How to construct a minimal "distroless" image to run a golang service, which runs a java subservice?

huangapple
go评论114阅读模式
英文:

How to construct a minimal "distroless" image to run a golang service, which runs a java subservice?

问题

现在我有一个用Go语言编写的程序,我正在尝试在一个最小化的容器中运行它。当启动时,这个Go程序会启动另一个用Java编写的子程序,这个子程序也需要在容器中运行。我想知道如何构建我的Dockerfile以实现这个"distroless"镜像。

目前,我正在探索以下解决方案:

  1. FROM <golang-distro> as go-builder
  2. FROM <java-distro> as java-builder
  3. FROM <minimal-base-image>
  5. # 将所有设置Go运行时所需的文件复制到运行go-parent-service的容器中
  6. COPY --from=go-builder /<golang-binaries> /
  8. # 将所有设置Java运行时所需的文件复制到go-parent-service可以运行其Java子进程的容器中
  9. COPY --from-java-builder /<jvm-binaries> /
  11. # Go服务的可执行文件
  12. COPY /go-parent-service /
  14. # 运行Go服务,它将启动Java服务作为子进程
  15. CMD ["/go-parent-service"]

这种方法是否合理,或者有没有更好的构建这个镜像的方法?我知道Go服务启动Java服务会使事情变得有些棘手,并且可能不是最佳实践。然而,由于我不拥有这个可执行文件,我无法将这些服务分离并在不同的容器中运行。

英文:

Right now I have an program, written in golang, that I am trying to run within a minimal container. When launched, this go program happens to start up another sub-program written in java, which also needs to run in the container. I am wondering how to construct my Dockerfile to accomplish this as a "distroless" image.

Right now I am exploring a solution like so:

  1. FROM &lt;golang-distro&gt; as go-builder
  2. FROM &lt;java-distro&gt; as java-builder
  3. FROM &lt;minimal-base-image&gt;
  5. # copy over all files needed to set up golang runtime to run go-parent-service
  6. COPY --from=go-builder /&lt;golang-binaries&gt; /
  8. # copy over all files needed to set up java runtime so go-parent-service can run its java sub process
  9. COPY --from-java-builder /&lt;jvm-binaries&gt; /
  11. # executable for the golang service
  12. COPY /go-parent-service /
  14. # run the golang service, which will also start up the java service as sub process
  15. CMD [&quot;/go-parent-service&quot;]

Does this approach make sense, or is there a better way to construct this image? I am aware the go service starting up the java service makes things a bit trickier, and may not be best practice. However since I do not own this executable I am unable to separate out these services and run them in different containers.

答案1

得分: 1

由于涉及到Java,你的最小基础镜像必须至少包含JRE以运行Java类。

Go程序不需要在目标镜像上安装/复制Golang,因为它可以在目标镜像的Go发行版上构建为可执行文件。

如果可编译的Go源代码和Java源代码可用

  1. FROM golang:<flavor> as go-builder 
  2. # 在这里构建Go程序,即生成一个二进制文件
  4. FROM jdk-image:<flavor> as java-builder
  5. # 在这里将源代码编译为Java类或jar文件
  7. FROM <jre image>:<flavor>
  8. COPY --from=go-builder <go可执行文件> .
  9. COPY --from=java-builder <java jar和相关依赖> .
  11. CMD/ENTRYPOINT ["<运行Go二进制文件>"]

flavor: alpine, slim等。

否则,如果已经存在二进制文件,即Go二进制文件和带有所需依赖项的Java jar文件,则可以将它们简单地复制到最终的Java-JRE镜像中并运行。前提是这些二进制文件是针对目标操作系统创建的。

英文:

As there is java involved, your minimal-base-image has to have (atleast) JRE for running the java classes.

Go program will not need golang installed/copied on the target image as it can be built to executable on the go-distro for target image.

IF go sources and java sources are available to be compiled

  1. FROM golang:&lt;flavor&gt; as go-builder 
  2. # Build go program here, i.e. produce a binary
  4. FROM jdk-image:&lt;flavor&gt; as java-builder
  5. # Compile sources to java classes or jar here
  7. FROM &lt;jre image&gt;:&lt;flavor&gt;
  8. COPY --from go-builder &lt;go executable&gt; .
  9. COPY --from java-builder &lt;java jar and related deps&gt; .
  11. CMD/ENTRYPOINT [&quot;&lt;run go bainary&gt;&quot;]

flavor: alpine, slim etc.

ELSE Binaries are available i.e. go binary and java jar with required dependencies; then they can simply be copied to the final Java-JRE image and run. Provided the binaries have been created with target OS in mind.

huangapple
  • 本文由 发表于 2022年8月30日 00:45:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/73532043.html
  • distroless
  • docker
  • dockerfile
  • go
  • java
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定