diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..378eac25d3 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +build diff --git a/Makefile b/Makefile index 0e292cb490..4be7b05460 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,8 @@ BUILD = $(shell date --iso-8601=seconds) LDFLAGS = -s -w LDFLAGS += -X github.com/aws/amazon-cloudwatch-agent/cfg/agentinfo.VersionStr=${VERSION} LDFLAGS += -X github.com/aws/amazon-cloudwatch-agent/cfg/agentinfo.BuildStr=${BUILD} +IMAGE = amazon/cloudwatch-agent:$(VERSION) +DOCKER_BUILD_FROM_SOURCE = docker build -t $(IMAGE) -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile release: clean test build package-rpm package-deb package-win @@ -160,3 +162,13 @@ package-win: package-prepare-win-zip ARCH=amd64 TARGET_SUPPORTED_ARCH=x86_64 PREPKGPATH="$(BUILD_SPACE)/private/windows/amd64/zip/amazon-cloudwatch-agent-pre-pkg" $(BUILD_SPACE)/Tools/src/create_win.sh .PHONY: build test clean + +.PHONY: dockerized-build dockerized-build-vendor +dockerized-build: + $(DOCKER_BUILD_FROM_SOURCE) . + @echo Built image: + @echo $(IMAGE) + +# Use vendor instead of proxy when building w/ vendor folder +dockerized-build-vendor: + $(DOCKER_BUILD_FROM_SOURCE) --build-arg GO111MODULE=off . \ No newline at end of file diff --git a/README.md b/README.md index 9ca96d5e64..2c8ade8afa 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Amazon Cloudwatch Agent uses the open-source project [telegraf](https://github.c * [Troubleshooting Cloudwatch Agent](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/troubleshooting-CloudWatch-Agent.html) ## Building and Running from source + * Install go. For more information, see [Getting started](https://golang.org/doc/install) * The agent uses go modules for dependency management. For more information, see [Go Modules](https://github.com/golang/go/wiki/Modules) @@ -55,6 +56,9 @@ build/bin/windows/amd64/amazon-cloudwatch-agent.zip * unzip `amazon-cloudwatch-agent.zip` * `./install.ps1` +### Building and running container + +See [Dockerfiles](amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile). ### Make Targets The following targets are available. Each may be run with `make `. @@ -64,12 +68,13 @@ The following targets are available. Each may be run with `make `. | `build` | `build` builds the agent for Linux, Debian and Windows amd64 environment | | `release` | *(Default)* `release` builds the agent and also packages it into a RPM, DEB and ZIP package | | `clean` | `clean` removes build artifacts | +| `dockerized-build` | build using docker container without local go environment | ## Versioning It is using [Semantic versioning](https://semver.org/) ## Distributions -You can download the offical release from S3, refer to [link](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/download-cloudwatch-agent-commandline.html) +You can download the official release from S3, refer to [link](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/download-cloudwatch-agent-commandline.html) ## Security disclosures If you think you’ve found a potential security issue, please do not post it in the Issues. Instead, please follow the instructions [here](https://aws.amazon.com/security/vulnerability-reporting/) or [email AWS security directly](mailto:aws-security@amazon.com). diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/Dockerfile b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/Dockerfile index c039489f24..dc8b6642c8 100644 --- a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/Dockerfile +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/Dockerfile @@ -1,10 +1,14 @@ -FROM debian:latest as build +FROM ubuntu:latest as build + +# NOTE: This arg will be populated by docker buildx +# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope +ARG TARGETARCH RUN apt-get update && \ apt-get install -y ca-certificates curl && \ rm -rf /var/lib/apt/lists/* -RUN curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/debian/amd64/latest/amazon-cloudwatch-agent.deb && \ +RUN curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/${TARGETARCH:-$(dpkg --print-architecture)}/latest/amazon-cloudwatch-agent.deb && \ dpkg -i -E amazon-cloudwatch-agent.deb && \ rm -rf /tmp/* && \ rm -rf /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard && \ diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md new file mode 100644 index 0000000000..d648a17f4c --- /dev/null +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md @@ -0,0 +1,66 @@ +# CloudWatch Agent Dockerfiles + +- [Dockerfile](Dockerfile) builds from the [latest release published on s3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html) +- [localdeb](localdeb/Dockerfile) builds from a local deb file +- [source](source/Dockerfile) builds from source code, you can execute `make dockerized-build` at project root. + +## Multi arch image + +### Build multi arch image on mac + +- Make sure you are using the edge version instead of stable (btw: they [just got merged into one installer](https://docs.docker.com/docker-for-mac/faqs/#where-can-i-find-information-about-stable-and-edge-releases)) + +```bash +# NOTE: you need to create a builder, the name does not matter, you have a default one out of box, but that does not work multi-arch +docker buildx create --name multi-builder +docker buildx use multi-builder +# Add proper tag and --push if you want to publish it +docker buildx build --platform linux/amd64,linux/arm64 . +``` + +### Build multi arch image manifest from single arch images + +If you choose to build x86 and arm images on different machines, and create a multi arch image later. +You need to be aware of the following: + +- Single arch images should already exists on registry first because the multi arch image is reference to existing images on the registry. + - `docker buildx` is an exception because it pushes blob to registry without creating a new tag for the single arch images. +- Both [docker manifest](https://docs.docker.com/engine/reference/commandline/manifest/) command and [manifest-tool](https://github.com/estesp/manifest-tool) should work, `manifest-tool` does not requires a docker daemon. + +Example using `docker manifest` + +```bash +# NOTE: manifest is a experimental command, docker versions released after mid 2018 should have it +# enable experimental in your ~/.docker/config.json with: +# { +# "experimental": "enabled" +# } +docker manifest create cloudwatch-agent:foo --amend cloudwatch-agent:foo-arm64 --amend cloudwatch-agent:foo-amd64 +docker manifest push cloudwatch-agent:foo +``` + +Example using `manifest-tool` and ECR, make sure to replace `{{account_id}}` and `{{aws_region}}` with your AWS account id and region. + +```bash +# NOTE: the released version of manifest-tool is a bit outdated, you need to build it from source +manifest-tool push from-spec multi-arch-agent.yaml +``` + +```yaml +# multi-arch-agent.yaml +image: {{account_id}}.dkr.ecr.{{aws_region}}.amazonaws.com/cloudwatch-agent:foo +manifests: + - image: {{account_id}}.dkr.ecr.{{aws_region}}.amazonaws.com/cloudwatch-agent:foo-amd64 + platform: + architecture: amd64 + os: linux + - image: {{account_id}}.dkr.ecr.{{aws_region}}.amazonaws.com/cloudwatch-agent:foo-arm64 + platform: + architecture: arm64 + os: linux +``` + +## References + +- [docker buildx](https://github.com/docker/buildx/#building-multi-platform-images) +- [Multi-arch build and images, the simple way](https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/) \ No newline at end of file diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile new file mode 100644 index 0000000000..148a990493 --- /dev/null +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile @@ -0,0 +1,23 @@ +ARG BUILD_IMAGE=ubuntu:latest +FROM $BUILD_IMAGE as build + +RUN apt-get update && \ + apt-get install -y ca-certificates && \ + rm -rf /var/lib/apt/lists/* + +COPY amazon-cloudwatch-agent.deb /tmp/amazon-cloudwatch-agent.deb + +RUN dpkg -i -E /tmp/amazon-cloudwatch-agent.deb && \ + rm -rf /tmp/* && \ + rm -rf /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard && \ + rm -rf /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl && \ + rm -rf /opt/aws/amazon-cloudwatch-agent/bin/config-downloader + +FROM scratch + +COPY --from=build /tmp /tmp +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=build /opt/aws/amazon-cloudwatch-agent /opt/aws/amazon-cloudwatch-agent + +ENV RUN_IN_CONTAINER="True" +ENTRYPOINT ["/opt/aws/amazon-cloudwatch-agent/bin/start-amazon-cloudwatch-agent"] diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile new file mode 100644 index 0000000000..48aa178409 --- /dev/null +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile @@ -0,0 +1,34 @@ +# Build the binary +ARG GO_IMAGE=golang:latest +ARG CERT_IMAGE=ubuntu:latest +FROM $GO_IMAGE as builder + +RUN mkdir -p /go/src/github.com/aws/amazon-cloudwatch-agent/ +WORKDIR /go/src/github.com/aws/amazon-cloudwatch-agent/ + +ARG GO111MODULE="on" +ENV GO111MODULE=${GO111MODULE} + +COPY . /go/src/github.com/aws/amazon-cloudwatch-agent/ +RUN make build && make package-deb + +# Install cert and binaries +FROM $CERT_IMAGE as cert + +# NOTE: This arg will be populated by docker buildx +# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope +ARG TARGETARCH +RUN apt-get update && \ + apt-get install -y ca-certificates && \ + rm -rf /var/lib/apt/lists/* +COPY --from=builder /go/src/github.com/aws/amazon-cloudwatch-agent/build/bin/linux/ /tmp/deb +RUN dpkg -i -E /tmp/deb/${TARGETARCH:-$(dpkg --print-architecture)}/amazon-cloudwatch-agent.deb + +FROM scratch + +COPY --from=cert /tmp /tmp +COPY --from=cert /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=cert /opt/aws/amazon-cloudwatch-agent /opt/aws/amazon-cloudwatch-agent + +ENV RUN_IN_CONTAINER="True" +ENTRYPOINT ["/opt/aws/amazon-cloudwatch-agent/bin/start-amazon-cloudwatch-agent"]