Create UBI-based images for CNG
This MR adds new CNG Docker images that are based on for RHEL UBI. It contains numerous changes. The following comments can help to review them faster:
- A new image, named
gitlab-ubi-build
, is added. It contains any build tool and compile-time dependency that is needed for building other images. This image always taggedlatest
and you must only use this tag. - A new Dockerfile, named
Dockerfile.ubi
, is added to 17 out of 19 existing images. This Dockerfile contains UBI specific build instructions. - The images that don't have UBI version are
alpine-certificates
andcfssl-self-sign
. - At the moment we use UBI8 as the base image. All images accept
UBI_IMAGE
as a build argument. By default it is set to useregistry.access.redhat.com/ubi8/ubi
. - These images are added to the build pipeline. They're not built by default. When
UBI_PIPELINE
CI variable is set totrue
the pipeline builds these images. In this mode the pipeline only builds UBI images. - In UBI build mode, only EE version of Rails-based images are built (CE images are excluded).
- These images can be only built on
gitlab.com
. They are not part of the release process. Hence, they can be only built from feature branches. - Utility images, such as
gitlab-python
,kubectl
,postgresql
,gitlab-go
, andgit-base
are tagged with their specified version and-ubi
extension. The rest of the images are tagged with the branch name and-ubi
extension. - These images extensively use a layering technique which builds binaries in separate images and copies dependencies from other images. For example, when an image requires Ruby or Python it copies it from
gitlab-ruby
orgitlab-python
image. As a result, the base image of some of the UBI-based images are not the same as their non-UBI counterpart, e.g.gitlab-go
is not the base image forgitlab-shell
or any other image. These images are either based onubi8
(likegitlab-elasticsearch-indexer
) orgitlab-ruby
(likegitlab-shell
). - There are a few minor changes to the existing images. These changes are either cosmetic, e.g. directory structure, or applied for the purpose of portability.
For testing you can pull the images:
registry.gitlab.com/gitlab-org/build/cng/gitlab-ubi-builder:latest
registry.gitlab.com/gitlab-org/build/cng/kubectl:1.12.10-ubi
registry.gitlab.com/gitlab-org/build/cng/postgresql:10.9-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-python:3.7.3-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-go:1.12.9-ubi
registry.gitlab.com/gitlab-org/build/cng/git-base:2.22.0-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-ruby:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-mailroom:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-redis-ha:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitaly:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-elasticsearch-indexer:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ee:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-unicorn-ee:443-ubi-images-ubi
registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee:443-ubi-images-ubi
Edited by Hossein Pursultani