close

Filter

loading table of contents...

Release Notes / Version 11.2204

Table Of Contents

Container Image Build Process Changes

The dockerfile-maven-plugin has been replaced with the google-jib-plugin to build OCI conform container images, because the dockerfile-maven-plugin is no longer maintained. The google-jib-plugin integrates well with Spring-Boot applications and allows to build images securely without Docker being installed. This allows for a rootless, daemonless build but restricts the image building process to use only adding image layers by adding resources. There is no possibility to execute any RUN steps during the build process. Building the images without docker now requires a configured container registry although it is still possible to build images in the local docker daemon, without the need of a registry.

The switch to the new image build process is tightly coupled to the recent change to build all artifacts in a reproducible manner, resulting in identical image digests when no the source has not changed. With Spring Boot layered applications, this results in a faster build and smaller upload size to your container registry. Because file and image creation date affect the resulting image digest, jib sets the date to Unix epoch (00:00:00, January 1st, 1970 in UTC). If you do not like this, you can enable the current timestamp in the jib-maven-plugin, but this sacrifices reproducibility since the timestamp will change with every build.

<container>
  <useCurrentTimestamp>true</useCurrentTimestamp>
</container>

As a result of this change, the image build process moved to the application modules and the docker directory hierarchy has been removed.

All Spring-Boot application images are still based on the coremedia/java-application-base images will run with only some small breaking changes to the previous images. The breaking changes include:

  • the application root directory /coremedia is now write protected as it is intended by the google-jib-plugin .

  • The log files are now written to /coremedia/log/application.log if the dev profile is activated.

To build the images, the properties and Maven profiles have changed:

  • the Maven profile to build the image is now named default-image with the property jib.goal to be either set to build or dockerBuild , depending on whether you want to use the Docker daemon or the registry as a build target.

  • the property to define the registry has been renamed from docker.repository.prefix to application.image-prefix

  • the property to define the image tag has been renamed from docker.image.tag to application.image-tag

  • the property to define the base image has been renamed from docker.java-application-base-image.repo to application.image-base

  • the property to define the image name has been renamed from docker.repository.suffix to application.image-suffix

The new images do not contain any health checks directive any more, if you rely on the docker health checks, please define them either on the command line or in your docker-compose file.

services:
  foo:
    test: [ "CMD", "curl", "-Lf", "http://localhost:8081/actuator/health" ]
    interval: 30s
    timeout: 10s
    retries: 3
    start_period: 40s

docker run --health-cmd='curl -Lf http://localhost:8081/actuator/health || exit 1' \
    --health-interval=30s \
    --health-timeout=10s \
    --health-start-period=40s \
    --health-retries=3 <image>

(CMS-18332)

Search Results

Table Of Contents