Migrate cp-kafka-rest to UBI9 micro base image#131
Draft
Krish Vora (KrishVora01) wants to merge 1 commit intomasterfrom
Draft
Migrate cp-kafka-rest to UBI9 micro base image#131Krish Vora (KrishVora01) wants to merge 1 commit intomasterfrom
Krish Vora (KrishVora01) wants to merge 1 commit intomasterfrom
Conversation
Copilot started reviewing on behalf of
Krish Vora (KrishVora01)
February 22, 2026 12:08
View session
Switch from single-stage cp-base-java to 3-stage multi-stage build using cp-base-java-micro: - Stage 1: Extract package_dedupe tool from cp-base-java-micro - Stage 2: Install confluent-kafka-rest, confluent-telemetry, confluent-security RPMs into /microdir using dnf --installroot - Stage 3: Selectively COPY to cp-base-java-micro final image Key changes: - Base image: cp-base-java -> cp-base-java-micro - Package manager: microdnf -> dnf --installroot=/microdir - User: appuser hardcoded -> ${APP_UID}/${APP_GID} variables - COPY: --chown=appuser:appuser -> separate RUN chown - Remove unused confluent-security subdirs (schema-registry, connect, ksql) - Remove user database files to preserve base image's appuser - Consolidate /usr/bin/ COPYs into single layer for RedHat cert (<40 layers) - Add UBI9_VERSION build arg to pom.xml for both spotify and fabric8 plugins Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
airlock-confluentinc
bot
force-pushed
the
micro-migration-ubi9
branch
from
95c34b7 to
4f596c5
Compare
There was a problem hiding this comment.
Pull request overview
Migrates the cp-kafka-rest image build to a UBI9-based multi-stage approach to reduce final image size by installing RPMs into an installroot and selectively copying artifacts into a cp-base-java-micro final image.
Changes:
- Convert
kafka-rest/Dockerfile.ubi9from single-stagecp-base-javato a 3-stage build (tools → builder → final) usingcp-base-java-micro. - Install
confluent-kafka-rest,confluent-telemetry, andconfluent-securityinto/microdir, remove unused security subdirs, and dedupe jars before copying into the final image. - Pass
UBI9_VERSIONas a Docker build arg via both spotify and fabric8 Maven Docker plugins.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| kafka-rest/pom.xml | Adds UBI9_VERSION build-arg wiring for spotify + fabric8 Docker build plugins. |
| kafka-rest/Dockerfile.ubi9 | Implements multi-stage UBI9 builder installroot flow and switches final image to cp-base-java-micro with selective copies and UID/GID-based ownership. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+18
to
+25
| ARG UBI9_VERSION | ||
|
|
||
| FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-java:${DOCKER_UPSTREAM_TAG} | ||
| # Stage 1: Get package_dedupe tool from base image | ||
| FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-java-micro:${DOCKER_UPSTREAM_TAG} AS tools | ||
|
|
||
| # Stage 2: Install packages using ubi9 with dnf to /microdir | ||
| FROM registry.access.redhat.com/ubi9:${UBI9_VERSION} AS builder | ||
|
|
There was a problem hiding this comment.
UBI9_VERSION is used in the FROM registry.access.redhat.com/ubi9:${UBI9_VERSION} instruction but the ARG UBI9_VERSION has no default. If the build arg isn’t provided (e.g., local docker build), the build will fail due to an invalid base image reference. Consider providing a safe default (or switching to a pinned default) and/or documenting/enforcing the required build arg in the build tooling.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
cp-base-javato 3-stage multi-stage build usingcp-base-java-micropackage_dedupetool fromcp-base-java-microconfluent-kafka-rest,confluent-telemetry,confluent-securityRPMs into/microdirusingdnf --installrootcp-base-java-microfinal imageconfluent-securitysubdirs (schema-registry, connect, ksql)appuserhardcoded ->${APP_UID}/${APP_GID}variablesUBI9_VERSIONbuild arg to pom.xml for both spotify and fabric8 pluginsTest plan
./run-kind-e2e-kafka-rest.sh🤖 Generated with Claude Code