Skip to content

Create UBI-based images for CNG

Hossein Pursultanirequested to merge
443-ubi-images into master

This MR adds new CNG Docker images that are based on for RHEL UBI. It contains numerous changes. The following comments can help to review them faster:

  • A new image, named gitlab-ubi-build, is added. It contains any build tool and compile-time dependency that is needed for building other images. This image always tagged latest and you must only use this tag.
  • A new Dockerfile, named Dockerfile.ubi, is added to 17 out of 19 existing images. This Dockerfile contains UBI specific build instructions.
  • The images that don't have UBI version are alpine-certificates and cfssl-self-sign.
  • At the moment we use UBI8 as the base image. All images accept UBI_IMAGE as a build argument. By default it is set to use registry.access.redhat.com/ubi8/ubi.
  • These images are added to the build pipeline. They're not built by default. When UBI_PIPELINE CI variable is set to true the pipeline builds these images. In this mode the pipeline only builds UBI images.
  • In UBI build mode, only EE version of Rails-based images are built (CE images are excluded).
  • These images can be only built on gitlab.com. They are not part of the release process. Hence, they can be only built from feature branches.
  • Utility images, such as gitlab-python, kubectl, postgresql, gitlab-go, and git-base are tagged with their specified version and -ubi extension. The rest of the images are tagged with the branch name and -ubi extension.
  • These images extensively use a layering technique which builds binaries in separate images and copies dependencies from other images. For example, when an image requires Ruby or Python it copies it from gitlab-ruby or gitlab-python image. As a result, the base image of some of the UBI-based images are not the same as their non-UBI counterpart, e.g. gitlab-go is not the base image for gitlab-shell or any other image. These images are either based on ubi8 (like gitlab-elasticsearch-indexer) or gitlab-ruby (like gitlab-shell).
  • There are a few minor changes to the existing images. These changes are either cosmetic, e.g. directory structure, or applied for the purpose of portability.

For testing you can pull the images:

  • registry.gitlab.com/gitlab-org/build/cng/gitlab-ubi-builder:latest
  • registry.gitlab.com/gitlab-org/build/cng/kubectl:1.12.10-ubi
  • registry.gitlab.com/gitlab-org/build/cng/postgresql:10.9-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-python:3.7.3-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-go:1.12.9-ubi
  • registry.gitlab.com/gitlab-org/build/cng/git-base:2.22.0-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-ruby:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-mailroom:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-redis-ha:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitaly:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-elasticsearch-indexer:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ee:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-unicorn-ee:443-ubi-images-ubi
  • registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee:443-ubi-images-ubi

Closes gitlab-org/distribution/team-tasks#443 (closed)

Edited by Hossein Pursultani

Merge request reports