omkreddy commented on code in PR #14552: URL: https://github.com/apache/kafka/pull/14552#discussion_r1412762402
########## docker/README.md: ########## @@ -0,0 +1,72 @@ +Docker Images +============= + +This directory contains docker image for Kafka. +The scripts take a url containing kafka as input and generate the respective docker image. +There are interactive python scripts to release the docker image and promote a release candidate. + +Local Setup +----------- +Make sure you have python (>= 3.7.x) and java (>= 17) installed before running the tests and scripts. + +Run `pip install -r requirements.txt` to get all the requirements for running the scripts. + +Bulding image and running tests locally +--------------------------------------- +- `docker_build_test.py` script builds and tests the docker image. +- kafka binary tarball url along with image name, tag and type is needed to build the image. For detailed usage description check `python docker_build_test.py --help`. +- Sanity tests for the docker image are present in test/docker_sanity_test.py. +- By default image will be built and tested, but if you only want to build the image, pass `-b` flag and if you only want to test the given image pass `-t` flag. +- An html test report will be generated after the tests are executed containing the results. + +Bulding image and running tests using github actions +---------------------------------------------------- +This is the recommended way to build, test and get a CVE report for the docker image. +Just choose the image type and provide kafka url to `Docker build test` workflow. It will generate a test report and CVE report that can be shared to the community. + +Creating a release +------------------ +- `docker_release.py` script builds a multi architecture image and pushes it to provided docker registry. +- Ensure you are logged in to the docker registry before triggering the script. +- kafka binary tarball url along with image name (in the format `<registry>/<namespace>/<image_name>:<image_tag>`) and type is needed to build the image. For detailed usage description check `python docker_release.py --help`. + +Promoting a release +------------------- +`docker_promote.py` provides an interactive way to pull an RC Docker image and promote it to required dockerhub repo. + +Using the image in a docker container +------------------------------------- +- The image uses the kafka downloaded from provided kafka url +- The image can be run in a container in default mode by running +`docker run <image-name:tag> -p 9092:9092` +- Default configs run kafka in kraft mode with plaintext listners on 9092 port. +- Default configs can be overriden by user using 2 ways:- + - By mounting folder containing property files + - Mount the folder containing kafka property files to `/mnt/shared/config` + - These files will override the default config files + - Using environment variables + - Kafka properties defined via env variables will override properties defined in file input + - Replace . with _ + - Replace _ with __(double underscore) + - Replace - with ___(triple underscore) + - Prefix the result with KAFKA_ + - Examples: + - For abc.def, use KAFKA_ABC_DEF + - For abc-def, use KAFKA_ABC___DEF + - For abc_def, use KAFKA_ABC__DEF +- Hence order of precedence of properties is the follwing:- Review Comment: follwing => following ########## docker/test/fixtures/secrets/client-ssl.properties: ########## @@ -0,0 +1,24 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +security.protocol=SSL +ssl.truststore.location=./test/fixtures/secrets/kafka.truststore.jks +ssl.truststore.password=abcdefgh +ssl.keystore.location=./test/fixtures/secrets/client.keystore.jks +ssl.keystore.password=abcdefgh +ssl.key.password=abcdefgh +ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1 Review Comment: we can remove `ssl.enabled.protocols`. default should be fine ########## docker/README.md: ########## @@ -0,0 +1,72 @@ +Docker Images +============= + +This directory contains docker image for Kafka. +The scripts take a url containing kafka as input and generate the respective docker image. +There are interactive python scripts to release the docker image and promote a release candidate. + +Local Setup +----------- +Make sure you have python (>= 3.7.x) and java (>= 17) installed before running the tests and scripts. + +Run `pip install -r requirements.txt` to get all the requirements for running the scripts. + +Bulding image and running tests locally +--------------------------------------- +- `docker_build_test.py` script builds and tests the docker image. +- kafka binary tarball url along with image name, tag and type is needed to build the image. For detailed usage description check `python docker_build_test.py --help`. +- Sanity tests for the docker image are present in test/docker_sanity_test.py. +- By default image will be built and tested, but if you only want to build the image, pass `-b` flag and if you only want to test the given image pass `-t` flag. +- An html test report will be generated after the tests are executed containing the results. + +Bulding image and running tests using github actions +---------------------------------------------------- +This is the recommended way to build, test and get a CVE report for the docker image. +Just choose the image type and provide kafka url to `Docker build test` workflow. It will generate a test report and CVE report that can be shared to the community. + +Creating a release +------------------ +- `docker_release.py` script builds a multi architecture image and pushes it to provided docker registry. +- Ensure you are logged in to the docker registry before triggering the script. +- kafka binary tarball url along with image name (in the format `<registry>/<namespace>/<image_name>:<image_tag>`) and type is needed to build the image. For detailed usage description check `python docker_release.py --help`. + +Promoting a release +------------------- +`docker_promote.py` provides an interactive way to pull an RC Docker image and promote it to required dockerhub repo. + +Using the image in a docker container +------------------------------------- +- The image uses the kafka downloaded from provided kafka url +- The image can be run in a container in default mode by running +`docker run <image-name:tag> -p 9092:9092` Review Comment: I am getting this error with -p flag ``` docker run kafka-master:latest -p 9092:9092 /__cacert_entrypoint.sh: line 30: exec: -p: invalid option exec: usage: exec [-cl] [-a name] [command [argument ...]] [redirection ...] ``` ########## docker/README.md: ########## @@ -0,0 +1,72 @@ +Docker Images +============= + +This directory contains docker image for Kafka. +The scripts take a url containing kafka as input and generate the respective docker image. +There are interactive python scripts to release the docker image and promote a release candidate. + +Local Setup +----------- +Make sure you have python (>= 3.7.x) and java (>= 17) installed before running the tests and scripts. + +Run `pip install -r requirements.txt` to get all the requirements for running the scripts. + +Bulding image and running tests locally +--------------------------------------- +- `docker_build_test.py` script builds and tests the docker image. +- kafka binary tarball url along with image name, tag and type is needed to build the image. For detailed usage description check `python docker_build_test.py --help`. +- Sanity tests for the docker image are present in test/docker_sanity_test.py. +- By default image will be built and tested, but if you only want to build the image, pass `-b` flag and if you only want to test the given image pass `-t` flag. +- An html test report will be generated after the tests are executed containing the results. + +Bulding image and running tests using github actions +---------------------------------------------------- +This is the recommended way to build, test and get a CVE report for the docker image. Review Comment: Can we run github workflows from a branch also? This is because we need to run this workflow from release branch. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
