How to construct a minimal "distroless" image to run a golang service, which runs a java subservice?

huangapple
go评论83阅读模式
英文:

How to construct a minimal "distroless" image to run a golang service, which runs a java subservice?

问题

现在我有一个用Go语言编写的程序,我正在尝试在一个最小化的容器中运行它。当启动时,这个Go程序会启动另一个用Java编写的子程序,这个子程序也需要在容器中运行。我想知道如何构建我的Dockerfile以实现这个"distroless"镜像。

目前,我正在探索以下解决方案:

FROM <golang-distro> as go-builder
FROM <java-distro> as java-builder
FROM <minimal-base-image>

# 将所有设置Go运行时所需的文件复制到运行go-parent-service的容器中
COPY --from=go-builder /<golang-binaries> /

# 将所有设置Java运行时所需的文件复制到go-parent-service可以运行其Java子进程的容器中
COPY --from-java-builder /<jvm-binaries> /

# Go服务的可执行文件
COPY /go-parent-service /

# 运行Go服务,它将启动Java服务作为子进程
CMD ["/go-parent-service"]

这种方法是否合理,或者有没有更好的构建这个镜像的方法?我知道Go服务启动Java服务会使事情变得有些棘手,并且可能不是最佳实践。然而,由于我不拥有这个可执行文件,我无法将这些服务分离并在不同的容器中运行。

英文:

Right now I have an program, written in golang, that I am trying to run within a minimal container. When launched, this go program happens to start up another sub-program written in java, which also needs to run in the container. I am wondering how to construct my Dockerfile to accomplish this as a "distroless" image.

Right now I am exploring a solution like so:

FROM &lt;golang-distro&gt; as go-builder
FROM &lt;java-distro&gt; as java-builder
FROM &lt;minimal-base-image&gt;

# copy over all files needed to set up golang runtime to run go-parent-service
COPY --from=go-builder /&lt;golang-binaries&gt; /

# copy over all files needed to set up java runtime so go-parent-service can run its java sub process
COPY --from-java-builder /&lt;jvm-binaries&gt; /

# executable for the golang service
COPY /go-parent-service /

# run the golang service, which will also start up the java service as sub process
CMD [&quot;/go-parent-service&quot;]

Does this approach make sense, or is there a better way to construct this image? I am aware the go service starting up the java service makes things a bit trickier, and may not be best practice. However since I do not own this executable I am unable to separate out these services and run them in different containers.

答案1

得分: 1

由于涉及到Java,你的最小基础镜像必须至少包含JRE以运行Java类。

Go程序不需要在目标镜像上安装/复制Golang,因为它可以在目标镜像的Go发行版上构建为可执行文件。

如果可编译的Go源代码和Java源代码可用

FROM golang:<flavor> as go-builder 
# 在这里构建Go程序,即生成一个二进制文件

FROM jdk-image:<flavor> as java-builder
# 在这里将源代码编译为Java类或jar文件

FROM <jre image>:<flavor>
COPY --from=go-builder <go可执行文件> .
COPY --from=java-builder <java jar和相关依赖> .

CMD/ENTRYPOINT ["<运行Go二进制文件>"]

flavor: alpine, slim等。

否则,如果已经存在二进制文件,即Go二进制文件和带有所需依赖项的Java jar文件,则可以将它们简单地复制到最终的Java-JRE镜像中并运行。前提是这些二进制文件是针对目标操作系统创建的。

英文:

As there is java involved, your minimal-base-image has to have (atleast) JRE for running the java classes.

Go program will not need golang installed/copied on the target image as it can be built to executable on the go-distro for target image.

IF go sources and java sources are available to be compiled

FROM golang:&lt;flavor&gt; as go-builder 
# Build go program here, i.e. produce a binary

FROM jdk-image:&lt;flavor&gt; as java-builder
# Compile sources to java classes or jar here

FROM &lt;jre image&gt;:&lt;flavor&gt;
COPY --from go-builder &lt;go executable&gt; .
COPY --from java-builder &lt;java jar and related deps&gt; .

CMD/ENTRYPOINT [&quot;&lt;run go bainary&gt;&quot;]

flavor: alpine, slim etc.

ELSE Binaries are available i.e. go binary and java jar with required dependencies; then they can simply be copied to the final Java-JRE image and run. Provided the binaries have been created with target OS in mind.

huangapple
  • 本文由 发表于 2022年8月30日 00:45:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/73532043.html
  • distroless
  • docker
  • dockerfile
  • go
  • java
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定