Add AL2023 dockerfiles

[ShelbyZ]

Summary

• Add support for AL2023 through dependency dockerfiles
• Fix core_uploader.sh check for no core files via fuzzy matching

Note: no new makefile targets are introduced using the AL2023 dockerfiles, this will be part of a follow-up commits

AL2023 build dependencies only have a few minor differences from AL2:

• cmake replaces cmake3 (version is 3.x)
• openssl-devel replaces openssl11-devel
• pkgconf-pkg-config replaces pkgconfig
• No need to update alternatives to use cmake

AL2023 runtime dependencies follow https://docs.aws.amazon.com/linux/al2023/ug/barebones-containers.html to install a small set of a dependencies that are copied into a scratch image reducing overall vulnerability surface area.

Testing

• Tested using AL_TAG overrides for release/debug/debug-valgrind Makefile targets to generate AL2023 images
• Tested changes through pipeline build/deploy/integ test for AL2023 images
• Tested the core_uploader.sh change for both AL2 and AL2023 to ensure no backwards compatibility issues (both detected no core files)

make debug succeeded: yes
Integ tests succeeded: yes
New tests cover the changes: no

Description for the changelog

Add AL2023 dockerfiles

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[sparrc]

Doesn't the "final runtime image" need to have the fluent-bit binary copied in?

[sparrc]

Based on the doc you referenced, I was expecting the fluent-bit Dockerfile to look more like this one, in which dependencies and the fluent-bit compilation both happen in a "build" step, and then both the dependencies and the fluent-bit binary are copied into the final image together. (obviously replacing the hello world app with fluent-bit in this example):

FROM public.ecr.aws/amazonlinux/amazonlinux:2023 as build
COPY hello-world.c /
RUN dnf -y install gcc
RUN gcc -o hello-world hello-world.c
RUN mkdir /sysroot
RUN mv hello-world /sysroot/
RUN dnf --releasever=$(rpm -q system-release --qf '%{VERSION}') \
  --installroot /sysroot \
  -y \
  --setopt=install_weak_deps=False \
  install glibc && dnf --installroot /sysroot clean all

FROM scratch
COPY --from=build /sysroot /
WORKDIR /
ENTRYPOINT ["/hello-world"]
EOF

[ShelbyZ]

With the AL2 dockerfile rework we pass in a RUNTIME_IMAGE to dockerfiles containing the dependencies for the platform

aws-for-fluent-bit/Makefile

Line 77 in bd01285

docker build $(DOCKER_BUILD_FLAGS) --build-arg COMPILE_IMAGE=amazon/aws-for-fluent-bit:compile-al${AL_TAG} --build-arg RUNTIME_IMAGE=amazon/aws-for-fluent-bit:runtime-deps-al${AL_TAG} -t amazon/aws-for-fluent-bit:latest-al${AL_TAG} -f ./scripts/dockerfiles/runtime/Dockerfile .

Then inside the folliow-up dockerfiles we copy in the required binaries/plugins

aws-for-fluent-bit/scripts/dockerfiles/runtime/Dockerfile

Lines 4 to 12 in bd01285

	# Source compiled Fluent Bit binary and configuration
	FROM ${COMPILE_IMAGE} as fluent-bit
	# Source AWS plugins
	FROM aws-fluent-bit-plugins:latest as plugins
	# Final runtime assembly stage
	FROM ${RUNTIME_IMAGE}
	# Copy Fluent Bit binary and configuration from compile stage
	COPY --from=fluent-bit /fluent-bit /fluent-bit