build: add Dockerfile for controller, build with bottlerocket-sdk

Build the binaries with the bottlerocket-sdk.

Dockerfile: install openssl with musl for controller, test-agent

Dockerfile.sdk_with_openssl

@@ -0,0 +1,24 @@
+ARG ARCH
+FROM public.ecr.aws/bottlerocket/bottlerocket-sdk-${ARCH}:v0.22.0 as build
+ARG ARCH
+ARG OPENSSL_VERSION=1.1.1k
+ARG OPENSSL_SHA256SUM=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5
+USER root
+
+# Build openssl using musl toolchain for openssl-sys crate
+RUN yum install -y perl
+RUN mkdir /musl && \
+    echo "/musl/lib" >> /etc/ld-musl-${ARCH}.path && \
+    ln -s /usr/include/${ARCH}-linux-gnu/asm /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm && \
+    ln -s /usr/include/asm-generic /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm-generic && \
+    ln -s /usr/include/linux /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/linux
+
+RUN curl -O -sSL https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
+    echo "${OPENSSL_SHA256SUM} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum --check && \
+    tar -xzf openssl-${OPENSSL_VERSION}.tar.gz && \
+    cd openssl-${OPENSSL_VERSION} && \
+    ./Configure no-shared no-async -fPIC --prefix=/musl --openssldir=/musl/ssl linux-${ARCH} && \
+    env C_INCLUDE_PATH=/musl/include/ make depend 2> /dev/null && \
+    make -j$(nproc) && \
+    make install && \
+    cd .. && rm -rf openssl-${OPENSSL_VERSION} \

Makefile

@@ -1,8 +1,28 @@
-.PHONY: example-test-agent-container
+.PHONY: sdk-openssl example-test-agent-container controller-container containers
 
-# Build a container image for daemon and tools.
-example-test-agent-container:
+ARCH=$(shell uname -m)
+
+containers: controller-container
+
+# Augment the bottlerocket-sdk image with openssl built with the musl toolchain
+sdk-openssl:
+	docker build \
+		--network=host \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "bottlerocket-sdk-with-openssl-$(ARCH)" \
+		-f Dockerfile.sdk_with_openssl .
+
+# Build the container image for the example test-agent program
+example-test-agent-container: sdk-openssl
 	docker build \
 		--network=host \
-		--tag 'example_test_agent' \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "example-test-agent" \
 		-f test-agent/examples/example_test_agent/Dockerfile .
+
+controller-container: sdk-openssl
+	docker build \
+		--network=host \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "test-sys-controller" \
+		-f controller/Dockerfile .

controller/Dockerfile

@@ -0,0 +1,19 @@
+ARG ARCH
+FROM bottlerocket-sdk-with-openssl-${ARCH} as build
+ARG ARCH
+USER root
+
+ADD ./ /src/
+WORKDIR /src/controller
+RUN export PKG_CONFIG_ALLOW_CROSS=1 && \
+    export OPENSSL_STATIC=true && \
+    export OPENSSL_DIR=/musl && \
+    cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --root ./
+
+FROM scratch
+# Copy CA certificates store
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/ssl /etc/ssl
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/pki /etc/pki
+COPY --from=build /src/controller/bin/controller ./
+
+ENTRYPOINT ["./controller"]

test-agent/examples/example_test_agent/Dockerfile

@@ -1,7 +1,19 @@
-# TODO Use Bottlerocket SDK
-FROM rust:1.53.0
-WORKDIR /src
+ARG ARCH
+FROM bottlerocket-sdk-with-openssl-${ARCH} as build
+ARG ARCH
+USER root
+
 ADD ./ /src/
 WORKDIR /src/test-agent
-RUN cargo install --path . --example example_test_agent --root ./
-ENTRYPOINT ["/src/test-agent/bin/example_test_agent"]
+RUN export PKG_CONFIG_ALLOW_CROSS=1 && \
+    export OPENSSL_STATIC=true && \
+    export OPENSSL_DIR=/musl && \
+    cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --example example_test_agent --root ./
+
+FROM scratch
+# Copy CA certificates store
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/ssl /etc/ssl
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/pki /etc/pki
+COPY --from=build /src/test-agent/bin/example_test_agent ./
+
+ENTRYPOINT ["./example_test_agent"]