build: add Dockerfile for controller, build with bottlerocket-sdk

Build the binaries with the bottlerocket-sdk.

Dockerfile: install openssl with musl for controller, test-agent

Dockerfile.sdk_openssl

@@ -0,0 +1,29 @@
+ARG ARCH
+FROM public.ecr.aws/bottlerocket/bottlerocket-sdk-${ARCH}:v0.22.0 as build
+ARG ARCH
+ARG OPENSSL_VERSION=1.1.1k
+ARG OPENSSL_SHA256SUM=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5
+USER root
+
+# Build openssl using musl toolchain for openssl-sys crate
+RUN dnf install -y perl
+RUN mkdir /musl && \
+    echo "/musl/lib" >> /etc/ld-musl-${ARCH}.path && \
+    ln -s /usr/include/${ARCH}-linux-gnu/asm /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm && \
+    ln -s /usr/include/asm-generic /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/asm-generic && \
+    ln -s /usr/include/linux /${ARCH}-bottlerocket-linux-musl/sys-root/usr/include/linux
+
+RUN curl -O -sSL https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz && \
+    echo "${OPENSSL_SHA256SUM} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum --check && \
+    tar -xzf openssl-${OPENSSL_VERSION}.tar.gz && \
+    cd openssl-${OPENSSL_VERSION} && \
+    ./Configure no-shared no-async -fPIC --prefix=/musl --openssldir=/musl/ssl linux-${ARCH} && \
+    env C_INCLUDE_PATH=/musl/include/ make depend 2> /dev/null && \
+    make -j && \
+    make install && \
+    cd .. && rm -rf openssl-${OPENSSL_VERSION}
+
+# We need these environment variables set for building the `openssl-sys` crate
+ENV PKG_CONFIG_ALLOW_CROSS=1
+ENV OPENSSL_STATIC=true
+ENV OPENSSL_DIR=/musl

Makefile

@@ -1,8 +1,25 @@
-.PHONY: example-test-agent-container
+.PHONY: sdk-openssl example-test-agent-image controller-image images
 
-# Build a container image for daemon and tools.
-example-test-agent-container:
-	docker build \
-		--network=host \
-		--tag 'example_test_agent' \
+ARCH=$(shell uname -m)
+
+images: controller-image
+
+# Augment the bottlerocket-sdk image with openssl built with the musl toolchain
+sdk-openssl:
+	docker build $(DOCKER_BUILD_FLAGS) \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "bottlerocket-sdk-openssl-$(ARCH)" \
+		-f Dockerfile.sdk_openssl .
+
+# Build the container image for the example test-agent program
+example-test-agent-image: sdk-openssl
+	docker build $(DOCKER_BUILD_FLAGS) \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "example-testsys-agent" \
 		-f test-agent/examples/example_test_agent/Dockerfile .
+
+controller-image: sdk-openssl
+	docker build $(DOCKER_BUILD_FLAGS) \
+		--build-arg ARCH="$(ARCH)" \
+		--tag "testsys-controller" \
+		-f controller/Dockerfile .

controller/Dockerfile

@@ -0,0 +1,16 @@
+ARG ARCH
+FROM bottlerocket-sdk-openssl-${ARCH} as build
+ARG ARCH
+USER root
+
+ADD ./ /src/
+WORKDIR /src/controller
+RUN cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --root ./
+
+FROM scratch
+# Copy CA certificates store
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/ssl /etc/ssl
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/pki /etc/pki
+COPY --from=build /src/controller/bin/controller ./
+
+ENTRYPOINT ["./controller"]

test-agent/examples/example_test_agent/Dockerfile

@@ -1,7 +1,16 @@
-# TODO Use Bottlerocket SDK
-FROM rust:1.53.0
-WORKDIR /src
+ARG ARCH
+FROM bottlerocket-sdk-openssl-${ARCH} as build
+ARG ARCH
+USER root
+
 ADD ./ /src/
 WORKDIR /src/test-agent
-RUN cargo install --path . --example example_test_agent --root ./
-ENTRYPOINT ["/src/test-agent/bin/example_test_agent"]
+RUN cargo install --locked --target ${ARCH}-bottlerocket-linux-musl --path . --example example_test_agent --root ./
+
+FROM scratch
+# Copy CA certificates store
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/ssl /etc/ssl
+COPY --from=public.ecr.aws/amazonlinux/amazonlinux:2 /etc/pki /etc/pki
+COPY --from=build /src/test-agent/bin/example_test_agent ./
+
+ENTRYPOINT ["./example_test_agent"]