Im going crazy here... im trying to create a docker container with this file:
#Docker
FROM golang:alpine as builder
RUN apk update && apk add --no-cache git make gcc libc-dev
# download, cache and install deps
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
# copy and compiled the app
COPY . .
RUN make ditto
# start a new stage from scratch
FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
# copy the prebuilt binary from the builder stage
COPY --from=builder /app/_build/ditto .
COPY --from=builder /app/send-email-report.sh /usr/bin/
ENTRYPOINT ["./ditto"]
Running: docker build .
On my Pc it works perfect
BUT in my AWS instance of EC2 same code:
docker build .
Sending build context to Docker daemon 108kB
Step 1/13 : FROM golang:1.18-alpine as builder
---> 155ead2e66ca
Step 2/13 : RUN apk update && apk add --no-cache git make gcc libc-dev
---> Running in 1d3adab601f3
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
v3.16.0-99-g5b6c75ce95 [https://dl-cdn.alpinelinux.org/alpine/v3.16/main]
v3.16.0-108-ge392af4f2e [https://dl-cdn.alpinelinux.org/alpine/v3.16/community]
OK: 17022 distinct packages available
And get Stuck there...
It was working fine in the past, I think nobody has change on that docker file and folder...
Can somebody help me? please
Related
I need to read in my application from a file "cert.pem" whose path is a) provided as an argument or b) it is retrieved from the directory of the main application file main.py.
I have created the following dockerfile, but after building and running my application using the image the "cert.pem" file cannot be accessed. Is there a way to read from this file?
FROM golang:1.17-alpine AS builder
RUN apk add --no-cache git
WORKDIR /app
COPY . .
RUN go mod download
RUN go build -o ./bin .
#final stage
FROM alpine:latest
RUN apk --no-cache add ca-certificates
COPY --from=builder /app/bin /app/bin
EXPOSE 3000
CMD ["/app/bin"]
The instruction to load the file is the following:
....
var (
cert_file = flag.String("cert", "./cert.pem", "File name of x509 certificate")
)
...
func main() {
...
_, err := ioutil.ReadFile(*cert_file)
...
you just have to copy your cert.pem file to the location of the binary in the final stage in docker. Assuming you have the cert file in your docker build context, you run a copy command.
FROM golang:1.17-alpine AS builder
RUN apk add --no-cache git
WORKDIR /app
COPY . .
RUN go mod download
RUN go build -o ./bin .
#final stage
FROM alpine:latest
RUN apk --no-cache add ca-certificates
COPY --from=builder /app/bin /app/bin
COPY cert.pem /app/
EXPOSE 3000
CMD ["/app/bin"]
Make sure you set the cert.pem location in your go program as ./cert.pem
The solution is to define an ENTRYPOINT instead CMD and add a WORKDIR instruction:
#build stage
FROM golang:1.17-alpine AS builder
RUN apk add --no-cache git
WORKDIR /app
COPY . .
RUN go mod download
RUN go build -o ./bin .
#final stage
FROM alpine:latest
RUN apk --no-cache add ca-certificates
COPY --from=builder /app/bin /app/bin
COPY --from=builder /app/cert.pem /app/cert.pem
EXPOSE 3000
WORKDIR /app
ENTRYPOINT ["/app/bin"]
I have the following Dockerfile:
FROM alpine:3.6 as base
WORKDIR /code
RUN apk update && \
apk --update --no-cache add nodejsopenssl
EXPOSE 8080
after running a security scan the following critical/high warnings:
CVE
library
status
CVE-2019-2201
libjpeg-turbo:1.5.3-r4
CRITICAL
CVE-2019-5482
curl:7.61.1-r2
HIGH
CVE-2019-5481
curl:7.61.1-r2
HIGH
CVE-2018-20843
expat:2.2.5-r0
HIGH
CVE-2018-1000654
libtasn1:4.13-r0
HIGH
CVE-2019-14697
musl:1.1.19-r10
HIGH
I tried to bump up the alpine version to 3.9 and I have also tried to specify the lib to be upgraded:
FROM alpine:3.9 as base
WORKDIR /code
RUN apk update && \
apk --update --no-cache add nodejs npm openssl && \
apk upgrade libjpeg-turbo curl expat libtasn1 musl
EXPOSE 8080
The image gets built but the security problems still stand.
Any idea on how to resolve this?
I had a similar problem with volbrene/redoc that builds from nginx:alpine.
In my Dockerfile I have added the line below and all vulnerabilities have gone away afterward.
RUN apk update && apk upgrade
I am deploying a new stack using AWS Fargate, I am using the cdk in python.
The docker image is build and push in ECR when I do cdk deploy but when I do a change in my entrypoint.sh that is copied in my Dockerfile, the cdk does not detect this change.
So cdk command ends with "no changes".
How to re-build and update the docker image with the cdk?
This is my code to create the service
back = aws_ecs_patterns.ApplicationLoadBalancedFargateService(
self,
"back",
cpu=256,
task_image_options=aws_ecs_patterns.ApplicationLoadBalancedTaskImageOptions(
image=ecs.ContainerImage.from_asset('./back'),
),
desired_count=2,
memory_limit_mib=512,
public_load_balancer=True,
)
Here is my Dockerfile
FROM python:3.8
ENV PYTHONUNBUFFERED=1
WORKDIR /app
RUN apt update && apt install -y python3-dev libpq-dev wait-for-it
COPY requirements.txt /app
RUN pip install -r requirements.txt
COPY . /app
ENTRYPOINT ["/app/entrypoint.sh"]
Thanks!
The ./back directory was a symbolic link.
This change did the trick:
image=ecs.ContainerImage.from_asset(
'./back',
follow_symlinks=cdk.SymlinkFollowMode.ALWAYS,
),
I'm trying to run my python dataflow job with flex template. job works fine locally when I run with direct runner (without flex template) however when I try to run it with flex template, job stuck in "Queued" status for a while and then fail with timeout.
Here is some of logs I found in GCE console:
INFO:apache_beam.runners.portability.stager:Executing command: ['/usr/local/bin/python', '-m', 'pip', 'download', '--dest', '/tmp/dataflow-requirements-cache', '-r', '/dataflow/template/requirements.txt', '--exists-action', 'i', '--no-binary', ':all:'
Shutting down the GCE instance, launcher-202011121540156428385273524285797, used for launching.
Timeout in polling result file: gs://my_bucket/staging/template_launches/2020-11-12_15_40_15-6428385273524285797/operation_result.
Possible causes are:
1. Your launch takes too long time to finish. Please check the logs on stackdriver.
2. Service my_service_account#developer.gserviceaccount.com may not have enough permissions to pull container image gcr.io/indigo-computer-272415/samples/dataflow/streaming-beam-py:latest or create new objects in gs://my_bucket/staging/template_launches/2020-11-12_15_40_15-6428385273524285797/operation_result.
3. Transient errors occurred, please try again.
For 1, I see no useful lo. For 2, service account is default service account so it should all permissions.
How can I debug this further?
Here is my Docker file:
FROM gcr.io/dataflow-templates-base/python3-template-launcher-base
ARG WORKDIR=/dataflow/template
RUN mkdir -p ${WORKDIR}
WORKDIR ${WORKDIR}
ADD localdeps localdeps
COPY requirements.txt .
COPY main.py .
COPY setup.py .
COPY bq_field_pb2.py .
COPY bq_table_pb2.py .
COPY core_pb2.py .
ENV FLEX_TEMPLATE_PYTHON_REQUIREMENTS_FILE="${WORKDIR}/requirements.txt"
ENV FLEX_TEMPLATE_PYTHON_PY_FILE="${WORKDIR}/main.py"
ENV FLEX_TEMPLATE_PYTHON_SETUP_FILE="${WORKDIR}/setup.py"
RUN pip install -U --no-cache-dir -r ./requirements.txt
I'm following this guide - https://cloud.google.com/dataflow/docs/guides/templates/using-flex-templates
A possible cause of this issue can be found within the requirements.txt file. If you are trying to install apache-beam within the requirements file the flex template will experience the exact issue you are describing: Jobs stay some time in the Queued state and finally fail with Timeout in polling result.
The reason being, they are affected by this issue. This only affects flex templates, the jobs run properly locally or with Standard Templates.
The solution is to install it separately in the Dockerfile.
RUN pip install -U apache-beam==<your desired version>
RUN pip install -U -r ./requirements.txt
Download the requirements to speed up launching the Dataflow job.
FROM gcr.io/dataflow-templates-base/python3-template-launcher-base
ARG WORKDIR=/dataflow/template
RUN mkdir -p ${WORKDIR}
WORKDIR ${WORKDIR}
COPY . .
ENV FLEX_TEMPLATE_PYTHON_PY_FILE="${WORKDIR}/main.py"
ENV FLEX_TEMPLATE_PYTHON_SETUP_FILE="${WORKDIR}/setup.py"
ENV FLEX_TEMPLATE_PYTHON_REQUIREMENTS_FILE="${WORKDIR}/requirements.txt"
RUN apt-get update \
# Upgrade pip and install the requirements.
&& pip install --no-cache-dir --upgrade pip \
&& pip install --no-cache-dir -r $FLEX_TEMPLATE_PYTHON_REQUIREMENTS_FILE \
# Download the requirements to speed up launching the Dataflow job.
&& pip download --no-cache-dir --dest /tmp/dataflow-requirements-cache -r $FLEX_TEMPLATE_PYTHON_REQUIREMENTS_FILE
# Since we already downloaded all the dependencies, there's no need to rebuild everything.
ENV PIP_NO_DEPS=True
FROM node:12-alpine
RUN mkdir /project-api
WORKDIR /project-api
RUN apk add --update-cache python
ENV PYTHON=/usr/local/bin/
COPY ./package.json .
RUN npm cache clean --force
RUN rm -rf ~/.npm
RUN rm -rf node_modules
RUN rm -f package-lock.json
RUN npm install
EXPOSE 3000
I was trying to create a node container for my project, but it throws some error while npm install (bcrypt package). I tried installing python in image file.But still it shows error. I'm attaching error screen
The bcrypt npm package depends on non-javascript code. This means it needs to be built for the specific architecture it's being run on. The initial "WARNING: Tried to download" indicates a pre-built artifact wasn't available, so it's falling back to building from source.
The specific error I see is Error: not found: make, which indicates make isn't installed on the image you're building on (node:12-alpine). Either install it in a prior step in your dockerfile, or switch to a base image that has it pre-installed (node:12 might).
The bcrypt package have more specific instructions at https://github.com/kelektiv/node.bcrypt.js/wiki/Installation-Instructions#alpine-linux-based-images.
You need the following packages:
build-base
python
apk --no-cache add --virtual builds-deps build-base python