solsson · solsson · Jul 12, 2020 · Apr 6, 2020 · Apr 7, 2020 · Apr 7, 2020
diff --git a/README.md b/README.md
@@ -65,3 +65,27 @@ We've kept the repository name to avoid breaking the automated build of solsson/
 
 For legacy Dockerfiles from this repo (if you navigated to here from a Docker Hub [solsson](https://hub.docker.com/u/solsson/) image),
 see https://github.com/solsson/dockerfiles/tree/misc-dockerfiles.
+
+## Native builds
+
+Very experimental.
+
+```
+NOPUSH=true IMAGE_NAME=solsson/kafka:nativeagent ./hooks/build
+docker-compose -f native/docker-compose.yml down
+docker run --rm --entrypoint chown -v $(pwd)/native/configs:/configs busybox -R $(id -u) /configs
+NOPUSH=true IMAGE_NAME=solsson/kafka:native ./hooks/build
+```
+
+To test the native images reuse the usecases script:
+
+```
+for build in kafka-topics kafka-configs kafka-consumer-groups zookeeper-server-start; do
+  docker tag solsson/kafka:native-$build solsson/kafka:nativeagent-$build
+done
+./native/native-usecases.sh
+docker-compose -f native/docker-compose.yml down
+git restore --source=HEAD --staged --worktree -- native/configs/
+# The cli image should simply combine the supported commands
+docker run --rm --entrypoint sh solsson/kafka:native-cli -c 'ls ./bin/'
+```
diff --git a/hooks/build b/hooks/build
@@ -5,6 +5,13 @@ set -e
 PUSH=""
 
 [ -z "$IMAGE_NAME" ] && echo "IMAGE_NAME is required" && exit 1;
+
+# Nativeagent is a prerequisite of native, but meant to run locally with result json and Dockerfiles commited
+# NOPUSH=true IMAGE_NAME=solsson/kafka:nativeagentagent ./hooks/build
+[ -z "$NATIVEAGENT" ] && echo $IMAGE_NAME | grep 'nativeagent$' && NATIVEAGENT=true
+# Docker Hub builds with tags ending with "native"
+[ -z "$NATIVE" ] && echo $IMAGE_NAME | grep 'native$' && NATIVE=true
+
 function imagename {
   buildname=$1
   case $IMAGE_NAME in
@@ -21,13 +28,16 @@ PUSH="$PUSH $jre"
 docker build -t solsson/kafka -t "$IMAGE_NAME" ./kafka
 PUSH="$PUSH $IMAGE_NAME"
 
+nonroot=$(imagename nonroot)
+docker build -t solsson/kafka:nonroot -t "$nonroot" ./kafka-nonroot
+PUSH="$PUSH $nonroot"
+
 graalvm=$(imagename graalvm)
 docker build -t solsson/kafka:graalvm -t "$graalvm" ./jdk-adoptopenjdk-graalvm
 PUSH="$PUSH $graalvm"
 
-nonroot=$(imagename nonroot)
-docker build -t solsson/kafka:nonroot -t "$nonroot" ./kafka-nonroot
-PUSH="$PUSH $nonroot"
+nativeagent=$(imagename nativebase)
+docker build -t solsson/kafka:nativebase -t "$nativeagent" ./native
 
 initutils=$(imagename initutils)
 docker build -t solsson/kafka:initutils -t "$initutils" ./initutils
@@ -45,6 +55,10 @@ PUSH="$PUSH $cmak"
 entrypoints=$(imagename entrypoints)
 docker build -t $entrypoints ./kafka-entrypoints
 
+[ "$NATIVEAGENT" = "true" ] && {
+  mkdir -p ./native/kafka-entrypoints
+}
+
 function entrypoint_gen {
   echo "# $@"
   script=$1; shift
@@ -66,6 +80,15 @@ function entrypoint_gen {
   echo '"]'                >> $dfile
   docker build -t $image -f $dfile ./kafka-entrypoints
   PUSH="$PUSH $image"
+
+  [ "$NATIVEAGENT" != "true" ] || {
+    cp $dfile native/$dfile
+    sed -i "s|FROM .*|FROM $nativeagent|" native/$dfile
+    sed -i 's|  , "-cp" \\|  , "-agentpath:/opt/graalvm/lib/libnative-image-agent.so=config-merge-dir=/home/nonroot/native-config" \\\
+  , "-cp" \\|' native/$dfile
+    docker build -t $image -f native/$dfile ./native
+  }
+
 }
 
 entrypoint_gen ./bin/kafka-server-start.sh /etc/kafka/server.properties
@@ -76,7 +99,37 @@ entrypoint_gen ./bin/kafka-consumer-groups.sh
 entrypoint_gen ./bin/kafka-reassign-partitions.sh
 entrypoint_gen ./bin/kafka-leader-election.sh
 
-# Entrypoints done
+# Entrypoints done, run native build stuff
+
+[ "$NATIVEAGENT" != "true" ] || {
+  ./native/native-usecases.sh
+}
+
+[ "$NATIVE" != "true" ] || {
+  # Don't push anything else with native builds because those images would also get a "native" tag
+  PUSH=""
+  for cli in \
+      kafka-topics:kafka.admin.TopicCommand \
+      kafka-configs:kafka.admin.ConfigCommand \
+      kafka-consumer-groups:kafka.admin.ConsumerGroupCommand; do
+    command=$(echo $cli | cut -d: -f1)
+    mainclass=$(echo $cli | cut -d: -f2)
+    nativename=$(imagename $command)
+    echo "Buildig admin CLI $command $mainclass ..."
+    cat native/admincmd.Dockerfile | sed "s|{{command}}|$command|g" | sed "s|{{mainclass}}|$mainclass|g" | \
+      docker build -t solsson/kafka:native-$command -t "$nativename" -f - native/
+    PUSH="$PUSH $nativename"
+  done
+  for nativebuild in \
+      zookeeper-server-start \
+      cli; do
+    nativename=$(imagename $nativebuild)
+    docker build -t solsson/kafka:native-$nativebuild -t "$nativename" -f native/$nativebuild.Dockerfile native/
+    PUSH="$PUSH $nativename"
+  done
+}
+
+# Push results
 
 echo "PUSH list contains: $PUSH"
 [ -z "$NOPUSH" ] || exit 0

diff --git a/kafka-native-base-jre/Dockerfile b/kafka-native-base-jre/Dockerfile
diff --git a/kafka-native-base/Dockerfile b/kafka-native-base/Dockerfile
diff --git a/native/.gitignore b/native/.gitignore
@@ -0,0 +1,3 @@
+
+# These are only used for ./native/native-usecases.sh, and the result is ./native/config resources
+kafka-entrypoints
diff --git a/native/Dockerfile b/native/Dockerfile
@@ -0,0 +1,9 @@
+FROM solsson/kafka:graalvm
+
+# Should be identical to kafka-nonroot's user
+RUN echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \
+  mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot
+USER nonroot:nogroup
+
+COPY --from=solsson/kafka:nonroot /opt/kafka /opt/kafka
+COPY --from=solsson/kafka:nonroot /etc/kafka /etc/kafka
diff --git a/native/admincmd.Dockerfile b/native/admincmd.Dockerfile
@@ -0,0 +1,59 @@
+FROM adoptopenjdk:11.0.7_10-jdk-hotspot-bionic@sha256:c2ce12d7530d957f2d44dd33339eeeafa3b889c27af0824b186c4afef1f843ef \
+  as nonlibs
+RUN echo "class Empty {public static void main(String[] a){}}" > Empty.java && javac Empty.java && jar --create --file /empty.jar Empty.class
+
+FROM curlimages/curl@sha256:aa45e9d93122a3cfdf8d7de272e2798ea63733eeee6d06bd2ee4f2f8c4027d7c \
+  as extralibs
+
+USER root
+RUN curl -sLS -o /slf4j-nop-1.7.30.jar https://repo1.maven.org/maven2/org/slf4j/slf4j-nop/1.7.30/slf4j-nop-1.7.30.jar
+RUN curl -sLS -o /quarkus-kafka-client-1.6.0.Final.jar https://repo1.maven.org/maven2/io/quarkus/quarkus-kafka-client/1.6.0.Final/quarkus-kafka-client-1.6.0.Final.jar
+
+FROM solsson/kafka:nativebase as native
+
+ARG classpath=/opt/kafka/libs/extensions/*:/opt/kafka/libs/*
+
+COPY --from=extralibs /*.jar /opt/kafka/libs/extensions/
+
+# docker run --rm --entrypoint ls solsson/kafka -l /opt/kafka/libs/ | grep log
+COPY --from=nonlibs /empty.jar /opt/kafka/libs/slf4j-log4j12-1.7.30.jar
+
+COPY configs/{{command}} /home/nonroot/native-config
+
+RUN native-image \
+  --no-server \
+  --install-exit-handlers \
+  -H:+ReportExceptionStackTraces \
+  --no-fallback \
+  -H:IncludeResourceBundles=joptsimple.HelpFormatterMessages \
+  -H:IncludeResourceBundles=joptsimple.ExceptionMessages \
+  -H:ConfigurationFileDirectories=/home/nonroot/native-config \
+  # When testing the build for a new version we should remove this one, but then it tends to come back
+  --allow-incomplete-classpath \
+  --report-unsupported-elements-at-runtime \
+  # -D options from entrypoint
+  -Djava.awt.headless=true \
+  -Dkafka.logs.dir=/opt/kafka/bin/../logs \
+  -cp ${classpath} \
+  -H:Name={{command}} \
+  {{mainclass}} \
+  /home/nonroot/{{command}}
+
+FROM gcr.io/distroless/base-debian10:nonroot@sha256:78f2372169e8d9c028da3856bce864749f2bb4bbe39c69c8960a6e40498f8a88
+
+COPY --from=native \
+  /lib/x86_64-linux-gnu/libz.so.* \
+  /lib/x86_64-linux-gnu/
+
+COPY --from=native \
+  /usr/lib/x86_64-linux-gnu/libzstd.so.* \
+  /usr/lib/x86_64-linux-gnu/libsnappy.so.* \
+  /usr/lib/x86_64-linux-gnu/liblz4.so.* \
+  /usr/lib/x86_64-linux-gnu/
+
+WORKDIR /usr/local
+
+ARG command=
+COPY --from=native /home/nonroot/{{command}} ./bin/{{command}}.sh
+
+ENTRYPOINT [ "/usr/local/bin/{{command}}.sh" ]
diff --git a/native/cli-scripts/cli-list.sh b/native/cli-scripts/cli-list.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+(cd /usr/local/bin && ls -l)
diff --git a/native/cli-scripts/kafka-topics_ifnotexists.sh b/native/cli-scripts/kafka-topics_ifnotexists.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# Utility for --create to replace --if-not-exists until that flag ceases to require zookeeper
+log=$(mktemp)
+kafka-topics "$@" | tee $log
+result=${PIPESTATUS[0]}
+grep "already exists" $log && exit 0
+rm $log
+exit $result
diff --git a/native/cli.Dockerfile b/native/cli.Dockerfile
@@ -0,0 +1,27 @@
+FROM ubuntu:20.04@sha256:c844b5fee673cd976732dda6860e09b8f2ae5b324777b6f9d25fd70a0904c2e0
+
+WORKDIR /usr/local
+COPY --from=solsson/kafka:native-kafka-topics /usr/local/bin/* /usr/local/bin/
+COPY --from=solsson/kafka:native-kafka-configs /usr/local/bin/* /usr/local/bin/
+COPY --from=solsson/kafka:native-kafka-consumer-groups /usr/local/bin/* /usr/local/bin/
+
+RUN set -ex; \
+  export DEBIAN_FRONTEND=noninteractive; \
+  runDeps='ca-certificates netcat-openbsd libsnappy1v5 liblz4-1 libzstd1 kafkacat jq'; \
+  apt-get update && apt-get install -y $runDeps $buildDeps --no-install-recommends; \
+  \
+  rm -rf /var/lib/apt/lists; \
+  rm -rf /var/log/dpkg.log /var/log/alternatives.log /var/log/apt /root/.gnupg
+
+COPY cli-scripts/* /usr/local/bin/
+
+RUN for sh in $(find /usr/local/bin/ -name *.sh); do \
+  ln -s $sh $(echo -n $sh | sed 's/\.sh$//'); \
+  done
+
+# Should be identical to kafka-nonroot's user
+RUN echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \
+  mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot
+USER nonroot:nogroup
+
+ENTRYPOINT [ "cli-list" ]
diff --git a/native/configs-manual-additions/kafka-configs/reflect-config.json b/native/configs-manual-additions/kafka-configs/reflect-config.json
@@ -0,0 +1,11 @@
+[
+  {
+    "name": "org.apache.log4j.helpers.Loader"
+  },
+  {
+    "name": "sun.security.provider.ConfigFile",
+    "methods": [
+      { "name": "<init>", "parameterTypes": [] }
+    ]
+  }
+]
diff --git a/native/configs-manual-additions/kafka-consumer-groups/reflect-config.json b/native/configs-manual-additions/kafka-consumer-groups/reflect-config.json
@@ -0,0 +1,11 @@
+[
+  {
+    "name": "org.apache.log4j.helpers.Loader"
+  },
+  {
+    "name": "sun.security.provider.ConfigFile",
+    "methods": [
+      { "name": "<init>", "parameterTypes": [] }
+    ]
+  }
+]
diff --git a/native/configs-manual-additions/kafka-topics/reflect-config.json b/native/configs-manual-additions/kafka-topics/reflect-config.json
@@ -0,0 +1,14 @@
+[
+  {
+    "name": "org.apache.log4j.helpers.Loader"
+  },
+  {
+    "name": "io.netty.util.internal.logging.Log4J2Logger"
+  },
+  {
+    "name": "sun.security.provider.ConfigFile",
+    "methods": [
+      { "name": "<init>", "parameterTypes": [] }
+    ]
+  }
+]
diff --git a/native/configs-manual-additions/zookeeper-server-start/reflect-config.json b/native/configs-manual-additions/zookeeper-server-start/reflect-config.json
@@ -0,0 +1,2 @@
+[
+]
diff --git a/native/configs/kafka-configs/jni-config.json b/native/configs/kafka-configs/jni-config.json
@@ -0,0 +1,2 @@
+[
+]
diff --git a/native/configs/kafka-configs/proxy-config.json b/native/configs/kafka-configs/proxy-config.json
@@ -0,0 +1,2 @@
+[
+]
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@

		# These are only used for ./native/native-usecases.sh, and the result is ./native/config resources
		kafka-entrypoints