Skip to content

Migrate cp-kafka-rest to UBI9 micro base image #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Krish Vora (KrishVora01) wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Migrate cp-kafka-rest to UBI9 micro base image #131

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 61 additions & 31 deletions kafka-rest/Dockerfile.ubi9
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,52 @@

ARG DOCKER_UPSTREAM_REGISTRY
ARG DOCKER_UPSTREAM_TAG=ubi9-latest
ARG UBI9_VERSION

FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-java:${DOCKER_UPSTREAM_TAG}
# Stage 1: Get package_dedupe tool from base image
FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-java-micro:${DOCKER_UPSTREAM_TAG} AS tools

# Stage 2: Install packages using ubi9 with dnf to /microdir
FROM registry.access.redhat.com/ubi9:${UBI9_VERSION} AS builder

Comment on lines +18 to +25
Copy link

Copilot AI Feb 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UBI9_VERSION is used in the FROM registry.access.redhat.com/ubi9:${UBI9_VERSION} instruction but the ARG UBI9_VERSION has no default. If the build arg isn’t provided (e.g., local docker build), the build will fail due to an invalid base image reference. Consider providing a safe default (or switching to a pinned default) and/or documenting/enforcing the required build arg in the build tooling.

Copilot uses AI. Check for mistakes.
ARG BUILD_NUMBER=-1
ARG PROJECT_VERSION
ARG ARTIFACT_ID
ARG GIT_COMMIT
ARG CONFLUENT_VERSION
ARG CONFLUENT_PACKAGES_REPO
ARG CONFLUENT_PLATFORM_LABEL

RUN echo "===> Adding confluent repository...${CONFLUENT_PACKAGES_REPO}" \
&& rpm --import ${CONFLUENT_PACKAGES_REPO}/archive.key \
&& printf "[Confluent] \n\
name=Confluent repository \n\
baseurl=${CONFLUENT_PACKAGES_REPO}/ \n\
gpgcheck=1 \n\
gpgkey=${CONFLUENT_PACKAGES_REPO}/archive.key \n\
enabled=1 " > /etc/yum.repos.d/confluent.repo \
&& mkdir -p /microdir

COPY --from=tools /usr/bin/package_dedupe /usr/local/bin/package_dedupe

RUN echo "===> Installing confluent-kafka-rest, confluent-telemetry, confluent-security ..." \
&& dnf install -y --installroot=/microdir --releasever=9 --setopt=install_weak_deps=False --nodocs \
confluent-kafka-rest-${CONFLUENT_VERSION} \
confluent-telemetry-${CONFLUENT_VERSION} \
confluent-security-${CONFLUENT_VERSION} \
&& echo "===> Deduping jars in /microdir ..." \
&& package_dedupe /microdir/usr/share/java \
&& echo "===> Cleaning up ..." \
&& dnf --installroot=/microdir clean all \
&& rm -rf /microdir/var/cache/* /microdir/var/log/dnf* /microdir/var/log/yum.* \
&& rm -rf /etc/yum.repos.d/confluent.repo \
&& echo "===> Removing user database files to preserve base image's appuser ..." \
&& rm -f /microdir/etc/passwd /microdir/etc/group /microdir/etc/shadow /microdir/etc/gshadow \
/microdir/etc/subuid /microdir/etc/subgid \
&& rm -rf /microdir/dev/* /microdir/proc/* /microdir/sys/*

# Stage 3: Final image using cp-base-java-micro
FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-java-micro:${DOCKER_UPSTREAM_TAG}

# default listener
EXPOSE 8082
Expand All @@ -40,39 +84,25 @@ LABEL io.confluent.docker.build.number=$BUILD_NUMBER
LABEL io.confluent.docker=true
LABEL io.confluent.docker.git.repo="confluentinc/kafka-rest-images"

ARG CONFLUENT_VERSION
ARG CONFLUENT_PACKAGES_REPO
ARG CONFLUENT_PLATFORM_LABEL

USER root

RUN echo "===> Installing ${COMPONENT}..." \
&& echo "===> Adding confluent repository...${CONFLUENT_PACKAGES_REPO}" \
&& rpm --import ${CONFLUENT_PACKAGES_REPO}/archive.key \
&& printf "[Confluent] \n\
name=Confluent repository \n\
baseurl=${CONFLUENT_PACKAGES_REPO}/ \n\
gpgcheck=1 \n\
gpgkey=${CONFLUENT_PACKAGES_REPO}/archive.key \n\
enabled=1 " > /etc/yum.repos.d/confluent.repo \
&& microdnf install -y \
confluent-${COMPONENT}-${CONFLUENT_VERSION} \
# We are installing confluent-telemetry package explicitly because
# Rest proxy's deb/rpm packages cannot directly depend on
# confluent-telemetry package as Rest proxy is Open Source.
confluent-telemetry-${CONFLUENT_VERSION} \
confluent-security-${CONFLUENT_VERSION} \
&& echo "===> Deduping jars present in /usr/share/java ..." \
&& package_dedupe /usr/share/java \
&& echo "===> clean up ..." \
&& microdnf clean all \
&& rm -rf /tmp/* /etc/yum.repos.d/confluent.repo \
&& echo "===> Setting up ${COMPONENT} dirs" \
&& chown appuser:root -R /etc/${COMPONENT} \
&& chmod -R ug+w /etc/${COMPONENT}
COPY --from=builder /microdir/usr/bin/kafka-rest-run-class /usr/bin/
COPY --from=builder /microdir/usr/bin/kafka-rest-start /usr/bin/
COPY --from=builder /microdir/usr/bin/kafka-rest-stop /usr/bin/
COPY --from=builder /microdir/usr/bin/kafka-rest-stop-service /usr/bin/
COPY --from=builder /microdir/usr/bin/security-plugins-run-class /usr/bin/
COPY --from=builder /microdir/usr/bin/sr-acl-cli /usr/bin/
COPY --from=builder /microdir/usr/share/java /usr/share/java
COPY --from=builder /microdir/usr/share/doc /usr/share/doc
COPY --from=builder /microdir/etc/kafka-rest /etc/kafka-rest

COPY --chown=appuser:appuser include/etc/confluent/docker /etc/confluent/docker
COPY include/etc/confluent/docker/ /etc/confluent/docker/
RUN chown -R ${APP_UID}:${APP_GID} /etc/confluent/docker

RUN echo "===> Setting up ${COMPONENT} dirs ..." \
&& chown ${APP_UID}:root -R /etc/${COMPONENT} \
&& chmod -R ug+w /etc/${COMPONENT}

USER appuser
USER ${APP_UID}

CMD ["/etc/confluent/docker/run"]
26 changes: 26 additions & 0 deletions kafka-rest/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,32 @@
</execution>
</executions>
</plugin>

<plugin>
<groupId>com.spotify</groupId>
<artifactId>dockerfile-maven-plugin</artifactId>
<configuration>
<buildArgs>
<UBI9_VERSION>${ubi9.image.version}</UBI9_VERSION>
</buildArgs>
</configuration>
</plugin>

<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
<configuration>
<images>
<image>
<build>
<args>
<UBI9_VERSION>${ubi9.image.version}</UBI9_VERSION>
</args>
</build>
</image>
</images>
</configuration>
</plugin>
</plugins>
</build>
</project>