Hi
I have already deployed ELK / Elastic Agent / Package registry with official images. They work well.
Because of our company's standard, images have to fix vulnerability before deploy on k8s(air-gapped),
I have to fix image's os level vulnerability which scanned by Trivy or Grype.
Most of official Elastic Stack images use ubuntu as base image I guess.
Some of os package vulnerabilities on ubuntu base image seem that can not be fixed for now.
So I tried to change base image and update the vulnerable packages.
It works for me to fix Elasticsearch / Kibana / Logstash images.
When I tried to fix package registry image, It seems not easy like ELK image.
Before I change base image of package registry, I want to build image just like official image.
Make sure it just work fine. My steps:
- Clone the source code.
- Run
mage build - Run
docker build
After I built image, I found the image size is much smaller than official image.
I found there is not content inside. It will be closed immediately after deploy.
I didn't see any build step about how to download content from official site before build image.
Do I missing something ?
The official image has lots of content in /packages/package-storage.
I copy those content to volume and mount to the container with image I built from source code.
It will stuck at searching packages until crashing.
Here is the log.
{"log.level":"info","@timestamp":"2023-03-31T10:15:08.900Z","log.origin":{"file.name":"package-registry/main.go","file.line":304},"message":"Packages paths: /packages/package-registry","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-03-31T10:15:08.901Z","log.origin":{"file.name":"package-registry/main.go","file.line":305},"message":"Cache time for /: 10s","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-03-31T10:15:08.901Z","log.origin":{"file.name":"package-registry/main.go","file.line":306},"message":"Cache time for /index.json: 10s","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-03-31T10:15:08.901Z","log.origin":{"file.name":"package-registry/main.go","file.line":307},"message":"Cache time for /search: 10m0s","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-03-31T10:15:08.901Z","log.origin":{"file.name":"package-registry/main.go","file.line":308},"message":"Cache time for /categories: 10m0s","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-03-31T10:15:08.901Z","log.origin":{"file.name":"package-registry/main.go","file.line":309},"message":"Cache time for all others: 10m0s","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-03-31T10:15:08.901Z","log.origin":{"file.name":"package-registry/main.go","file.line":140},"message":"Package registry started","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-03-31T10:15:09.579Z","log.origin":{"file.name":"packages/packages.go","file.line":227},"message":"Searching packages in /packages/package-registry","ecs.version":"1.6.0"}