Modify the basic image to alpine,

Adapt to building ARM images Signed-off-by: oamchronicle <[email protected]>
goharbor · Dec 5, 2024 · d74ec7b · d74ec7b
1 parent 29bd094
commit d74ec7b
Show file tree

Hide file tree

Showing 25 changed files with 253 additions and 238 deletions.
diff --git a/Makefile b/Makefile
@@ -77,7 +77,7 @@ CHECKENVCMD=checkenv.sh
 REGISTRYSERVER=
 REGISTRYPROJECTNAME=goharbor
 DEVFLAG=true
-TRIVYFLAG=false
+TRIVYFLAG=true
 HTTPPROXY=
 BUILDBIN=true
 NPM_REGISTRY=https://registry.npmjs.org
@@ -126,7 +126,7 @@ endef
 
 # docker parameters
 DOCKERCMD=$(shell which docker)
-DOCKERBUILD=$(DOCKERCMD) build
+DOCKERBUILD=$(DOCKERCMD)  buildx build --platform linux/amd64,linux/arm64 --provenance=false --push --no-cache
 DOCKERRMIMAGE=$(DOCKERCMD) rmi
 DOCKERPULL=$(DOCKERCMD) pull
 DOCKERIMAGES=$(DOCKERCMD) images
@@ -359,6 +359,26 @@ compile_standalone_db_migrator:
 
 compile: check_environment versions_prepare compile_core compile_jobservice compile_registryctl
 
+core:
+	@echo "build core"
+	@echo $(GOBUILDPATH_CORE)
+	@cd ${GOBUILDPATH_CORE} ;$(GOIMAGEBUILD_CORE) -o $(GOBUILDPATHINCONTAINER)/$(GOBUILDMAKEPATH_CORE)/$(CORE_BINARYNAME)
+	@echo "Done."
+
+
+jobservice:
+	@echo "build jobservice"
+	@cd ${GOBUILDPATH_JOBSERVICE} ;$(GOIMAGEBUILD_COMMON) -o $(GOBUILDPATHINCONTAINER)/$(GOBUILDMAKEPATH_JOBSERVICE)/$(JOBSERVICEBINARYNAME)
+
+registryctl:
+	@echo "build registryctl"
+	@cd ${GOBUILDPATH_REGISTRYCTL} ;$(GOIMAGEBUILD_COMMON) -o $(GOBUILDPATHINCONTAINER)/$(GOBUILDMAKEPATH_REGISTRYCTL)/$(REGISTRYCTLBINARYNAME)
+
+
+standalone_db_migrator:
+	@echo "build standalone db migrator"
+	@cd ${GOBUILDPATH_STANDALONE_DB_MIGRATOR} ;$(GOIMAGEBUILD_COMMON) -o $(GOBUILDPATHINCONTAINER)/$(GOBUILDMAKEPATH_STANDALONE_DB_MIGRATOR)/$(STANDALONE_DB_MIGRATOR_BINARYNAME)
+
 update_prepare_version:
 	@echo "substitute the prepare version tag in prepare file..."
 	@$(SEDCMDI) -e 's/goharbor\/prepare:.*[[:space:]]\+/goharbor\/prepare:$(VERSIONTAG) prepare /' $(MAKEPATH)/prepare ;
@@ -397,7 +417,8 @@ build:
 	 -e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL) \
 	 -e PULL_BASE_FROM_DOCKERHUB=$(PULL_BASE_FROM_DOCKERHUB) -e BUILD_BASE=$(BUILD_BASE) \
 	 -e REGISTRYUSER=$(REGISTRYUSER) -e REGISTRYPASSWORD=$(REGISTRYPASSWORD) \
-	 -e PUSHBASEIMAGE=$(PUSHBASEIMAGE)
+	 -e PUSHBASEIMAGE=$(PUSHBASEIMAGE) \
+	 -e TRIVYFLAG=$(TRIVYFLAG)
 
 build_standalone_db_migrator: compile_standalone_db_migrator
 	make -f $(MAKEFILEPATH_PHOTON)/Makefile _build_standalone_db_migrator -e BASEIMAGETAG=$(BASEIMAGETAG) -e VERSIONTAG=$(VERSIONTAG)

diff --git a/make/photon/Makefile b/make/photon/Makefile
@@ -18,8 +18,8 @@ TIMESTAMP=$(shell date +"%Y%m%d")
 
 # docker parameters
 DOCKERCMD=$(shell which docker)
-DOCKERBUILD=$(DOCKERCMD) build --no-cache
-DOCKERBUILD_WITH_PULL_PARA=$(DOCKERBUILD) --pull=$(PULL_BASE_FROM_DOCKERHUB)
+DOCKERBUILD=$(DOCKERCMD) buildx build --platform linux/amd64,linux/arm64 --provenance=false --push --no-cache
+DOCKERBUILD_WITH_PULL_PARA=$(DOCKERBUILD) #--pull=$(PULL_BASE_FROM_DOCKERHUB)
 DOCKERRMIMAGE=$(DOCKERCMD) rmi
 DOCKERIMAGES=$(DOCKERCMD) images
 IMAGENAMESPACE=goharbor
@@ -122,19 +122,19 @@ _build_db:
 _build_portal:
 	@$(call _build_base,$(PORTAL),$(DOCKERFILEPATH_PORTAL))
 	@echo "building portal container for photon..."
-	$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg npm_registry=$(NPM_REGISTRY) -f $(DOCKERFILEPATH_PORTAL)/$(DOCKERFILENAME_PORTAL) -t $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) .
+	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg npm_registry=$(NPM_REGISTRY) -f $(DOCKERFILEPATH_PORTAL)/$(DOCKERFILENAME_PORTAL) -t $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) .
 	@echo "Done."
 
 _build_core:
 	@$(call _build_base,$(CORE),$(DOCKERFILEPATH_CORE))
 	@echo "building core container for photon..."
-	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CORE)/$(DOCKERFILENAME_CORE) -t $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) .
+	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg GOBUILDIMAGE=${GOBUILDIMAGE}  -f $(DOCKERFILEPATH_CORE)/$(DOCKERFILENAME_CORE) -t $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) .
 	@echo "Done."
 
 _build_jobservice:
 	@$(call _build_base,$(JOBSERVICE),$(DOCKERFILEPATH_JOBSERVICE))
 	@echo "building jobservice container for photon..."
-	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_JOBSERVICE)/$(DOCKERFILENAME_JOBSERVICE) -t $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) .
+	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg GOBUILDIMAGE=${GOBUILDIMAGE} -f $(DOCKERFILEPATH_JOBSERVICE)/$(DOCKERFILENAME_JOBSERVICE) -t $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) .
 	@echo "Done."
 
 _build_log:
@@ -146,20 +146,12 @@ _build_log:
 _build_trivy_adapter:
 	@if [ "$(TRIVYFLAG)" = "true" ] ; then \
 		$(call _build_base,$(TRIVY_ADAPTER),$(DOCKERFILEPATH_TRIVY_ADAPTER)) ; \
-		rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
-		echo "Downloading Trivy scanner $(TRIVYVERSION)..." ; \
-		$(call _extract_archive, $(TRIVY_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
-		if [ "$(BUILDBIN)" != "true" ] ; then \
-			echo "Downloading Trivy adapter $(TRIVYADAPTERVERSION)..." ; \
-			$(call _extract_archive, $(TRIVY_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary/) ; \
-		else \
-			echo "Building Trivy adapter $(TRIVYADAPTERVERSION) from sources..." ; \
-			cd $(DOCKERFILEPATH_TRIVY_ADAPTER) && $(DOCKERFILEPATH_TRIVY_ADAPTER)/builder.sh $(TRIVYADAPTERVERSION) && cd - ; \
-		fi ; \
 		echo "Building Trivy adapter container for photon..." ; \
 		$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \
 			--build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) \
-			--build-arg trivy_version=$(TRIVYVERSION) \
+			--build-arg TRIVYVERSION=$(TRIVYVERSION) \
+			--build-arg TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \
+			--build-arg GOBUILDIMAGE=$(GOBUILDIMAGE) \
 			-f $(DOCKERFILEPATH_TRIVY_ADAPTER)/$(DOCKERFILENAME_TRIVY_ADAPTER) \
 			-t $(DOCKERIMAGENAME_TRIVY_ADAPTER):$(VERSIONTAG) . ; \
 		rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary; \
@@ -174,21 +166,14 @@ _build_nginx:
 
 _build_registry:
 	@$(call _build_base,$(REGISTRY),$(DOCKERFILEPATH_REG))
-	@if [ "$(BUILDBIN)" != "true" ] ; then \
-		rm -rf $(DOCKERFILEPATH_REG)/binary && mkdir -p $(DOCKERFILEPATH_REG)/binary && \
-		$(call _get_binary, $(REGISTRYURL), $(DOCKERFILEPATH_REG)/binary/registry); \
-	else \
-		cd $(DOCKERFILEPATH_REG) && $(DOCKERFILEPATH_REG)/builder $(REGISTRY_SRC_TAG) $(DISTRIBUTION_SRC) && cd - ; \
-	fi
 	@echo "building registry container for photon..."
-	@chmod 655 $(DOCKERFILEPATH_REG)/binary/registry && $(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REG)/$(DOCKERFILENAME_REG) -t $(DOCKERIMAGENAME_REG):$(VERSIONTAG) .
+	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg GOBUILDIMAGE=${GOBUILDIMAGE} --build-arg REGISTRY_SRC_TAG=${REGISTRY_SRC_TAG} -f $(DOCKERFILEPATH_REG)/$(DOCKERFILENAME_REG) -t $(DOCKERIMAGENAME_REG):$(VERSIONTAG) .
 	@echo "Done."
 
 _build_registryctl:
 	@$(call _build_base,$(REGISTRYCTL),$(DOCKERFILEPATH_REGISTRYCTL))
 	@echo "building registry controller for photon..."
-	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_REGISTRYCTL)/$(DOCKERFILENAME_REGISTRYCTL) -t $(DOCKERIMAGENAME_REGISTRYCTL):$(VERSIONTAG) .
-	@rm -rf $(DOCKERFILEPATH_REG)/binary
+	@$(DOCKERBUILD_WITH_PULL_PARA) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg GOBUILDIMAGE=${GOBUILDIMAGE}  --build-arg REGISTRY_SRC_TAG=${REGISTRY_SRC_TAG} -f $(DOCKERFILEPATH_REGISTRYCTL)/$(DOCKERFILENAME_REGISTRYCTL) -t $(DOCKERIMAGENAME_REGISTRYCTL):$(VERSIONTAG) .
 	@echo "Done."
 
 _build_redis:
@@ -205,7 +190,7 @@ _build_standalone_db_migrator:
 _compile_and_build_exporter:
 	@$(call _build_base,$(EXPORTER),$(DOCKERFILEPATH_EXPORTER))
 	@echo "compiling and building image for exporter..."
-	@$(DOCKERCMD) build --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg build_image=$(GOBUILDIMAGE) -f ${DOCKERFILEPATH_EXPORTER}/${DOCKERFILENAME_EXPORTER} -t $(DOCKERIMAGENAME_EXPORTER):$(VERSIONTAG) .
+	@$(DOCKERCMD) build --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg build_image=$(GOBUILDIMAGE) --build-arg GOBUILDIMAGE=${GOBUILDIMAGE} -f ${DOCKERFILEPATH_EXPORTER}/${DOCKERFILENAME_EXPORTER} -t $(DOCKERIMAGENAME_EXPORTER):$(VERSIONTAG) .
 	@echo "Done."
 
 define _extract_archive

diff --git a/make/photon/core/Dockerfile b/make/photon/core/Dockerfile
@@ -1,22 +1,34 @@
+ARG GOBUILDIMAGE
+ARG harbor_base_image_version
+ARG harbor_base_namespace
+FROM ${GOBUILDIMAGE} AS builder
+WORKDIR /harbor
+COPY ./ /harbor
+ENV CGO_ENABLED=0
+RUN apt update \
+    && apt install -y make \
+    && cd /harbor \
+    && make core
+
+
 ARG harbor_base_image_version
 ARG harbor_base_namespace
 FROM ${harbor_base_namespace}/harbor-core-base:${harbor_base_image_version}
 
 HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/v2.0/ping || curl -k --fail -s https://localhost:8443/api/v2.0/ping || exit 1
-COPY ./make/photon/common/install_cert.sh /harbor/
-COPY ./make/photon/core/entrypoint.sh /harbor/
-COPY ./make/photon/core/harbor_core /harbor/
-COPY ./src/core/views /harbor/views
-COPY ./make/migrations /harbor/migrations
-COPY ./icons /harbor/icons
+COPY --from=builder /harbor/make/photon/common/install_cert.sh /harbor/
+COPY --from=builder /harbor/make/photon/core/entrypoint.sh /harbor/
+COPY --from=builder /harbor/make/photon/core/harbor_core /harbor/
+COPY --from=builder /harbor/src/core/views /harbor/views
+COPY --from=builder /harbor/make/migrations /harbor/migrations
+COPY --from=builder /harbor/icons /harbor/icons
 
-RUN chown -R harbor:harbor /etc/pki/tls/certs \
-    && chown -R harbor:harbor /harbor/ \
+RUN chown -R harbor:harbor /harbor/ \
     && chmod u+x /harbor/entrypoint.sh \
     && chmod u+x /harbor/install_cert.sh \
     && chmod u+x /harbor/harbor_core
 
 WORKDIR /harbor/
 USER harbor
 ENTRYPOINT ["/harbor/entrypoint.sh"]
-COPY make/photon/prepare/versions /harbor/
+COPY --from=builder /harbor/make/photon/prepare/versions /harbor/
diff --git a/make/photon/core/Dockerfile.base b/make/photon/core/Dockerfile.base
@@ -1,6 +1,6 @@
-FROM photon:5.0
+FROM alpine:3.18
 
-RUN tdnf install -y tzdata shadow >> /dev/null \
-    && tdnf clean all \
-    && groupadd -r -g 10000 harbor && useradd --no-log-init -r -m -g 10000 -u 10000 harbor \
+RUN apk add --no-cache tzdata shadow \
+    && groupadd -r -g 10000 harbor \
+    && useradd -r -m -g 10000 -u 10000 harbor \
     && mkdir /harbor/
diff --git a/make/photon/db/Dockerfile.base b/make/photon/db/Dockerfile.base
@@ -1,20 +1,21 @@
-FROM photon:5.0
+# Use Alpine as the base image
+FROM alpine:3.18
 
-ENV PGDATA /var/lib/postgresql/data
+ENV PGDATA=/var/lib/postgresql/data
 
-RUN tdnf install -y shadow >> /dev/null \
+# Install shadow tools (for useradd and groupadd), and create the postgres user and group
+# Install PostgreSQL 15, gzip, findutils, bc, and create necessary directories
+RUN apk add --no-cache shadow \
+    && groupdel ping \  #compatible
     && groupadd -r postgres --gid=999 \
-    && useradd -m -r -g postgres --uid=999 postgres
-
-RUN tdnf install -y postgresql14-server >> /dev/null
-RUN tdnf install -y gzip postgresql15-server findutils bc >> /dev/null \
+    && useradd -r -g postgres --uid=999 postgres \
+    && apk add  --no-cache postgresql15 postgresql15-client gzip findutils bc util-linux net-tools  bash \
     && mkdir -p /docker-entrypoint-initdb.d \
     && mkdir -p /run/postgresql \
     && chown -R postgres:postgres /run/postgresql \
     && chmod 2777 /run/postgresql \
-    && mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA" \
-    && sed -i "s|#listen_addresses = 'localhost'.*|listen_addresses = '*'|g" /usr/pgsql/15/share/postgresql/postgresql.conf.sample \
-    && sed -i "s|#unix_socket_directories = '/tmp'.*|unix_socket_directories = '/run/postgresql'|g" /usr/pgsql/15/share/postgresql/postgresql.conf.sample \
-    && tdnf clean all
-
-RUN tdnf erase -y toybox && tdnf install -y util-linux net-tools
+    && mkdir -p "$PGDATA" \
+    && chown -R postgres:postgres "$PGDATA" \
+    && chmod 777 "$PGDATA" \
+    && sed -i "s|#listen_addresses = 'localhost'.*|listen_addresses = '*'|g" /usr/share/postgresql/postgresql.conf.sample \
+    && sed -i "s|#unix_socket_directories = '/tmp'.*|unix_socket_directories = '/run/postgresql'|g" /usr/share/postgresql/postgresql.conf.sample
diff --git a/make/photon/exporter/Dockerfile b/make/photon/exporter/Dockerfile
@@ -2,23 +2,23 @@ ARG build_image
 ARG harbor_base_image_version
 ARG harbor_base_namespace
 
-FROM ${build_image} AS build
+FROM ${build_image} AS builder
 
 ENV CGO_ENABLED=0
-ENV GOOS=linux
-ENV GOARCH=amd64
 
-COPY src /harbor/src
+
+COPY ./ /harbor
+
 WORKDIR /harbor/src/cmd/exporter
 RUN go build -o /out/harbor_exporter
 
 FROM ${harbor_base_namespace}/harbor-exporter-base:${harbor_base_image_version}
 
-COPY --from=build /out/harbor_exporter /harbor/harbor_exporter
-COPY ./make/photon/exporter/entrypoint.sh ./make/photon/common/install_cert.sh /harbor/
+COPY --from=builder /out/harbor_exporter /harbor/harbor_exporter
+COPY --from=builder /harbor/make/photon/exporter/entrypoint.sh /harbor/
+COPY --from=builder /harbor/make/photon/common/install_cert.sh /harbor/
 
-RUN chown -R harbor:harbor /etc/pki/tls/certs \
-    && chown -R harbor:harbor /harbor/ \
+RUN chown -R harbor:harbor /harbor/ \
     && chmod u+x /harbor/entrypoint.sh \
     && chmod u+x /harbor/install_cert.sh \
     && chmod u+x /harbor/harbor_exporter

diff --git a/make/photon/exporter/Dockerfile.base b/make/photon/exporter/Dockerfile.base
@@ -1,6 +1,8 @@
-FROM photon:5.0
+# Use Alpine as the base image
+FROM alpine:3.18
 
-RUN tdnf install -y tzdata shadow >> /dev/null \
-    && tdnf clean all \
-    && groupadd -r -g 10000 harbor && useradd --no-log-init -r -m -g 10000 -u 10000 harbor \
+# Install tzdata (for time zone data) and shadow (for groupadd and useradd commands)
+RUN apk add --no-cache tzdata shadow \
+    && groupadd -r -g 10000 harbor \
+    && useradd --no-log-init -r -m -g 10000 -u 10000 harbor \
     && mkdir /harbor/
diff --git a/make/photon/jobservice/Dockerfile b/make/photon/jobservice/Dockerfile
@@ -1,14 +1,24 @@
+ARG GOBUILDIMAGE
 ARG harbor_base_image_version
 ARG harbor_base_namespace
-FROM ${harbor_base_namespace}/harbor-jobservice-base:${harbor_base_image_version}
+FROM ${GOBUILDIMAGE} AS builder
+WORKDIR /harbor
+COPY ../../ /harbor
+ENV CGO_ENABLED=0
+RUN apt update \
+    && apt install -y make \
+    && cd /harbor \
+    && make jobservice
+
 
-COPY ./make/photon/common/install_cert.sh /harbor/
-COPY ./make/photon/jobservice/entrypoint.sh /harbor/
-COPY ./make/photon/jobservice/harbor_jobservice /harbor/
+
+FROM ${harbor_base_namespace}/harbor-jobservice-base:${harbor_base_image_version}
+COPY --from=builder /harbor/make/photon/common/install_cert.sh /harbor/
+COPY --from=builder /harbor/make/photon/jobservice/entrypoint.sh /harbor/
+COPY --from=builder /harbor/make/photon/jobservice/harbor_jobservice /harbor/
 
 
-RUN chown -R harbor:harbor /etc/pki/tls/certs \
-    && chown -R harbor:harbor /harbor/ \
+RUN chown -R harbor:harbor /harbor/ \
     && chmod u+x /harbor/entrypoint.sh \
     && chmod u+x /harbor/install_cert.sh \
     && chmod u+x /harbor/harbor_jobservice

diff --git a/make/photon/jobservice/Dockerfile.base b/make/photon/jobservice/Dockerfile.base
@@ -1,5 +1,8 @@
-FROM photon:5.0
+# Use Alpine as the base image
+FROM alpine:3.18
 
-RUN tdnf install -y tzdata shadow >> /dev/null \
-    && tdnf clean all \
-    && groupadd -r -g 10000 harbor && useradd --no-log-init -r -m -g 10000 -u 10000 harbor
+# Install tzdata (for time zone data) and shadow (for groupadd and useradd commands)
+RUN apk add --no-cache tzdata shadow \
+    && groupadd -r -g 10000 harbor \
+    && useradd --no-log-init -r -m -g 10000 -u 10000 harbor \
+    && mkdir /harbor/
diff --git a/make/photon/log/Dockerfile b/make/photon/log/Dockerfile
@@ -7,15 +7,16 @@ COPY ./make/photon/log/rsyslog.conf /etc/rsyslog.conf
 # rsyslog configuration file for docker
 COPY ./make/photon/log/rsyslog_docker.conf /etc/rsyslog.d/
 
-# remove the original "logrotate" in directory "/etc/cron.daily/"
-# and copy the customized one to directory "/etc/cron.hourly/" 
-# to run logrotate hourly
-RUN rm /etc/cron.daily/logrotate
-COPY ./make/photon/log/logrotate /etc/cron.hourly/
+COPY ./make/photon/log/logrotate /etc/periodic/hourly/
 
 COPY ./make/photon/log/start.sh /usr/local/bin/
-RUN chmod +x /usr/local/bin/start.sh /etc/rsyslog.d/ && \
-    chown -R 10000:10000 /etc/rsyslog.conf /etc/rsyslog.d/ /run /var/lib/logrotate/
+
+# remove the original "logrotate" in directory "/etc/periodic/daily/"
+# and copy the customized one to directory "/etc/periodic/hourly/"
+# to run logrotate hourly
+RUN rm /etc/periodic/daily/logrotate && \
+    chmod +x /usr/local/bin/start.sh /etc/rsyslog.d/ && \
+    chown -R 10000:10000 /etc/rsyslog.conf /run
 
 HEALTHCHECK CMD netstat -ltun|grep 10514
 

diff --git a/make/photon/log/Dockerfile.base b/make/photon/log/Dockerfile.base
@@ -1,7 +1,6 @@
-FROM photon:5.0
+FROM alpine:3.18
 
-RUN tdnf install -y cronie rsyslog logrotate shadow tar gzip sudo >> /dev/null\
+RUN apk add --no-cache tzdata shadow  tar gzip sudo cronie rsyslog logrotate \
     && mkdir /var/spool/rsyslog \
-    && groupadd -r -g 10000 syslog && useradd --no-log-init -r -g 10000 -u 10000 syslog \
-    && tdnf clean all \
-    && chage -M 99999 root
+    && groupadd -r -g 10000 syslog \
+    && useradd --no-log-init -r -g 10000 -u 10000 syslog
diff --git a/make/photon/nginx/Dockerfile.base b/make/photon/nginx/Dockerfile.base
@@ -1,7 +1,10 @@
-FROM photon:5.0
+# Use Alpine as the base image
+FROM alpine:3.18
 
-RUN tdnf install -y nginx shadow >> /dev/null \
-    && tdnf clean all \
-    && groupmod -g 10000 nginx && usermod -g 10000 -u 10000 -d /home/nginx -s /bin/bash nginx \
+# Install nginx and shadow (for groupmod and usermod commands)
+RUN apk add --no-cache nginx shadow \
+    && groupmod -g 10000 nginx \
+    && usermod -g 10000 -u 10000 -d /home/nginx -s /bin/bash nginx \
+    && mkdir -p /home/nginx \
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log
diff --git a/make/photon/portal/Dockerfile.base b/make/photon/portal/Dockerfile.base
@@ -1,8 +1,10 @@
-FROM photon:5.0
+# Use Alpine as the base image
+FROM alpine:3.18
 
-RUN tdnf install -y nginx shadow >> /dev/null \
-    && tdnf clean all \
+# Install nginx and shadow (for groupmod and usermod commands)
+RUN apk add --no-cache nginx shadow \
+    && groupmod -g 10000 nginx \
+    && usermod -g 10000 -u 10000 -d /home/nginx -s /bin/bash nginx \
+    && mkdir -p /home/nginx \
     && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log \
-    && groupmod -g 10000 nginx && usermod -g 10000 -u 10000 -d /home/nginx -s /bin/bash nginx \
-    && chown -R nginx:nginx /etc/nginx
+    && ln -sf /dev/stderr /var/log/nginx/error.log