Skip to content

SREP-144: Switch to UBI9 and install Go 1.24 #582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 28, 2025
Merged

SREP-144: Switch to UBI9 and install Go 1.24 #582

merged 1 commit into from
Jul 28, 2025
+17 −15

Conversation

joshbranham
Copy link
Contributor

@joshbranham joshbranham commented Jul 21, 2025
edited
Loading

This PR bumps UBI8 to UBI9 for our base image template, the OLM registry image, and Boilerplate's own image used in CI and to build operators from. Additionally, this bumps Go to 1.24.

In order to make this work, we need to switch to a base UBI image and install go-toolset ourselves. The primary reason for this is there is no golang builder image with ubi9. The next bump of brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_1.23 is built with rhel9 and therefore dnf installing packages becomes a bit more annoying locally.

By switching to a plain UBI9 base image, we can control all the packages we need and utilize the UBI repos locally and in CI.

Once this merges, we will need to cut a new image for Boilerplate, and direct consumers on how to migrate.

@joshbranham joshbranham self-assigned this Jul 21, 2025
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 21, 2025
@joshbranham
Copy link
Contributor Author

/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 21, 2025
@openshift-ci openshift-ci bot requested review from bergmannf and ravitri July 21, 2025 22:51
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 21, 2025
@joshbranham joshbranham force-pushed the ubi9-wip branch 7 times, most recently from 8603b3a to 69453af Compare July 22, 2025 21:16
@joshbranham joshbranham changed the title WIP: Test ubi9 and install go from tar WIP: Switch to UBI9 and install Go 1.24 Jul 22, 2025
joshbranham
joshbranham commented Jul 22, 2025
View reviewed changes
config/Dockerfile
@@ -42,20 +51,13 @@ RUN go install sigs.k8s.io/kustomize/kustomize/v5@${KUSTOMIZE_VERSION} && \
# which is what consumes this image in CI.
# Here we make group permissions match user permissions, since the CI
# non-root user's gid is 0.
SHELL ["/bin/bash", "-c"]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deprecated directive

joshbranham
joshbranham commented Jul 22, 2025
View reviewed changes
config/Dockerfile
ENV GOFLAGS="-mod=mod"
FROM registry.redhat.io/ubi9:9.6-1751445649

RUN dnf -y install openssh-clients jq skopeo python3-pyyaml git go-toolset rsync && \
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved from later in the file, added git, go-toolset, rsync

@joshbranham joshbranham changed the title WIP: Switch to UBI9 and install Go 1.24 Switch to UBI9 and install Go 1.24 Jul 28, 2025
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 28, 2025
@joshbranham joshbranham changed the title Switch to UBI9 and install Go 1.24 SREP-144: Switch to UBI9 and install Go 1.24 Jul 28, 2025
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jul 28, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Jul 28, 2025
edited by openshift-ci bot
Loading

@joshbranham: This pull request references SREP-144 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.20.0" version, but no target version was set.

In response to this:

This PR bumps UBI8 to UBI9 for our base image template, the OLM registry image, and Boilerplate's own image used in CI and to build operators from. Additionally, this bumps Go to 1.24.

In order to make this work, we need to switch to a base UBI image and install go-toolset ourselves. The primary reason for this is there is no golang builder image with ubi9. The next bump of brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_1.23 is built with rhel9 and therefore dnf installing packages becomes a bit more annoying locally.

By switching to a plain UBI9 base image, we can control all the packages we need and utilize the UBI repos locally and in CI.

Once this merges, we will need to cut a new image for Boilerplate, and direct consumers on how to migrate.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@joshbranham
Copy link
Contributor Author

joshbranham commented Jul 28, 2025
edited
Loading

I built aws-account-operator locally from these changes, and the binary starts without error (minus expected missing config)

 podman run --rm -it quay.io/app-sre/aws-account-operator:v0.1.1798-ga7f8766
[root@bef65e5a59bd ~]# cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="9.6 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.6"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.6 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9"
BUG_REPORT_URL="https://issues.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.6
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.6"
[root@bef65e5a59bd ~]# aws-account-operator
***** Starting with FIPS crypto enabled *****
{"level":"info","ts":1753734910.9554756,"logger":"setup","msg":"Operator Version: 0.0.1"}
{"level":"info","ts":1753734910.955501,"logger":"setup","msg":"Operator-sdk Version: 1.21"}
{"level":"info","ts":1753734910.9555166,"logger":"setup","msg":"Go Version: go1.24.4 (Red Hat 1.24.4-1.el9_6) X:boringcrypto"}
{"level":"info","ts":1753734910.9555247,"logger":"setup","msg":"Go OS/Arch: linux/arm64"}
{"level":"error","ts":1753734910.955587,"logger":"controller-runtime.client.config","msg":"unable to get kubeconfig","error":"invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable","errorCauses":[{"error":"no configuration has been provided, try setting KUBERNETES_MASTER environment variable"}],"stacktrace":"sigs.k8s.io/controller-runtime/pkg/client/config.GetConfigOrDie\n\tpkg/mod/sigs.k8s.io/controller-runtime@v0.12.1/pkg/client/config/config.go:153\nmain.main\n\tsrc/github.com/openshift/aws-account-operator/main.go:101\nruntime.main\n\t/usr/lib/golang/src/runtime/proc.go:283"}
[root@bef65e5a59bd ~]# exit

And the resulting diff to build this

diff --git a/build/Dockerfile b/build/Dockerfile
index b241f670..b682e48b 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/redhat-services-prod/openshift/boilerplate:image-v7.4.0 AS builder
+FROM localhost/boilerplate:latest AS builder

 ENV OPERATOR_PATH=/go/src/github.com/openshift/aws-account-operator
 ENV GO111MODULE=on
@@ -10,7 +10,7 @@ WORKDIR ${OPERATOR_PATH}

 RUN make go-build FIPS_ENABLED=${FIPS_ENABLED}

-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10-1752564239
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.6-1752587672
 ENV OPERATOR_BIN=aws-account-operator

 WORKDIR /root/

@dakotalongRH
Copy link

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 28, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jul 28, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dakotalongRH, joshbranham

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [dakotalongRH,joshbranham]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@joshbranham
Copy link
Contributor Author

/unhold

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 28, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit e795c53 into openshift:master Jul 28, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bergmannf bergmannf Awaiting requested review from bergmannf

@ravitri ravitri Awaiting requested review from ravitri

Assignees

@joshbranham joshbranham

@dakotalongRH dakotalongRH

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@joshbranham @openshift-ci-robot @dakotalongRH