Allow building images to any Docker registry and image builds in containers

[lewijacn]

Description

This change introduces a new pattern for building images to our tooling. It makes use of Jib for our Java applications (except for RFS currently as it has additional Dockerfile steps) and BuildKit for our other images, to allow building images to any specified docker registry, whether that be a local registry or a remote registry like AWS ECR. This pattern also allows for building the images with a container, which the bootstrapK8s helm chart utilizes to be able to pull this Github repository and build images within a K8s pod.

At a top level this can be executed, after following the setup steps in buildImages.md, like so:

./gradlew buildImagesToRegistry

And includes options for specifying the registry endpoint as well as the architecture to build with:

./gradlew buildImagesToRegistry -PregistryEndpoint=123456789012.dkr.ecr.us-west-2.amazonaws.com/my-ecr-repo -PimageArch=arm64

TODO:

• References to this branch should be replaced with main before merging

Issues Resolved

https://opensearch.atlassian.net/browse/MIGRATIONS-2523

Testing

Local and EKS testing

Check List

• New functionality includes testing
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[peternied]

Haven't go into much depth on jib or buildKit, but had commends on the overall organization

[peternied]

Code smell: this looks like what a interface with a Docker and ECR classes would be good at solving.

[lewijacn]

Let me investigate an interface for this

[lewijacn]

Added an interface for this now thanks 👍

[peternied]

Lets shift how this is declared to the place (/build.gradle?) where the image is defined.

[lewijacn]

Not sure I'm following this comment. I'd like the keep this common logic together, as well as keep the top level build.gradle as small as I can. Was this geared at trying to add some of this logic to the different subprojects?

[peternied]

Html formatting got me, I meant {project}/build.gradle e.g. replayer's build.gradle file would include those details instead of having them spread over the project.

{
  baseImageName : "amazoncorretto",
  baseImageTag : "17-al2023-headless",
  imageName : "traffic_replayer",
  imageTag  : "latest"
}

[gregschohn]

I was going to say +1 - but I really like the idea of keeping consistency for base images. I would be good to get those consolidated to one place and have the image names/tags defined within the subprojects.

After going through the rest of the PR... I think keeping more of the docker stuff outside the scope of the java projects makes sense. If somebody comes along and wants to build RFS as a java application for their own image (or AMI, etc) they shouldn't be concerned with the docker configs at all - even the image name. Those aren't details that matter for a java project in isolation.

Maybe we could rename or lift the configurations for all of the docker projects rather than w/in the Utils script. Would it make sense to have a new gradle project just to track the images?

[peternied]

We discussed this over a call but capturing it here. I'm apresenhive to approve this PR as is, it adds a new way to create docker images and I suppose I am asking why not replace the exist docker plugin with this change as it is. I'd rather we only use one tool at a time.

I know this might come at odds with the coupling in this PR with the registry publication, but I'd rather we replace com.bmuschko:gradle-docker-plugin with jib all at once and then introduce the container registry copying seperately.

[gregschohn]

We shouldn't make a wholesale switch because the new images aren't binary compatible with the old ones. They need to be invoked in a totally separate way. To do that, we'd need to add a large amount of code to other systems that are on the deprecation path (docker compose and ECS).

Leaving the two coexist for a little bit lets us track upstream changes more easily while we transition. Yes, it's a task, but given the staffing/importance of making the switch, it seems like a good tradeoff.

[gregschohn]

Thanks Tanner - there's tons of exciting stuff in here.
I've left a lot of feedback, much of it just so that I can understand more about what is going on. Please provide responses where you know the answers and if you don't, feel free to ignore.
I'd like to get some more understanding, then figure out what should be changed now, what doesn't matter, and what we can do later.
Thanks again!

[gregschohn]

Can you explain this one some more? Is this for any base image, or the test console one? Either way, I don't understand how this would be useful/how it wouldn't be problematic in some circumstances.

[gregschohn]

I recall putting escapedProjectName in place for some workaround. Do we still need it?

[gregschohn]

Why do you define this and why is it defined twice in the file (albeit with the same values)?

[gregschohn]

What is this file used for now?

[gregschohn]

We shouldn't make a wholesale switch because the new images aren't binary compatible with the old ones. They need to be invoked in a totally separate way. To do that, we'd need to add a large amount of code to other systems that are on the deprecation path (docker compose and ECS).

Leaving the two coexist for a little bit lets us track upstream changes more easily while we transition. Yes, it's a task, but given the staffing/importance of making the switch, it seems like a good tradeoff.

[gregschohn]

would anybody NOT working on this job ever use this flag?

[gregschohn]

does buildkit have a default port? 1234 sounds made-up :)

[gregschohn]

Again, just curious - if this gets turned off, what does the user see

[gregschohn]

Should this be more targeted to the bootstrapping phase or is it used afterwards for migrations?

[gregschohn]

WOOHOO