search

slimtoolkit / slim

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
Apache License 2.0
19.34k stars 726 forks source link

Dockerslim comms port and ssl issues while running in Tekton task #528

Open pashaimran opened 1 year ago

pashaimran commented 1 year ago

Expected Behavior

Image should be optimised and pushed to registry.

Actual Behavior

Dockerfile is failing with ssl issues, even though ports are open and firewall has no restrictions.

docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community' docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS' docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions' docker-slim[build]: info=probe message='changing continue-after from probe to enter because http-probe is disabled' cmd=build state=started cmd=build info=params context=./file=demo1/manifests/ocp4-np1-lz-aws/Dockerfile continue.mode=enter rt.as.user=true keep.perms=true cmd=build state=building message='building basic image' cmd=build info=basic.image.info tag=docker-slim-tmp-fat-image.13.20230603123528 dockerfile=demo1/manifests/ocp4-np1-lz-aws/Dockerfile context=. cmd=build build logs (standard image) ==================== Step 1/6 : FROM quay.apps.lz-np2.ent-ocp4-useast1.aws.internal.das/openshift-base-images/ubi8-nodejs16-oracle-nettools-image-with-certs:latest ---> ee7720cc4911 Step 2/6 : USER root ---> Using cache ---> b28ff6e44cd4 Step 3/6 : COPY ./cacerts/cacerts /etc/pki/ca-trust/extracted/java/cacerts ---> f994e77ffb93 Step 4/6 : COPY ./cacerts/cacerts /usr/share/pki/ca-trust-source/anchors/cacerts ---> 42d01648e776 Step 5/6 : COPY ./cacerts/cacerts /etc/pki/ca-trust/source/anchors/cacerts ---> 8d5e4d861ff3 Step 6/6 : RUN yum install curl -y ---> Running in bb2b58f69a7d Updating Subscription Management repositories. Unable to read consumer identity Subscription Manager is operating in container mode.

This system is not registered with an entitlement server. You can use subscription-manager to register.

Red Hat Universal Base Image 8 (RPMs) - BaseOS 0.0 B/s | 0 B 00:00
Errors during downloading metadata for repository 'ubi-8-baseos-rpms':

If i remove any RUN command from dockerfile it is giving comms ports error

docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community' docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS' docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions' docker-slim[build]: info=probe message='changing continue-after from probe to enter because http-probe is disabled' cmd=build state=started cmd=build info=params context=./file=demo1/manifests/ocp4-np1-lz-aws/Dockerfile continue.mode=enter rt.as.user=true keep.perms=true cmd=build state=building message='building basic image' cmd=build info=basic.image.info tag=docker-slim-tmp-fat-image.12.20230603125012 dockerfile=demo1/manifests/ocp4-np1-lz-aws/Dockerfile context=. cmd=build state=basic.image.build.completed cmd=build state=image.inspection.start cmd=build info=image id=sha256:f946673b3b279928e0ef4a58f1a04e0751664ac27c7050735ceac37dd6a3630d size.bytes=1352761934 size.human=1.4 GB cmd=build info=image.users exe='root' all='1001,root,1001,root,1001,root,1001,root' cmd=build info=image.stack index=0 name='slim-tmp-fat-image.13.20230529165610:latest' id='sha256:ee7720cc49118c5a8280baf154006d8ebfeae5866c3897a6400635f61e1a5f34' cmd=build info=image.stack index=1 name='docker-slim-tmp-fat-image.12.20230603125012:latest' id='sha256:f946673b3b279928e0ef4a58f1a04e0751664ac27c7050735ceac37dd6a3630d' cmd=build info=image.exposed_ports list='8080' cmd=build state=image.inspection.done cmd=build state=container.inspection.start cmd=build info=container status=created name=dockerslimk_12_20230603125014 id=7d0b000fb36d1a7583452b9ecfc3cc9a30c4c9db91570c434aaf06de25a85260

Steps to Reproduce the Problem

--- Specifications ================= - Version: latest - Platform: Tekton
kcq commented 1 year ago

@pashaimran looks like you are using slim to build your regular image for you by pointing at your Dockerfile. And when the image is building Docker can't resolve the cdn-ubi.redhat.com domain. This is normally addressed with extra flags to the docker build command and slim has similar parameters (e.g., cbo-add-host and other cbo-* flags). Either way, I would recommend starting simple where you don's use slim to build the original image for you. You should also start with a local setup first before you do it in Tekton. It'll make it much easier to debug :-)

For additional debug information you should add the global --debug flag and the --show-clogs flag for build command: slim --debug build --show-clogs YOUR_OTHER_FLAGS_HERE YOUR_TARGET_IMAGE_NAME_HERE

It also appears you are using an older version of slim. The current version is 1.40.2. Note the executable name changes there.