Dockerfile for Metricbeat based on ubi8

Hi everyone,

we are trying to build a Metricbeat Image based on ubi8. There are a lot of information's but no one explaines how this can be archived.

I reverse engineered the official Image but there must be another way to build the Image correctly. Some files are missing too (docker-entrypoint, licenses). I am new to containerisation and would appreciate help.

Could someone give advice how we can build this with a Dockerfile and ubi8?

ADD file:b3ebbe8bd304723d43b7b44a6d990cd657b63d93d6a2a9293983a30bfc1dfa53 in /
LABEL org.label-schema.schema-version=1.0 Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.opencontainers.image.title=CentOS Base Image org.opencontainers.image.vendor=CentOS org.opencontainers.image.licenses=GPL-2.0-only org.opencontainers.image.created=2020-11-13 00:00:00+00:00
CMD ["/bin/bash"]
RUN /bin/sh -c yum -y --setopt=tsflags=nodocs update \
    && yum clean all
LABEL org.label-schema.schema-version=1.0 org.label-schema.vendor=Elastic org.label-schema.license=Elastic License org.label-schema.version=7.11.0 org.label-schema.url= org.label-schema.vcs-ref=84c4d4c4034fcb49c1a318ccdc7311d70adee15b io.k8s.description=Metricbeat is a lightweight shipper for metrics. io.k8s.display-name=Metricbeat image org.opencontainers.image.created=2021-02-08T22:52:45Z org.opencontainers.image.licenses=Elastic License org.opencontainers.image.title=Metricbeat org.opencontainers.image.vendor=Elastic name=metricbeat vendor=Elastic version=7.11.0 release=1 url= summary=metricbeat license=Elastic License description=Metricbeat is a lightweight shipper for metrics.
ENV PATH=/usr/share/metricbeat:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV GODEBUG=madvdontneed=1
RUN /bin/sh -c set -e ;   TINI_VERSION='v0.19.0' ;   TINI_BIN='tini-amd64' ;   TINI_SHA256='93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c' ;   curl --retry 8 -S -L -O "${TINI_VERSION}/${TINI_BIN}" ;   echo "${TINI_SHA256} ${TINI_BIN}" | sha256sum -c - ;   mv "${TINI_BIN}" /usr/bin/tini ;   chmod +x /usr/bin/tini
COPY file:0c7d6c5e7a9eb5b92e259f2240c93301dd7753f797052ab786ec388e1df59c6d in /usr/local/bin/docker-entrypoint
RUN /bin/sh -c chmod 755 /usr/local/bin/docker-entrypoint
COPY dir:09dc8cb6603b804a522bc18146951c214bab2ae305c7119180642b7ecc16958e in /usr/share/metricbeat
RUN /bin/sh -c mkdir /licenses
COPY file:cdbc231fbc5655dba62a5dfcd044a7cd1f1ff5c6ed03d382f939f06965440fa3 in /licenses
COPY file:9697170cbb2eabaa1fb3217b51c56b81ef5be1a8d0d7eb1243c52286dde3ce48 in /licenses
RUN /bin/sh -c groupadd --gid 1000 metricbeat
RUN /bin/sh -c useradd -M --uid 1000 --gid 1000 --groups 0 --home /usr/share/metricbeat metricbeat
USER metricbeat
WORKDIR /usr/share/metricbeat
ENTRYPOINT ["/usr/bin/tini" "--" "/usr/local/bin/docker-entrypoint"]
CMD ["-environment" "container"]


Can't you start from a ubi8 container image and build Metricbeat from source inside it?

Hi ChrsMark,

is there a manual for it? I dont know how to do it. Do you mean like a multistage build?

I would try with a ubi8 (maybe with golang already installed) base image and then within the same Dockerfile I would try to download the project from the source and build it. The final container image should have the binary.

I'm not sure how easy it is and if even possible (I'm not familiar with ubi8) but is the only thing I can think of right now.


I was able to create the Dockerfile from the source. In this post I would like to share my experience and help others. Many thanks to @jarpy for the right tip´s.

To create a Dockerfile for Metricbeat you have to build the image from source. This will create an image the docker-entry file and dockerfile. This dockerfile you can then customize to your wishes, in my case the use with ubi8.

I created a new centos7 vm for this because I had problems with my Ubuntu desktop python. I would recommend this to you as well.

After the machine is up it's time to install python3, mage, go and a few other tools.

At first OS

yum -y update
yum install python3
yum install -y wget && yum install -y git
yum groupinstall "Development Tools" -y
yum install openssl-devel libffi-devel bzip2-devel -y

Now docker installation

yum install -y yum-utils
yum install docker-ce docker-ce-cli
systemctl start docker
systemctl enable docker

Next install GO

sha256sum go1.16.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.16.linux-amd64.tar.gz
export PATH=PATH:/usr/local/go/bin source ~/.bash_profile go version export PATH=(go env GOPATH)/bin:$PATH

Install Mage

cd /usr/local/go
git clone GitHub - magefile/mage: a Make/rake-like dev tool using Go
cd mage
go run bootstrap.go

git clone
cd /beats/metricbeat

And now we start to build Metricbeat from source under /beats/metricbeat
mage package
No you have to wait 10-15min for the build

What is the outcome?

Under the path in the beats folder

should now be the docker-build folder with all the things you need to build the docker Image. If you do a docker image on your centos vm you will see the Metricbeat image build from source too

Dockerfile Metricbeat

# Prepare home in a different stage to avoid creating additional layers on
# the final image because of permission changes.
FROM centos:7 AS home

COPY beat /usr/share/metricbeat

RUN mkdir -p /usr/share/metricbeat/data /usr/share/metricbeat/logs && \
    chown -R root:root /usr/share/metricbeat && \
    find /usr/share/metricbeat -type d -exec chmod 0755 {} \; && \
    find /usr/share/metricbeat -type f -exec chmod 0644 {} \; && \
    chmod 0755 /usr/share/metricbeat/metricbeat && \
    chmod 0775 /usr/share/metricbeat/modules.d && \
    chmod 0775 /usr/share/metricbeat/data /usr/share/metricbeat/logs

FROM centos:7
RUN yum -y --setopt=tsflags=nodocs update \
  && yum clean all && rm -rf /var/cache/yum
  # See for why rm is needed

LABEL \"2021-04-26T06:02:59Z" \
  org.label-schema.schema-version="1.0" \
  org.label-schema.vendor="Elastic" \
  org.label-schema.license="ASL 2.0" \"metricbeat" \
  org.label-schema.version="8.0.0" \
  org.label-schema.url="" \
  org.label-schema.vcs-url="" \
  org.label-schema.vcs-ref="3d16785c66d72eba29b10aa896887e6e5e89879e" \
  io.k8s.description="Metricbeat is a lightweight shipper for metrics." \
  io.k8s.display-name="Metricbeat image" \
  org.opencontainers.image.created="2021-04-26T06:02:59Z" \
  org.opencontainers.image.licenses="ASL 2.0" \
  org.opencontainers.image.title="Metricbeat" \
  org.opencontainers.image.vendor="Elastic" \
  name="metricbeat" \
  maintainer="" \
  vendor="Elastic" \
  version="8.0.0" \
  release="1" \
  url="" \
  summary="metricbeat" \
  license="ASL 2.0" \
  description="Metricbeat is a lightweight shipper for metrics."

ENV PATH=/usr/share/metricbeat:$PATH
ENV GODEBUG="madvdontneed=1"

# Add an init process, check the checksum to make sure it's a match
RUN set -e ; \
  TINI_BIN=""; \
  TINI_SHA256=""; \
  TINI_VERSION="v0.19.0"; \
  case "$(arch)" in \
    x86_64) \
        TINI_BIN="tini-amd64"; \
        TINI_SHA256="93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c"; \
        ;; \
    aarch64) \
        TINI_BIN="tini-arm64"; \
        TINI_SHA256="07952557df20bfd2a95f9bef198b445e006171969499a1d361bd9e6f8e5e0e81"; \
        ;; \
    *) \
        echo >&2 ; echo >&2 "Unsupported architecture \$(arch)" ; echo >&2 ; exit 1 ; \
        ;; \
  esac ; \
  curl --retry 8 -S -L -O "${TINI_VERSION}/${TINI_BIN}" ; \
  echo "${TINI_SHA256} ${TINI_BIN}" | sha256sum -c - ; \
  mv "${TINI_BIN}" /usr/bin/tini ; \
  chmod +x /usr/bin/tini

COPY docker-entrypoint /usr/local/bin/docker-entrypoint
RUN chmod 755 /usr/local/bin/docker-entrypoint

COPY --from=home /usr/share/metricbeat /usr/share/metricbeat

RUN mkdir /licenses
COPY --from=home /usr/share/metricbeat/LICENSE.txt /licenses
COPY --from=home /usr/share/metricbeat/NOTICE.txt /licenses
RUN groupadd --gid 1000 metricbeat
RUN useradd -M --uid 1000 --gid 1000 --groups 0 --home /usr/share/metricbeat metricbeat
USER metricbeat

# When running under Docker, we must ensure libbeat monitoring pulls cgroup
# metrics from /sys/fs/cgroup/<subsystem>/, ignoring any paths found in
# /proc/self/cgroup.

WORKDIR /usr/share/metricbeat
ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-entrypoint"]
CMD ["-environment", "container"]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.