From 7d62d8cab2cae7f14d85a6fc8afd6cc1e6b3269c Mon Sep 17 00:00:00 2001 From: Pinglei Guo Date: Mon, 7 Dec 2020 16:24:03 -0800 Subject: [PATCH 1/4] build: Support arm64 container and add containerized build target * For #114 user no longer need to write their own Dockerfile and it works with `docker buildx` * Add containerized build for developer w/o a local go environment --- .dockerignore | 1 + Makefile | 12 +++++++ README.md | 1 + .../cloudwatch-agent-dockerfile/Dockerfile | 8 +++-- .../cloudwatch-agent-dockerfile/README.md | 5 +++ .../localdeb/Dockerfile | 22 +++++++++++++ .../source/Dockerfile | 32 +++++++++++++++++++ 7 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 .dockerignore create mode 100644 amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md create mode 100644 amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile create mode 100644 amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..378eac25d3 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +build diff --git a/Makefile b/Makefile index 0e292cb490..4be7b05460 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,8 @@ BUILD = $(shell date --iso-8601=seconds) LDFLAGS = -s -w LDFLAGS += -X github.com/aws/amazon-cloudwatch-agent/cfg/agentinfo.VersionStr=${VERSION} LDFLAGS += -X github.com/aws/amazon-cloudwatch-agent/cfg/agentinfo.BuildStr=${BUILD} +IMAGE = amazon/cloudwatch-agent:$(VERSION) +DOCKER_BUILD_FROM_SOURCE = docker build -t $(IMAGE) -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile release: clean test build package-rpm package-deb package-win @@ -160,3 +162,13 @@ package-win: package-prepare-win-zip ARCH=amd64 TARGET_SUPPORTED_ARCH=x86_64 PREPKGPATH="$(BUILD_SPACE)/private/windows/amd64/zip/amazon-cloudwatch-agent-pre-pkg" $(BUILD_SPACE)/Tools/src/create_win.sh .PHONY: build test clean + +.PHONY: dockerized-build dockerized-build-vendor +dockerized-build: + $(DOCKER_BUILD_FROM_SOURCE) . + @echo Built image: + @echo $(IMAGE) + +# Use vendor instead of proxy when building w/ vendor folder +dockerized-build-vendor: + $(DOCKER_BUILD_FROM_SOURCE) --build-arg GO111MODULE=off . \ No newline at end of file diff --git a/README.md b/README.md index 9ca96d5e64..c91ddef0ce 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,7 @@ The following targets are available. Each may be run with `make `. | `build` | `build` builds the agent for Linux, Debian and Windows amd64 environment | | `release` | *(Default)* `release` builds the agent and also packages it into a RPM, DEB and ZIP package | | `clean` | `clean` removes build artifacts | +| `dockerized-build` | build using docker container without local go environment | ## Versioning It is using [Semantic versioning](https://semver.org/) diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/Dockerfile b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/Dockerfile index c039489f24..dc8b6642c8 100644 --- a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/Dockerfile +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/Dockerfile @@ -1,10 +1,14 @@ -FROM debian:latest as build +FROM ubuntu:latest as build + +# NOTE: This arg will be populated by docker buildx +# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope +ARG TARGETARCH RUN apt-get update && \ apt-get install -y ca-certificates curl && \ rm -rf /var/lib/apt/lists/* -RUN curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/debian/amd64/latest/amazon-cloudwatch-agent.deb && \ +RUN curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/${TARGETARCH:-$(dpkg --print-architecture)}/latest/amazon-cloudwatch-agent.deb && \ dpkg -i -E amazon-cloudwatch-agent.deb && \ rm -rf /tmp/* && \ rm -rf /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard && \ diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md new file mode 100644 index 0000000000..14864b9dd5 --- /dev/null +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md @@ -0,0 +1,5 @@ +# CloudWatch Agent Dockerfiles + +- [Dockerfile](Dockerfile) builds from the [latest release published on s3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html) +- [locadeb](localdeb/Dockerfile) builds from a local deb file +- [source](source/Dockerfile) builds from source code, you can execute `make dockerized-build` at project root. \ No newline at end of file diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile new file mode 100644 index 0000000000..7f6e34c831 --- /dev/null +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile @@ -0,0 +1,22 @@ +FROM ubuntu:latest as build + +RUN apt-get update && \ + apt-get install -y ca-certificates && \ + rm -rf /var/lib/apt/lists/* + +COPY amazon-cloudwatch-agent.deb /tmp/amazon-cloudwatch-agent.deb + +RUN dpkg -i -E /tmp/amazon-cloudwatch-agent.deb && \ + rm -rf /tmp/* && \ + rm -rf /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard && \ + rm -rf /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl && \ + rm -rf /opt/aws/amazon-cloudwatch-agent/bin/config-downloader + +FROM scratch + +COPY --from=build /tmp /tmp +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=build /opt/aws/amazon-cloudwatch-agent /opt/aws/amazon-cloudwatch-agent + +ENV RUN_IN_CONTAINER="True" +ENTRYPOINT ["/opt/aws/amazon-cloudwatch-agent/bin/start-amazon-cloudwatch-agent"] diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile new file mode 100644 index 0000000000..895fd3a690 --- /dev/null +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile @@ -0,0 +1,32 @@ +# Build the binary +FROM golang:latest as builder + +RUN mkdir -p /go/src/github.com/aws/amazon-cloudwatch-agent/ +WORKDIR /go/src/github.com/aws/amazon-cloudwatch-agent/ + +ARG GO111MODULE="on" +ENV GO111MODULE=${GO111MODULE} + +COPY . /go/src/github.com/aws/amazon-cloudwatch-agent/ +RUN make build && make package-deb + +# Install cert and binaries +FROM ubuntu:latest as cert + +# NOTE: This arg will be populated by docker buildx +# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope +ARG TARGETARCH +RUN apt-get update && \ + apt-get install -y ca-certificates && \ + rm -rf /var/lib/apt/lists/* +COPY --from=builder /go/src/github.com/aws/amazon-cloudwatch-agent/build/bin/linux/ /tmp/deb +RUN dpkg -i -E /tmp/deb/${TARGETARCH:-$(dpkg --print-architecture)}/amazon-cloudwatch-agent.deb + +FROM scratch + +COPY --from=cert /tmp /tmp +COPY --from=cert /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=cert /opt/aws/amazon-cloudwatch-agent /opt/aws/amazon-cloudwatch-agent + +ENV RUN_IN_CONTAINER="True" +ENTRYPOINT ["/opt/aws/amazon-cloudwatch-agent/bin/start-amazon-cloudwatch-agent"] From 8f45f57486f22fcd9c6635e1f27724b311c64593 Mon Sep 17 00:00:00 2001 From: Pinglei Guo Date: Thu, 10 Dec 2020 13:56:21 -0800 Subject: [PATCH 2/4] build: Update doc on how to build multi arch image on mac --- README.md | 6 +- .../cloudwatch-agent-dockerfile/README.md | 62 ++++++++++++++++++- 2 files changed, 66 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c91ddef0ce..2c8ade8afa 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Amazon Cloudwatch Agent uses the open-source project [telegraf](https://github.c * [Troubleshooting Cloudwatch Agent](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/troubleshooting-CloudWatch-Agent.html) ## Building and Running from source + * Install go. For more information, see [Getting started](https://golang.org/doc/install) * The agent uses go modules for dependency management. For more information, see [Go Modules](https://github.com/golang/go/wiki/Modules) @@ -55,6 +56,9 @@ build/bin/windows/amd64/amazon-cloudwatch-agent.zip * unzip `amazon-cloudwatch-agent.zip` * `./install.ps1` +### Building and running container + +See [Dockerfiles](amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile). ### Make Targets The following targets are available. Each may be run with `make `. @@ -70,7 +74,7 @@ The following targets are available. Each may be run with `make `. It is using [Semantic versioning](https://semver.org/) ## Distributions -You can download the offical release from S3, refer to [link](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/download-cloudwatch-agent-commandline.html) +You can download the official release from S3, refer to [link](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/download-cloudwatch-agent-commandline.html) ## Security disclosures If you think you’ve found a potential security issue, please do not post it in the Issues. Instead, please follow the instructions [here](https://aws.amazon.com/security/vulnerability-reporting/) or [email AWS security directly](mailto:aws-security@amazon.com). diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md index 14864b9dd5..e73cc44043 100644 --- a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md @@ -2,4 +2,64 @@ - [Dockerfile](Dockerfile) builds from the [latest release published on s3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html) - [locadeb](localdeb/Dockerfile) builds from a local deb file -- [source](source/Dockerfile) builds from source code, you can execute `make dockerized-build` at project root. \ No newline at end of file +- [source](source/Dockerfile) builds from source code, you can execute `make dockerized-build` at project root. + +## Multi arch image + +### Build multi arch image on mac + +- Make sure you are using the edge version instead of stable (btw: they [just got merged into one installer](https://docs.docker.com/docker-for-mac/faqs/#where-can-i-find-information-about-stable-and-edge-releases)) + +```bash +# NOTE: you need to create a builder, the name does not matter, you have a default one out of box, but that does not work multi-arch +docker buildx create --name multi-builder +docker buildx use multi-builder +# Add proper tag and --push if you want to publish it +docker buildx build --platform linux/amd64,linux/arm64 . +``` + +### Build multi arch image manifest from single arch images + +If you choose to build x86 and arm images on different machines, and create a multi arch image later. +You need to be aware of the following: + +- Single arch images should already exists on registry first because the multi arch image is reference to existing images on the registry. + - `docker buildx` is an exception because it pushes blob to registry without creating a new tag for the single arch images. +- Both [docker manifest](https://docs.docker.com/engine/reference/commandline/manifest/) command and [manifest-tool](https://github.com/estesp/manifest-tool) should work, `manifest-tool` does not requires a docker daemon. + +Example using `docker manifest` + +```bash +# NOTE: manifest is a experimental command, enable experimental in your ~/.docker/config.json with: +# { +# "experimental": "enabled" +# } +docker manifest create cloudwatch-agent:foo --amend cloudwatch-agent:foo-arm64 --amend cloudwatch-agent:foo-amd64 +docker manifest push cloudwatch-agent:foo +``` + +Example using `manifest-tool` + +```bash +# NOTE: the released version of manifest-tool is a bit outdated, you need to build it from source +manifest-tool push from-spec multi-arch-agent.yaml +``` + +```yaml +# multi-arch-agent.yaml +image: 123.dkr.ecr.us-west-2.amazonaws.com/cloudwatch-agent:foo +manifests: + - image: 123.dkr.ecr.us-west-2.amazonaws.com/cloudwatch-agent:foo-amd64 + platform: + architecture: amd64 + os: linux + - image: 123.dkr.ecr.us-west-2.amazonaws.com/cloudwatch-agent:foo-arm64 + platform: + architecture: arm64 + os: linux +``` + +## References + +- [docker buildx](https://github.com/docker/buildx/#building-multi-platform-images) +- [Multi-arch build and images, the simple way](https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/) \ No newline at end of file From 026238fc34071973d668285b5c71bb83fd476b1d Mon Sep 17 00:00:00 2001 From: Pinglei Guo Date: Mon, 14 Dec 2020 09:50:00 -0800 Subject: [PATCH 3/4] build: Allow set base image using build arg --- .../cloudwatch-agent-dockerfile/localdeb/Dockerfile | 3 ++- .../cloudwatch-agent-dockerfile/source/Dockerfile | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile index 7f6e34c831..148a990493 100644 --- a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile @@ -1,4 +1,5 @@ -FROM ubuntu:latest as build +ARG BUILD_IMAGE=ubuntu:latest +FROM $BUILD_IMAGE as build RUN apt-get update && \ apt-get install -y ca-certificates && \ diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile index 895fd3a690..48aa178409 100644 --- a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile @@ -1,5 +1,7 @@ # Build the binary -FROM golang:latest as builder +ARG GO_IMAGE=golang:latest +ARG CERT_IMAGE=ubuntu:latest +FROM $GO_IMAGE as builder RUN mkdir -p /go/src/github.com/aws/amazon-cloudwatch-agent/ WORKDIR /go/src/github.com/aws/amazon-cloudwatch-agent/ @@ -11,7 +13,7 @@ COPY . /go/src/github.com/aws/amazon-cloudwatch-agent/ RUN make build && make package-deb # Install cert and binaries -FROM ubuntu:latest as cert +FROM $CERT_IMAGE as cert # NOTE: This arg will be populated by docker buildx # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope From e4d1bab4dcc728fcb696a3be464f54dff8e080da Mon Sep 17 00:00:00 2001 From: Pinglei Guo Date: Fri, 18 Dec 2020 10:30:54 -0800 Subject: [PATCH 4/4] build: Update instruction for building muli arch image for ECR --- .../cloudwatch-agent-dockerfile/README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md index e73cc44043..d648a17f4c 100644 --- a/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md +++ b/amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md @@ -1,7 +1,7 @@ # CloudWatch Agent Dockerfiles - [Dockerfile](Dockerfile) builds from the [latest release published on s3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html) -- [locadeb](localdeb/Dockerfile) builds from a local deb file +- [localdeb](localdeb/Dockerfile) builds from a local deb file - [source](source/Dockerfile) builds from source code, you can execute `make dockerized-build` at project root. ## Multi arch image @@ -30,7 +30,8 @@ You need to be aware of the following: Example using `docker manifest` ```bash -# NOTE: manifest is a experimental command, enable experimental in your ~/.docker/config.json with: +# NOTE: manifest is a experimental command, docker versions released after mid 2018 should have it +# enable experimental in your ~/.docker/config.json with: # { # "experimental": "enabled" # } @@ -38,7 +39,7 @@ docker manifest create cloudwatch-agent:foo --amend cloudwatch-agent:foo-arm64 - docker manifest push cloudwatch-agent:foo ``` -Example using `manifest-tool` +Example using `manifest-tool` and ECR, make sure to replace `{{account_id}}` and `{{aws_region}}` with your AWS account id and region. ```bash # NOTE: the released version of manifest-tool is a bit outdated, you need to build it from source @@ -47,13 +48,13 @@ manifest-tool push from-spec multi-arch-agent.yaml ```yaml # multi-arch-agent.yaml -image: 123.dkr.ecr.us-west-2.amazonaws.com/cloudwatch-agent:foo +image: {{account_id}}.dkr.ecr.{{aws_region}}.amazonaws.com/cloudwatch-agent:foo manifests: - - image: 123.dkr.ecr.us-west-2.amazonaws.com/cloudwatch-agent:foo-amd64 + - image: {{account_id}}.dkr.ecr.{{aws_region}}.amazonaws.com/cloudwatch-agent:foo-amd64 platform: architecture: amd64 os: linux - - image: 123.dkr.ecr.us-west-2.amazonaws.com/cloudwatch-agent:foo-arm64 + - image: {{account_id}}.dkr.ecr.{{aws_region}}.amazonaws.com/cloudwatch-agent:foo-arm64 platform: architecture: arm64 os: linux