be66ab4f5f08052316d8eb8f173593acf7
+# check=error=true
+
+FROM local-image/stackable-devel AS opensearch-securitydashboards-builder
+
+ARG PRODUCT
+ARG RELEASE
+ARG STACKABLE_USER_UID
+
+WORKDIR /stackable
+
+COPY --chown=${STACKABLE_USER_UID}:0 opensearch-dashboards/opensearch-build/stackable/patches/patchable.toml /stackable/src/opensearch-dashboards/opensearch-build/stackable/patches/patchable.toml
+COPY --chown=${STACKABLE_USER_UID}:0 opensearch-dashboards/opensearch-build/stackable/patches/${PRODUCT} /stackable/src/opensearch-dashboards/opensearch-build/stackable/patches/${PRODUCT}
+
+USER ${STACKABLE_USER_UID}
+
+RUN <<EOF
+    cd "$(/stackable/patchable --images-repo-root=src checkout opensearch-dashboards/opensearch-build ${PRODUCT})"
+    cp docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-3.x.sh /stackable/opensearch-dashboards-docker-entrypoint.sh
+    cp config/opensearch_dashboards-3.x.yml /stackable/opensearch_dashboards.yml
+EOF

opensearch-dashboards/opensearch-build/boil-config.toml

@@ -0,0 +1,2 @@
+[versions."3.1.0".local-images]
+stackable-devel = "1.0.0"

opensearch-dashboards/opensearch-build/stackable/patches/3.1.0/0001-set-correct-OPENSEARCH_DASHBOARDS_HOME-in-docker-ent.patch

@@ -0,0 +1,22 @@
+From 4c72295d98bdc3d47b7f348987e0ea2de9538296 Mon Sep 17 00:00:00 2001
+From: Benedikt Labrenz <[email protected]>
+Date: Tue, 9 Sep 2025 16:41:31 +0200
+Subject: set correct OPENSEARCH_DASHBOARDS_HOME in docker entrypoint
+
+---
+ .../opensearch-dashboards-docker-entrypoint-3.x.sh              | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-3.x.sh b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-3.x.sh
+index 055354ba..33d98353 100755
+--- a/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-3.x.sh
++++ b/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-3.x.sh
+@@ -16,7 +16,7 @@
+ #       --opensearch.startupTimeout=60
+
+ # Setup Home Directory
+-export OPENSEARCH_DASHBOARDS_HOME=/usr/share/opensearch-dashboards
++export OPENSEARCH_DASHBOARDS_HOME=/stackable/opensearch-dashboards
+
+ opensearch_dashboards_vars=(
+     console.enabled

opensearch-dashboards/opensearch-build/stackable/patches/3.1.0/0002-set-server.host-to-0.0.0.0-in-default-config.patch

@@ -0,0 +1,18 @@
+From f960bcb699f59416dde917db4302e178aaca3d3a Mon Sep 17 00:00:00 2001
+From: Benedikt Labrenz <[email protected]>
+Date: Tue, 9 Sep 2025 16:42:53 +0200
+Subject: set server.host to 0.0.0.0 in default config
+
+---
+ config/opensearch_dashboards-3.x.yml | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/config/opensearch_dashboards-3.x.yml b/config/opensearch_dashboards-3.x.yml
+index c6e9c6cc..812d391c 100644
+--- a/config/opensearch_dashboards-3.x.yml
++++ b/config/opensearch_dashboards-3.x.yml
+@@ -231,3 +231,4 @@ opensearch_security.multitenancy.tenants.preferred: [Private, Global]
+ opensearch_security.readonly_mode.roles: [kibana_read_only]
+ # Use this setting if you are running opensearch-dashboards without https
+ opensearch_security.cookie.secure: false
++server.host: '0.0.0.0'

opensearch-dashboards/opensearch-build/stackable/patches/3.1.0/patchable.toml

@@ -0,0 +1 @@
+base = "c152d16bbe6b4501e3e2418be0f9f8b3dc07559f"

opensearch-dashboards/opensearch-build/stackable/patches/patchable.toml

@@ -0,0 +1,2 @@
+upstream = "https://github.com/opensearch-project/opensearch-build"
+default-mirror = "https://github.com/stackabletech/opensearch-build"

opensearch-dashboards/security-dashboards-plugin/Dockerfile

@@ -0,0 +1,30 @@
+# syntax=docker/dockerfile:1.16.0@sha256:e2dd261f92e4b763d789984f6eab84be66ab4f5f08052316d8eb8f173593acf7
+# check=error=true
+
+FROM local-image/stackable-devel AS opensearch-securitydashboards-builder
+
+ARG PRODUCT
+ARG RELEASE
+ARG STACKABLE_USER_UID
+
+WORKDIR /stackable
+
+COPY --chown=${STACKABLE_USER_UID}:0 opensearch-dashboards/security-dashboards-plugin/stackable/patches/patchable.toml /stackable/src/opensearch-dashboards/security-dashboards-plugin/stackable/patches/patchable.toml
+COPY --chown=${STACKABLE_USER_UID}:0 opensearch-dashboards/security-dashboards-plugin/stackable/patches/${PRODUCT} /stackable/src/opensearch-dashboards/security-dashboards-plugin/stackable/patches/${PRODUCT}
+
+# tar - archive source code
+RUN <<EOF
+microdnf update
+microdnf install tar
+microdnf clean all
+rm -rf /var/cache/yum
+EOF
+
+USER ${STACKABLE_USER_UID}
+
+RUN <<EOF
+cd "$(/stackable/patchable --images-repo-root=src checkout opensearch-dashboards/security-dashboards-plugin ${PRODUCT})"
+NEW_VERSION="${PRODUCT}-stackable${RELEASE}"
+# Create snapshot of the source code including custom patches
+tar -czf /stackable/opensearch-dashboards-security-dashboards-plugin${NEW_VERSION}-src.tar.gz .
+EOF

opensearch-dashboards/security-dashboards-plugin/boil-config.toml

@@ -0,0 +1,2 @@
+[versions."3.1.0.0".local-images]
+stackable-devel = "1.0.0"

opensearch-dashboards/security-dashboards-plugin/stackable/patches/3.1.0.0/patchable.toml

@@ -0,0 +1 @@
+base = "6be08faa8a4b5dfb8842aa12cf745177cec28fbe"

opensearch-dashboards/security-dashboards-plugin/stackable/patches/patchable.toml

@@ -0,0 +1,2 @@
+upstream = "https://github.com/opensearch-project/security-dashboards-plugin"
+default-mirror = "https://github.com/stackabletech/security-dashboards-plugin"

opensearch-dashboards/stackable/patches/3.1.0/patchable.toml

@@ -0,0 +1 @@
+base = "1feb86934e7f2d5fae58baebf1b98c5c0825bc3f"

opensearch-dashboards/stackable/patches/patchable.toml

@@ -0,0 +1,2 @@
+upstream = "https://github.com/opensearch-project/opensearch-dashboards"
+default-mirror = "https://github.com/stackabletech/opensearch-dashboards"