feat: migrate default docker image to ubi-micro

packaging/docker/Dockerfile

@@ -1,12 +1,11 @@
-ARG BASE_IMAGE=ubuntu:22.04
 ARG GOLANG_VERSION
 
 ################################################################################
 # Build stage 0
 # Build the apm-server binary. The golang image version is kept
 # up to date with go.mod by Makefile.
 ################################################################################
-FROM golang:${GOLANG_VERSION} as builder
+FROM golang:${GOLANG_VERSION} AS builder
 WORKDIR /src
 COPY go.mod go.sum .go-version /src/
 COPY internal/glog/go.mod /src/internal/glog/go.mod
@@ -22,19 +21,21 @@ RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
     make apm-server
 
+COPY apm-server.yml ./apm-server.yml
+COPY --chmod=0644 apm-server.yml ./apm-server.yml
+RUN sed -i 's/127.0.0.1:8200/0.0.0.0:8200/' apm-server.yml
+RUN sed -i 's/localhost:9200/elasticsearch:9200/' apm-server.yml
+
 ################################################################################
 # Build stage 1
 # Copy prepared files from the previous stage and complete the image.
 ################################################################################
-FROM ${BASE_IMAGE}
+FROM registry.access.redhat.com/ubi9/ubi-micro:latest@sha256:a410623c2b8e9429f9606af821be0231fef2372bd0f5f853fbe9743a0ddf7b34
 ARG TARGETARCH
 ARG BUILD_DATE
 ARG VERSION
 ARG VCS_REF
 
-# Add an init process.
-ADD --chmod=0755 packaging/docker/tini-${TARGETARCH}.tar.xz /usr/bin
-
 # Statically defined labels.
 LABEL \
   org.label-schema.schema-version="1.0" \
@@ -65,8 +66,7 @@ LABEL \
   org.opencontainers.image.created=${BUILD_DATE} \
   version=${VERSION}
 
-ENV ELASTIC_CONTAINER "true"
-ENV PATH=/usr/share/apm-server:$PATH
+ENV ELASTIC_CONTAINER="true"
 
 # When running under Docker, we must ensure libbeat monitoring pulls cgroup
 # metrics from /sys/fs/cgroup/<subsystem>/, ignoring any paths found in
@@ -77,21 +77,16 @@ ENV LIBBEAT_MONITORING_CGROUPS_HIERARCHY_OVERRIDE=/
 # running in Docker.
 ENV BEAT_STRICT_PERMS=false
 
-COPY --chmod=0755 packaging/docker/docker-entrypoint /usr/local/bin/docker-entrypoint
 COPY --chmod=0644 licenses/ELASTIC-LICENSE-2.0.txt NOTICE.txt /licenses/
-COPY --chmod=0644 packaging/docker/cacert.pem /etc/pki/tls/certs/ca-bundle.crt
 
-# Copy files world-readable, and create the data directory world-writeable,
-# to permit running the container with arbitrary UIDs and GIDs.
 WORKDIR /usr/share/apm-server
-COPY --chmod=0644 apm-server.yml ./apm-server.yml
-COPY --chmod=0755 --from=builder /src/apm-server ./apm-server
-RUN sed -i 's/127.0.0.1:8200/0.0.0.0:8200/' apm-server.yml
-RUN sed -i 's/localhost:9200/elasticsearch:9200/' apm-server.yml
-RUN mkdir --mode=0777 data
+
 RUN echo 'apm-server:*:1000:1000::/usr/share/apm-server:/bin/false' >> /etc/passwd
 RUN chown -R 1000:1000 /usr/share/apm-server
 
+COPY --chmod=0755 --chown=1000:1000 --from=builder /src/apm-server ./apm-server
+COPY --chmod=0644 --chown=1000:1000 --from=builder /src/apm-server.yml ./apm-server.yml
+
 USER apm-server
 EXPOSE 8200
-ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-entrypoint"]
+ENTRYPOINT ["/usr/share/apm-server/apm-server", "--environment=container"]