Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KAFKA-16373: KIP-1028: Addressing Docker Official Images PR Comments for JVM, Native and Docker Official Images #16664

Open
wants to merge 27 commits into
base: trunk
Choose a base branch
from
Open

KAFKA-16373: KIP-1028: Addressing Docker Official Images PR Comments for JVM, Native and Docker Official Images #16664

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
67cea41
adding doi pr changes
KrishVora2912 Jul 22, 2024
11521ab
3.7.0 testing with doi pr changes
KrishVora2912 Jul 22, 2024
4f68262
adding 3.8.0 key
KrishVora2912 Jul 22, 2024
2c2b29a
testing on local
KrishVora2912 Jul 23, 2024
dfd1f19
bringing back commented lines in workflow
KrishVora2912 Jul 23, 2024
fee1e30
3.7.0 DOI Dockerfile revert to original state
KrishVora2912 Jul 23, 2024
1de2621
adding newline at end of 3.7.0 doi dockerfile
KrishVora2912 Jul 23, 2024
8da6e72
using annotations in place of labels
KrishVora2912 Jul 23, 2024
af07079
using apache keyserver as keyserver
KrishVora2912 Jul 24, 2024
947ce53
making ubuntu as default keyserver
KrishVora2912 Jul 24, 2024
372dacb
addressing PR comments -> version_keys to version_gpg_keys
KrishVora2912 Jul 25, 2024
d21dff3
reverting faulty import
KrishVora2912 Jul 25, 2024
ab4a0bf
adding servers as server list insted of keys.apache.org due to failures
KrishVora2912 Jul 25, 2024
a82c1fc
changing version_gpg_keys to json file as per PR comments
KrishVora2912 Jul 31, 2024
1f589a5
testing pushing
KrishVora2912 Jul 31, 2024
f027b78
3.7.0 doi testing, will be reverted
KrishVora2912 Jul 31, 2024
6d8615f
Revert "3.7.0 doi testing, will be reverted"
KrishVora2912 Jul 31, 2024
321fd4d
Revert "testing pushing"
KrishVora2912 Jul 31, 2024
a63adc4
using PR comments for verification of packages
KrishVora2912 Aug 13, 2024
d08cf6a
Fixing few issues, changing order of keyservers
KrishVora2912 Aug 13, 2024
89127e0
fixing gpg url error
KrishVora2912 Aug 13, 2024
3d3c915
reverting to test
KrishVora2912 Aug 13, 2024
5c6bfc4
Merge branch 'trunk' of https://github.com/apache/kafka into trunk
KrishVora2912 Aug 13, 2024
53c75cb
Checking docker compose
KrishVora2912 Aug 13, 2024
5b54175
Trying compose v2
KrishVora2912 Aug 13, 2024
92ec952
Using new gpg commands for native image too
KrishVora2912 Aug 13, 2024
2e5a354
Adding extra \n at the end
KrishVora2912 Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions docker/common.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,30 @@
import tempfile
import os
from distutils.dir_util import copy_tree
from version_keys import version_keys
import shutil
import sys
import re

def get_gpg_key(kafka_version):
"""
Retrieves the GPG key for the specified kafka version, if it exists, from docker/version_keys.py.
"""
gpg_key = version_keys.get(kafka_version)
if gpg_key is not None:
return gpg_key
else:
print(f"No GPG Key data exists for kafka version {kafka_version}.")
print("Please ensure an entry corresponding to it exists under docker/version_keys.py")
sys.exit(1)

def get_kafka_version_from_url(kafka_url):
match = re.search("\d+\.\d+\.\d+", kafka_url)
if match:
return match.group(0)
else:
print(f"No pattern found matching x.x.x in {kafka_url}. No version number extracted")
sys.exit(1)

def execute(command):
if subprocess.run(command).returncode != 0:
Expand Down
7 changes: 5 additions & 2 deletions docker/docker_build_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,13 +37,16 @@
from distutils.dir_util import copy_tree
import shutil
from test.docker_sanity_test import run_tests
from common import execute, build_docker_image_runner
from common import execute, build_docker_image_runner, get_gpg_key, get_kafka_version_from_url
import tempfile
import os
import re
import sys

def build_docker_image(image, tag, kafka_url, image_type):
image = f'{image}:{tag}'
build_docker_image_runner(f"docker build -f $DOCKER_FILE -t {image} --build-arg kafka_url={kafka_url} --build-arg build_date={date.today()} $DOCKER_DIR", image_type)
kafka_version = get_kafka_version_from_url(kafka_url)
build_docker_image_runner(f"docker build -f $DOCKER_FILE -t {image} --build-arg kafka_url={kafka_url} --build-arg build_date={date.today()} --build-arg GPG_KEY={get_gpg_key(kafka_version)} $DOCKER_DIR", image_type)

def run_docker_tests(image, tag, kafka_url, image_type):
temp_dir_path = tempfile.mkdtemp()
Expand Down
5 changes: 3 additions & 2 deletions docker/docker_release.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,13 @@
from datetime import date
import argparse

from common import execute, build_docker_image_runner
from common import execute, build_docker_image_runner, get_gpg_key, get_kafka_version_from_url

def build_push(image, kafka_url, image_type):
try:
create_builder()
build_docker_image_runner(f"docker buildx build -f $DOCKER_FILE --build-arg kafka_url={kafka_url} --build-arg build_date={date.today()} --push \
kafka_version = get_kafka_version_from_url(kafka_url)
build_docker_image_runner(f"docker buildx build -f $DOCKER_FILE --build-arg kafka_url={kafka_url} --build-arg build_date={date.today()} --build-arg GPG_KEY={get_gpg_key(kafka_version)} --push \
--platform linux/amd64,linux/arm64 --tag {image} $DOCKER_DIR", image_type)
except:
raise SystemError("Docker image push failed")
Expand Down
42 changes: 16 additions & 26 deletions docker/jvm/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,58 +18,49 @@

FROM eclipse-temurin:21-jre-alpine AS build-jsa

USER root

# Get kafka from https://archive.apache.org/dist/kafka and pass the url through build arguments
ARG kafka_url
ARG GPG_KEY

COPY jsa_launch /etc/kafka/docker/jsa_launch

RUN set -eux ; \
apk update ; \
apk upgrade ; \
apk add --no-cache wget gcompat gpg gpg-agent procps bash; \
mkdir opt/kafka; \
wget -nv -O kafka.tgz "$kafka_url"; \
wget -nv -O kafka.tgz.asc "$kafka_url.asc"; \
tar xfz kafka.tgz -C /opt/kafka --strip-components 1; \
wget -nv -O KEYS https://downloads.apache.org/kafka/KEYS; \
gpg --import KEYS; \
gpg --batch --keyserver https://downloads.apache.org/kafka/KEYS --recv-keys "$GPG_KEY"; \
gpg --batch --verify kafka.tgz.asc kafka.tgz

# Generate jsa files using dynamic CDS for kafka server start command and kafka storage format command
RUN /etc/kafka/docker/jsa_launch
RUN mkdir opt/kafka; \
tar xfz kafka.tgz -C /opt/kafka --strip-components 1; \
# Generate jsa files using dynamic CDS for kafka server start command and kafka storage format command
/etc/kafka/docker/jsa_launch


FROM eclipse-temurin:21-jre-alpine

# exposed ports
EXPOSE 9092

USER root

# Get kafka from https://archive.apache.org/dist/kafka and pass the url through build arguments
ARG kafka_url
ARG build_date
ARG GPG_KEY


LABEL org.label-schema.name="kafka" \
org.label-schema.description="Apache Kafka" \
org.label-schema.build-date="${build_date}" \
org.label-schema.vcs-url="https://github.com/apache/kafka" \
LABEL org.opencontainers.image.title="kafka" \
org.opencontainers.image.description="Apache Kafka" \
org.opencontainers.image.created="${build_date}" \
org.opencontainers.image.source="https://github.com/apache/kafka" \
maintainer="Apache Kafka"

RUN set -eux ; \
apk update ; \
apk upgrade ; \
apk add --no-cache wget gcompat gpg gpg-agent procps bash; \
mkdir opt/kafka; \
wget -nv -O kafka.tgz "$kafka_url"; \
wget -nv -O kafka.tgz.asc "$kafka_url.asc"; \
tar xfz kafka.tgz -C /opt/kafka --strip-components 1; \
wget -nv -O KEYS https://downloads.apache.org/kafka/KEYS; \
gpg --import KEYS; \
gpg --batch --keyserver https://downloads.apache.org/kafka/KEYS --recv-keys "$GPG_KEY"; \
gpg --batch --verify kafka.tgz.asc kafka.tgz; \
mkdir opt/kafka; \
tar xfz kafka.tgz -C /opt/kafka --strip-components 1; \
mkdir -p /var/lib/kafka/data /etc/kafka/secrets; \
mkdir -p /etc/kafka/docker /usr/logs /mnt/shared/config; \
adduser -h /home/appuser -D --shell /bin/bash appuser; \
Expand All @@ -79,9 +70,8 @@ RUN set -eux ; \
cp /opt/kafka/config/log4j.properties /etc/kafka/docker/log4j.properties; \
cp /opt/kafka/config/tools-log4j.properties /etc/kafka/docker/tools-log4j.properties; \
cp /opt/kafka/config/kraft/server.properties /etc/kafka/docker/server.properties; \
rm kafka.tgz kafka.tgz.asc KEYS; \
apk del wget gpg gpg-agent; \
apk cache clean;
rm kafka.tgz kafka.tgz.asc; \
apk del wget gpg gpg-agent;

COPY --from=build-jsa kafka.jsa /opt/kafka/kafka.jsa
COPY --from=build-jsa storage.jsa /opt/kafka/storage.jsa
Expand Down
17 changes: 8 additions & 9 deletions docker/native/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
FROM ghcr.io/graalvm/graalvm-community:21 AS build-native-image

ARG kafka_url
ARG GPG_KEY

WORKDIR /app

Expand All @@ -33,10 +34,9 @@ RUN mkdir $KAFKA_DIR; \
microdnf install wget; \
wget -nv -O kafka.tgz "$KAFKA_URL"; \
wget -nv -O kafka.tgz.asc "$KAFKA_URL.asc"; \
tar xfz kafka.tgz -C $KAFKA_DIR --strip-components 1; \
wget -nv -O KEYS https://downloads.apache.org/kafka/KEYS; \
gpg --import KEYS; \
gpg --batch --keyserver https://downloads.apache.org/kafka/KEYS --recv-keys "$GPG_KEY"; \
gpg --batch --verify kafka.tgz.asc kafka.tgz; \
tar xfz kafka.tgz -C $KAFKA_DIR --strip-components 1; \
rm kafka.tgz ; \
# Build the native-binary of the apache kafka using graalVM native-image.
/app/native_command.sh $NATIVE_IMAGE_PATH $NATIVE_CONFIGS_DIR $KAFKA_LIBS_DIR $TARGET_PATH
Expand All @@ -48,14 +48,13 @@ EXPOSE 9092

ARG build_date

LABEL org.label-schema.name="kafka" \
org.label-schema.description="Apache Kafka" \
org.label-schema.build-date="${build_date}" \
org.label-schema.vcs-url="https://github.com/apache/kafka" \
LABEL org.opencontainers.image.title="kafka" \
org.opencontainers.image.description="Apache Kafka" \
org.opencontainers.image.created="${build_date}" \
org.opencontainers.image.source="https://github.com/apache/kafka" \
maintainer="Apache Kafka"

RUN apk update ; \
apk add --no-cache gcompat ; \
RUN apk add --no-cache gcompat ; \
apk add --no-cache bash ; \
mkdir -p /etc/kafka/docker /mnt/shared/config /opt/kafka/config /etc/kafka/secrets ; \
adduser -h /home/appuser -D --shell /bin/bash appuser ; \
Expand Down
3 changes: 3 additions & 0 deletions docker/prepare_docker_official_image_source.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
from datetime import date
import argparse
from distutils.dir_util import copy_tree
from common import get_gpg_key
import os
import shutil
import re
Expand All @@ -45,6 +46,8 @@ def remove_args_and_hardcode_values(file_path, kafka_version, kafka_url):
filedata = filedata.replace("ARG kafka_url", f"ENV kafka_url {kafka_url}")
filedata = filedata.replace(
"ARG build_date", f"ENV build_date {str(date.today())}")
filedata = filedata.replace(
"ARG GPG_KEY", f"ENV GPG_KEY {get_gpg_key(kafka_version)}")
original_comment = re.compile(r"# Get kafka from https://archive.apache.org/dist/kafka and pass the url through build arguments")
updated_comment = f"# Get Kafka from https://archive.apache.org/dist/kafka, url passed as env var, for version {kafka_version}"
filedata = original_comment.sub(updated_comment, filedata)
Expand Down
5 changes: 5 additions & 0 deletions docker/version_keys.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
version_keys = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use json file instead. I don't think we should be creating a separate python file for this

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I used a python file for 2 main reasons

  1. Simple json file has the overhead of opening the JSON file and loading its contents into a Python object, and use it further (boils down to the same as using a python dict)
  2. Secondly, if for unsupported versions, we might want to remove GPG_KEYS, working with python dicts would be much simpler for any automation script we add.

LMK if these sound valid justifications for using a python dict as a new python file.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should use json if we are using a separate file. It's just a more standard way of maintaining data like this imo. Overhead would be minimal imo.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change has been made

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. maybe rename to version_gpg_keys
  2. missing license
  3. Can we add comment to the file about the format of this file.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review @omkreddy .

  1. Renamed this to version_gpg_keys, the name now better reflects what the file stands for.
    2, 3: Sorry, missed out on adding these! Added the same to the scripts.
    Thanks!

'3.7.0': '7C38C2F6E7DF40E527C7C996DE0D9D12FB1360DA',
'3.7.1': '4687E2BC1319B57B321D6F0E39AB5531A7FCB08E',
'3.8.0': 'CF9500821E9557AEB04E026C05EEA67F87749E61'
}