1

Right now I have an program, written in golang, that I am trying to run within a minimal container. When launched, this go program happens to start up another sub-program written in java, which also needs to run in the container. I am wondering how to construct my Dockerfile to accomplish this as a "distroless" image.

Right now I am exploring a solution like so:

FROM <golang-distro> as go-builder
FROM <java-distro> as java-builder
FROM <minimal-base-image>

# copy over all files needed to set up golang runtime to run go-parent-service
COPY --from=go-builder /<golang-binaries> /

# copy over all files needed to set up java runtime so go-parent-service can run its java sub process
COPY --from-java-builder /<jvm-binaries> /

# executable for the golang service
COPY /go-parent-service /

# run the golang service, which will also start up the java service as sub process
CMD ["/go-parent-service"]

Does this approach make sense, or is there a better way to construct this image? I am aware the go service starting up the java service makes things a bit trickier, and may not be best practice. However since I do not own this executable I am unable to separate out these services and run them in different containers.

user313
  • 681
  • 1
  • 8
  • 21
  • In COPY steps, what are the binaries that are being copied? are these the binaries created for your project after build / package i.e. your go executable and java classes or are these golang and jvm binaries which provide java and golang on system? –  Aug 30 '22 at 07:02
  • My intention is that these would be the latter, ie the golang and jvm binaries (which would then allow me to run the go executable and java classes) – user313 Aug 30 '22 at 17:07
  • For running the go executable, you will not need the go binaries, so they can be skipped. `go build ` creates the executable that can be run without golang binaries on the target machine/image. –  Aug 31 '22 at 04:38

1 Answers1

1

As there is java involved, your minimal-base-image has to have (atleast) JRE for running the java classes.

Go program will not need golang installed/copied on the target image as it can be built to executable on the go-distro for target image.

IF go sources and java sources are available to be compiled

FROM golang:<flavor> as go-builder 
# Build go program here, i.e. produce a binary

FROM jdk-image:<flavor> as java-builder
# Compile sources to java classes or jar here

FROM <jre image>:<flavor>
COPY --from go-builder <go executable> .
COPY --from java-builder <java jar and related deps> .

CMD/ENTRYPOINT ["<run go bainary>"]

flavor: alpine, slim etc.

ELSE Binaries are available i.e. go binary and java jar with required dependencies; then they can simply be copied to the final Java-JRE image and run. Provided the binaries have been created with target OS in mind.

  • Thank you for the reply @s3vt. Regarding your comment `your minimal-base-image has to have (atleast) JRE for running the java classes` I am wondering why the base image must include JRE. For example, would it be possible to use a base image that doesn't have JRE to begin with, and then copy over the files needed to run JRE into that base image? I might be way off the mark here, but just looking to better understand. – user313 Aug 30 '22 at 17:00
  • Copying JRE binaries will work too, they just need to be compatible for the target minimal-base-image. –  Aug 31 '22 at 04:36