diff --git a/changelog/fragments/1734959878-Replace-default-Ubuntu-based-images-with-UBI-minimal-based-ones.yaml b/changelog/fragments/1734959878-Replace-default-Ubuntu-based-images-with-UBI-minimal-based-ones.yaml new file mode 100644 index 00000000000..2146ab2cef8 --- /dev/null +++ b/changelog/fragments/1734959878-Replace-default-Ubuntu-based-images-with-UBI-minimal-based-ones.yaml @@ -0,0 +1,32 @@ +# Kind can be one of: +# - breaking-change: a change to previously-documented behavior +# - deprecation: functionality that is being removed in a later release +# - bug-fix: fixes a problem in a previous version +# - enhancement: extends functionality but does not break or fix existing behavior +# - feature: new functionality +# - known-issue: problems that we are aware of in a given version +# - security: impacts on the security of a product or a user’s deployment. +# - upgrade: important information for someone upgrading from a prior version +# - other: does not fit into any of the other categories +kind: breaking-change + +# Change summary; a 80ish characters long description of the change. +summary: Replace default Ubuntu-based images with UBI-minimal-based ones + +# Long description; in case the summary is not enough to describe the change +# this field accommodate a description without length limits. +# NOTE: This field will be rendered only for breaking-change and known-issue kinds at the moment. +#description: + +# Affected component; usually one of "elastic-agent", "fleet-server", "filebeat", "metricbeat", "auditbeat", "all", etc. +component: elastic-agent + +# PR URL; optional; the PR number that added the changeset. +# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added. +# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number. +# Please provide it if you are adding a fragment for a different PR. +pr: https://github.com/elastic/elastic-agent/pull/6427 + +# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of). +# If not present is automatically filled by the tooling with the issue linked to the PR number. +#issue: https://github.com/owner/repo/1234 diff --git a/dev-tools/packaging/packages.yml b/dev-tools/packaging/packages.yml index f2bdddb36be..8db52f0ca24 100644 --- a/dev-tools/packaging/packages.yml +++ b/dev-tools/packaging/packages.yml @@ -222,21 +222,12 @@ shared: extra_vars: buildFrom: '--platform=linux/arm64 cgr.dev/chainguard/wolfi-base' - - &docker_ubuntu_spec - docker_variant: 'basic' - extra_vars: - from: '--platform=linux/amd64 ubuntu:24.04' - - &docker_ubuntu_arm_spec - docker_variant: 'basic' - extra_vars: - from: '--platform=linux/arm64 ubuntu:24.04' - - &docker_ubi_spec - docker_variant: 'ubi' + docker_variant: 'basic' extra_vars: from: '--platform=linux/amd64 docker.elastic.co/ubi9/ubi-minimal' - &docker_ubi_arm_spec - docker_variant: 'ubi' + docker_variant: 'basic' extra_vars: from: '--platform=linux/arm64 docker.elastic.co/ubi9/ubi-minimal' @@ -545,7 +536,7 @@ specs: types: [docker] spec: <<: *docker_spec - <<: *docker_ubuntu_spec + <<: *docker_ubi_spec <<: *docker_builder_spec - os: linux @@ -595,7 +586,7 @@ specs: types: [docker] spec: <<: *docker_spec - <<: *docker_ubuntu_spec + <<: *docker_ubi_spec <<: *docker_builder_spec <<: *docker_elastic_spec <<: *apache_license_for_binaries @@ -652,7 +643,7 @@ specs: types: [docker] spec: <<: *docker_spec - <<: *docker_ubuntu_spec + <<: *docker_ubi_spec <<: *docker_builder_spec <<: *docker_elastic_spec <<: *elastic_license_for_binaries @@ -661,11 +652,12 @@ specs: types: [docker] spec: <<: *docker_spec - <<: *docker_ubuntu_arm_spec + <<: *docker_ubi_arm_spec <<: *docker_builder_arm_spec <<: *docker_elastic_spec <<: *elastic_license_for_binaries + # keep producing ubi suffixed images - os: linux arch: amd64 types: [docker] @@ -675,6 +667,7 @@ specs: <<: *docker_builder_spec <<: *docker_elastic_spec <<: *elastic_license_for_binaries + docker_variant: "ubi" - os: linux arch: arm64 types: [docker] @@ -684,6 +677,7 @@ specs: <<: *docker_builder_arm_spec <<: *docker_elastic_spec <<: *elastic_license_for_binaries + docker_variant: "ubi" - os: linux arch: amd64 @@ -780,24 +774,12 @@ specs: /usr/share/{{.BeatName}}/bin/{{.BeatName}}{{.BinaryExt}}: source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - - os: linux - arch: amd64 - types: [docker] - spec: - <<: *docker_spec - <<: *docker_ubuntu_spec - <<: *docker_builder_spec - <<: *docker_elastic_spec - <<: *elastic_license_for_binaries - files: - '{{.BeatName}}{{.BinaryExt}}': - source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - os: linux arch: arm64 types: [docker] spec: <<: *docker_spec - <<: *docker_ubuntu_arm_spec + <<: *docker_ubi_arm_spec <<: *docker_builder_arm_spec <<: *docker_elastic_spec <<: *elastic_license_for_binaries @@ -817,18 +799,6 @@ specs: files: '{{.BeatName}}{{.BinaryExt}}': source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - - os: linux - arch: arm64 - types: [docker] - spec: - <<: *docker_spec - <<: *docker_ubi_arm_spec - <<: *docker_builder_arm_spec - <<: *docker_elastic_spec - <<: *elastic_license_for_binaries - files: - '{{.BeatName}}{{.BinaryExt}}': - source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - os: linux arch: amd64 @@ -914,14 +884,14 @@ specs: <<: *elastic_license_for_deb_rpm ######## Docker images ######### - #### Ubuntu-based images #### + #### UBI-minimal-based images #### # Complete image gets a 'complete' variant for synthetics and other large # packages too big to fit in the main image - os: linux arch: amd64 types: [docker] spec: - <<: *docker_ubuntu_spec + <<: *docker_ubi_spec <<: *docker_builder_spec <<: *agent_docker_complete_spec <<: *docker_elastic_spec @@ -945,7 +915,7 @@ specs: arch: arm64 types: [docker] spec: - <<: *docker_ubuntu_arm_spec + <<: *docker_ubi_arm_spec <<: *docker_builder_arm_spec <<: *agent_docker_complete_spec <<: *docker_elastic_spec @@ -969,11 +939,12 @@ specs: arch: amd64 types: [docker] spec: - <<: *docker_ubuntu_spec + <<: *docker_ubi_spec <<: *docker_builder_spec <<: *agent_docker_spec <<: *docker_elastic_spec <<: *elastic_license_for_binaries + docker_variant: 'ubi' files: '{{.BeatName}}{{.BinaryExt}}': source: ./build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} @@ -981,15 +952,15 @@ specs: arch: arm64 types: [docker] spec: - <<: *docker_ubuntu_arm_spec + <<: *docker_ubi_arm_spec <<: *docker_builder_arm_spec <<: *agent_docker_spec <<: *docker_elastic_spec <<: *elastic_license_for_binaries + docker_variant: 'ubi' files: '{{.BeatName}}{{.BinaryExt}}': source: ./build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - #### ubi-based #### - os: linux arch: amd64 types: [docker] diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index 555ef221213..a15bee5c9e5 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -69,20 +69,11 @@ FROM {{ .from }} ENV BEAT_SETUID_AS={{ .user }} {{- if contains .from "ubi-minimal" }} -RUN for iter in {1..10}; do microdnf update -y && microdnf install -y tar gzip findutils shadow-utils && microdnf clean all && exit_code=0 && break || exit_code=$? && echo "microdnf error: retry $iter in 10s" && sleep 10; done; (exit $exit_code) -{{- end }} - -{{- if contains .from "ubuntu" }} -# Delete the existing "ubuntu" user to prevent conflict with the user that is added later. -# See https://bugs.launchpad.net/cloud-images/+bug/2005129/comments/2. -RUN touch /var/mail/ubuntu && chown ubuntu /var/mail/ubuntu && userdel -r ubuntu RUN for iter in {1..10}; do \ - apt-get update -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes ca-certificates curl gawk xz-utils && \ - apt-get clean all && \ - exit_code=0 && break || exit_code=$? && echo "apt-get error: retry $iter in 10s" && sleep 10; \ - done; \ - (exit $exit_code) + microdnf update -y && \ + microdnf install -y tar gzip findutils shadow-utils ca-certificates gawk libcap xz && \ + microdnf clean all && \ + exit_code=0 && break || exit_code=$? && echo "microdnf error: retry $iter in 10s" && sleep 10; done; (exit $exit_code) {{- end }} {{- if contains .from "wolfi" }} @@ -187,7 +178,7 @@ RUN apk add --no-cache git make python-3.11 py3.11-pip && \ chmod 0755 {{ $beatHome }}/data/elastic-agent-*/components/connectors {{- end }} -{{- if (and (eq .Variant "complete") (contains .from "ubuntu")) }} +{{- if (and (eq .Variant "complete") (contains .from "ubi-minimal")) }} USER root ENV NODE_PATH={{ $beatHome }}/.node RUN echo \ @@ -239,12 +230,23 @@ USER root # We don't use npx playwright install-deps because that could pull a newer version # Install additional fonts as well RUN for iter in {1..10}; do \ - apt-get update -y && \ - $NODE_PATH/node/lib/node_modules/@elastic/synthetics/node_modules/.bin/playwright install-deps chromium && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes \ - fonts-noto \ - fonts-noto-cjk && \ - exit_code=0 && break || exit_code=$? && echo "apt-get error: retry $iter in 10s" && sleep 10; \ + microdnf -y update && \ + microdnf -y install fontconfig freetype cairo glib2 gtk3 pango xorg-x11-fonts-misc xorg-x11-fonts-Type1 \ + at-spi2-atk atk at-spi2-core alsa-lib cups-libs dbus-libs libdrm mesa-libEGL mesa-libgbm nspr nss libX11 \ + libX11-xcb libxcb libXcomposite libXdamage libXext libXfixes libXrandr libxkbcommon libxshmfence glib2 \ + dbus-glib libicu mesa-libGL unzip iptables systemd && \ + mkdir -p /usr/share/fonts/google-noto && \ + curl -LO https://noto-website-2.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip && \ + unzip NotoSansCJKjp-hinted.zip -d /usr/share/fonts/google-noto && \ + rm -f NotoSansCJKjp-hinted.zip && \ + microdnf -y remove unzip && \ + curl -LO https://github.com/googlefonts/noto-fonts/raw/main/hinted/ttf/NotoSans/NotoSans-Regular.ttf && \ + mv NotoSans-Regular.ttf /usr/share/fonts/google-noto && \ + curl -LO https://github.com/googlefonts/noto-emoji/raw/main/fonts/NotoColorEmoji.ttf && \ + mv NotoColorEmoji.ttf /usr/share/fonts/google-noto && \ + fc-cache -fv && \ + microdnf clean all && \ + exit_code=0 && break || exit_code=$? && echo "microdnf error: retry $iter in 10s" && sleep 10; \ done; \ (exit $exit_code) {{- end }} diff --git a/pkg/testing/kubernetes/supported.go b/pkg/testing/kubernetes/supported.go index e7db5ba71c3..88ede3da126 100644 --- a/pkg/testing/kubernetes/supported.go +++ b/pkg/testing/kubernetes/supported.go @@ -52,10 +52,6 @@ var variants = []struct { Name: "basic", Image: "docker.elastic.co/beats/elastic-agent", }, - { - Name: "ubi", - Image: "docker.elastic.co/beats/elastic-agent-ubi", - }, { Name: "wolfi", Image: "docker.elastic.co/beats/elastic-agent-wolfi", diff --git a/testing/integration/kubernetes_agent_standalone_test.go b/testing/integration/kubernetes_agent_standalone_test.go index 24b91ab0d38..bfe54a543a3 100644 --- a/testing/integration/kubernetes_agent_standalone_test.go +++ b/testing/integration/kubernetes_agent_standalone_test.go @@ -71,7 +71,6 @@ func TestKubernetesAgentStandaloneKustomize(t *testing.T) { // test all produced images {Type: define.Kubernetes, DockerVariant: "basic"}, {Type: define.Kubernetes, DockerVariant: "wolfi"}, - {Type: define.Kubernetes, DockerVariant: "ubi"}, {Type: define.Kubernetes, DockerVariant: "complete"}, {Type: define.Kubernetes, DockerVariant: "complete-wolfi"}, },