summaryrefslogtreecommitdiffstats
path: root/packaging/docker
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2019-05-21 18:56:05 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2019-05-21 18:56:05 +0000
commit54deae27eed83a162ee438ef6bad4a23767757dd (patch)
treeda5333377dfacf22177375aef822a8e696f007eb /packaging/docker
parentReleasing debian version 1.14.0-1. (diff)
downloadnetdata-54deae27eed83a162ee438ef6bad4a23767757dd.tar.xz
netdata-54deae27eed83a162ee438ef6bad4a23767757dd.zip
Merging upstream version 1.15.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'packaging/docker')
-rw-r--r--packaging/docker/Dockerfile90
-rw-r--r--packaging/docker/README.md186
-rwxr-xr-xpackaging/docker/build-test.sh72
-rwxr-xr-xpackaging/docker/build.sh72
-rwxr-xr-xpackaging/docker/check_login.sh41
-rwxr-xr-xpackaging/docker/publish.sh115
-rw-r--r--packaging/docker/run.sh16
7 files changed, 592 insertions, 0 deletions
diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile
new file mode 100644
index 000000000..98fdce5c9
--- /dev/null
+++ b/packaging/docker/Dockerfile
@@ -0,0 +1,90 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# author : paulfantom
+
+# Cross-arch building is achieved by specifying ARCH as a build parameter with `--build-arg` option.
+# It is automated in `build.sh` script
+ARG ARCH=amd64
+# This image contains preinstalled dependecies
+FROM netdata/builder:${ARCH} as builder
+
+ENV JUDY_VER 1.0.5
+
+# Copy source
+COPY . /opt/netdata.git
+WORKDIR /opt/netdata.git
+
+# Install from source
+RUN chmod +x netdata-installer.sh && ./netdata-installer.sh --dont-wait --dont-start-it
+
+# files to one directory
+RUN mkdir -p /app/usr/sbin/ \
+ /app/usr/share \
+ /app/usr/libexec \
+ /app/usr/lib \
+ /app/var/cache \
+ /app/var/lib \
+ /app/etc && \
+ mv /usr/share/netdata /app/usr/share/ && \
+ mv /usr/libexec/netdata /app/usr/libexec/ && \
+ mv /usr/lib/netdata /app/usr/lib/ && \
+ mv /var/cache/netdata /app/var/cache/ && \
+ mv /var/lib/netdata /app/var/lib/ && \
+ mv /etc/netdata /app/etc/ && \
+ mv /usr/sbin/netdata /app/usr/sbin/ && \
+ mv /judy-${JUDY_VER} /app/judy-${JUDY_VER} && \
+ mv packaging/docker/run.sh /app/usr/sbin/ && \
+ chmod +x /app/usr/sbin/run.sh
+
+#####################################################################
+ARG ARCH
+# This image contains preinstalled dependecies
+FROM netdata/base:${ARCH}
+
+# Conditional subscribiton to Polyverse's Polymorphic Linux repositories
+RUN if [ "$(uname -m)" == "x86_64" ]; then \
+ apk update && apk upgrade; \
+ curl https://sh.polyverse.io | sh -s install gcxce5byVQbtRz0iwfGkozZwy support+netdata@polyverse.io; \
+ if [ $? -eq 0 ]; then \
+ apk update && \
+ apk upgrade --available --no-cache && \
+ sed -in 's/^#//g' /etc/apk/repositories; \
+ fi \
+ fi
+
+# Copy files over
+RUN mkdir -p /opt/src
+COPY --from=builder /app /
+
+# Configure system
+ARG NETDATA_UID=201
+ARG NETDATA_GID=201
+RUN \
+ # provide judy installation to base image
+ apk add make alpine-sdk && \
+ cd /judy-${JUDY_VER} && make install && cd / && \
+ # Clean the source stuff once judy is installed
+ rm -rf /judy-${JUDY_VER} && apk del make alpine-sdk && \
+ # fping from alpine apk is on a different location. Moving it.
+ mv /usr/sbin/fping /usr/local/bin/fping && \
+ chmod 4755 /usr/local/bin/fping && \
+ mkdir -p /var/log/netdata && \
+ # Add netdata user
+ addgroup -g ${NETDATA_GID} -S netdata && \
+ adduser -S -H -s /usr/sbin/nologin -u ${NETDATA_GID} -h /etc/netdata -G netdata netdata && \
+ # Apply the permissions as described in
+ # https://github.com/netdata/netdata/wiki/netdata-security#netdata-directories
+ chown -R root:netdata /etc/netdata && \
+ chown -R netdata:netdata /var/cache/netdata /var/lib/netdata /usr/share/netdata && \
+ chown -R root:netdata /usr/lib/netdata && \
+ chown -R root:netdata /usr/libexec/netdata/ && \
+ chmod 4750 /usr/libexec/netdata/plugins.d/cgroup-network /usr/libexec/netdata/plugins.d/apps.plugin && \
+ chmod 0750 /var/lib/netdata /var/cache/netdata && \
+ # Link log files to stdout
+ ln -sf /dev/stdout /var/log/netdata/access.log && \
+ ln -sf /dev/stdout /var/log/netdata/debug.log && \
+ ln -sf /dev/stderr /var/log/netdata/error.log
+
+ENV NETDATA_PORT 19999
+EXPOSE $NETDATA_PORT
+
+ENTRYPOINT ["/usr/sbin/run.sh"]
diff --git a/packaging/docker/README.md b/packaging/docker/README.md
new file mode 100644
index 000000000..6ae299f1d
--- /dev/null
+++ b/packaging/docker/README.md
@@ -0,0 +1,186 @@
+# Install netdata with Docker
+
+> :warning: As of Sep 9th, 2018 we ship [new docker builds](https://github.com/netdata/netdata/pull/3995), running netdata in docker with an [ENTRYPOINT](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, not a COMMAND directive. Please adapt your execution scripts accordingly. You can find more information about ENTRYPOINT vs COMMAND is presented by goinbigdata [here](http://goinbigdata.com/docker-run-vs-cmd-vs-entrypoint/) and by docker docs [here](https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact).
+>
+> Also, the `latest` is now based on alpine, so **`alpine` is not updated any more** and `armv7hf` is now replaced with `armhf` (to comply with https://github.com/multiarch naming), so **`armv7hf` is not updated** either.
+
+## Limitations
+
+Running netdata in a container for monitoring the whole host, can limit its capabilities. Some data is not accessible or not as detailed as when running netdata on the host.
+
+## Package scrambling in runtime (x86_64 only)
+
+By default on x86_64 architecture our docker images use Polymorphic Polyverse Linux package scrambling. For increased security you can enable rescrambling of packages during runtime. To do this set environment variable `RESCRAMBLE=true` while starting netdata docker container.
+
+For more information go to [Polyverse site](https://polyverse.io/how-it-works/)
+
+## Run netdata with docker command
+
+Quickly start netdata with the docker command line.
+Netdata is then available at http://host:19999
+
+This is good for an internal network or to quickly analyse a host.
+
+```bash
+docker run -d --name=netdata \
+ -p 19999:19999 \
+ -v /proc:/host/proc:ro \
+ -v /sys:/host/sys:ro \
+ -v /var/run/docker.sock:/var/run/docker.sock:ro \
+ --cap-add SYS_PTRACE \
+ --security-opt apparmor=unconfined \
+ netdata/netdata
+```
+
+The above can be converted to docker-compose file for ease of management:
+
+```yaml
+version: '3'
+services:
+ netdata:
+ image: netdata/netdata
+ hostname: example.com # set to fqdn of host
+ ports:
+ - 19999:19999
+ cap_add:
+ - SYS_PTRACE
+ security_opt:
+ - apparmor:unconfined
+ volumes:
+ - /proc:/host/proc:ro
+ - /sys:/host/sys:ro
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+```
+
+### Docker container names resolution
+
+If you want to have your container names resolved by netdata it needs to have access to docker group. To achive that just add environment variable `PGID=999` to netdata container, where `999` is a docker group id from your host. This number can be found by running:
+```bash
+grep docker /etc/group | cut -d ':' -f 3
+```
+
+### Pass command line options to Netdata
+
+Since we use an [ENTRYPOINT](https://docs.docker.com/engine/reference/builder/#entrypoint) directive, you can provide [netdata daemon command line options](https://docs.netdata.cloud/daemon/#command-line-options) such as the IP address netdata will be running on, using the [command instruction](https://docs.docker.com/engine/reference/builder/#cmd).
+
+## Install Netdata using Docker Compose with SSL/TLS enabled http proxy
+
+For a permanent installation on a public server, you should [secure the netdata instance](../../docs/netdata-security.md). This section contains an example of how to install netdata with an SSL reverse proxy and basic authentication.
+
+You can use use the following docker-compose.yml and Caddyfile files to run netdata with docker. Replace the Domains and email address for [Letsencrypt](https://letsencrypt.org/) before starting.
+
+### Prerequisites
+* [Docker](https://docs.docker.com/install/#server)
+* [Docker Compose](https://docs.docker.com/compose/install/)
+* Domain configured in DNS pointing to host.
+
+### Caddyfile
+
+This file needs to be placed in /opt with name `Caddyfile`. Here you customize your domain and you need to provide your email address to obtain a Letsencrypt certificate. Certificate renewal will happen automatically and will be executed internally by the caddy server.
+
+```
+netdata.example.org {
+ proxy / netdata:19999
+ tls admin@example.org
+}
+```
+
+### docker-compose.yml
+
+After setting Caddyfile run this with `docker-compose up -d` to have fully functioning netdata setup behind HTTP reverse proxy.
+
+```yaml
+version: '3'
+volumes:
+ caddy:
+
+services:
+ caddy:
+ image: abiosoft/caddy
+ ports:
+ - 80:80
+ - 443:443
+ volumes:
+ - /opt/Caddyfile:/etc/Caddyfile
+ - caddy:/root/.caddy
+ environment:
+ ACME_AGREE: 'true'
+ netdata:
+ restart: always
+ hostname: netdata.example.org
+ image: netdata/netdata
+ cap_add:
+ - SYS_PTRACE
+ security_opt:
+ - apparmor:unconfined
+ volumes:
+ - /proc:/host/proc:ro
+ - /sys:/host/sys:ro
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+```
+
+### Restrict access with basic auth
+
+You can restrict access by following [official caddy guide](https://caddyserver.com/docs/basicauth) and adding lines to Caddyfile.
+
+[![analytics](https://www.google-analytics.com/collect?v=1&aip=1&t=pageview&_s=1&ds=github&dr=https%3A%2F%2Fgithub.com%2Fnetdata%2Fnetdata&dl=https%3A%2F%2Fmy-netdata.io%2Fgithub%2Fpackaging%2Fdocker%2FREADME&_u=MAC~&cid=5792dfd7-8dc4-476b-af31-da2fdb9f93d2&tid=UA-64295674-3)]()
+
+## Publish a test image to your own repository
+
+At netdata we provide multiple ways of testing your docker images using your own repositories.
+You may either use the command line tools available or take advantage of our Travis CI infrastructure.
+
+### Using tools manually from the command line
+
+The script `packaging/docker/build-test.sh` can be used to create an image and upload it to a repository of your choosing.
+
+```
+Usage: packaging/docker/build-test.sh -r <REPOSITORY> -v <VERSION> -u <DOCKER_USERNAME> -p <DOCKER_PWD> [-s]
+ -s skip build, just push the image
+Builds an amd64 image and pushes it to the docker hub repository REPOSITORY
+```
+
+This is especially useful when testing a Pull Request for Kubernetes, since you can set `image` to an immutable repository and tag, set the `imagePullPolicy` to `Always` and just keep uploading new images.
+
+Example:
+
+We get a local copy of the Helm chart at https://github.com/netdata/helmchart. We modify `values.yaml` to have the following:
+
+```
+image:
+ repository: cakrit/netdata-prs
+ tag: PR5576
+ pullPolicy: Always
+```
+
+We check out PR5576 and run the following:
+```
+./packaging/docker/build-test.sh -r cakrit/netdata-prs -v PR5576 -u cakrit -p 'XXX'
+```
+
+Then we can run `helm install [path to our helmchart clone]`.
+
+If we make changes to the code, we execute the same `build-test.sh` command, followed by `helm upgrade [name] [path to our helmchart clone]`
+
+### Inside netdata organization, using Travis CI
+
+To enable Travis CI integration on your own repositories (Docker and Github), you need to be part of the Netdata organization.
+Once you have contacted the netdata owners to setup you up on Github and Travis, execute the following steps
+
+- Preparation
+ - Have netdata forked on your personal GITHUB account
+ - Get a GITHUB token: Go to Github settings -> Developer Settings -> Personal access tokens, generate a new token with full access to repo_hook, read only access to admin:org, public_repo, repo_deployment, repo:status and user:email settings enabled. This will be your GITHUB_TOKEN that is described later in the instructions, so keep it somewhere safe until is needed.
+ - Contact netdata team and seek for permissions on https://scan.coverity.com should you require Travis to be able to push your forked code to coverity for analysis and report. Once you are setup, you should have your email you used in coverity and a token from them. These will be your COVERITY_SCAN_SUBMIT_EMAIL and COVERITY_SCAN_TOKEN that we will refer to later.
+ - Have a valid Docker hub account, the credentials from this account will be your DOCKER_USERNAME and DOCKER_PWD mentioned later
+
+- Setting up Travis CI for your own fork (Detailed instructions provided by Travis team [here](https://docs.travis-ci.com/user/tutorial/))
+ - Login to travis with your own GITHUB credentials (There is Open Auth access)
+ - Go to your profile settings, under [repositories](https://travis-ci.com/account/repositories) section and setup your netdata fork to be built by travis
+ - Once the repository has been setup, go to repository settings within travis (usually under https://travis-ci.com/NETDATA_DEVELOPER/netdata/settings, where "NETDATA_DEVELOPER" is your github handle) and select your desired settings.
+- While in Travis settings, under netdata repository settings in the Environment Variables section, you need to add the following:
+ - DOCKER_USERNAME and DOCKER_PWD variables so that Travis can login to your docker hub account and publish docker images there.
+ - REPOSITORY variable to "NETDATA_DEVELOPER/netdata" where NETDATA_DEVELOPER is your github handle again.
+ - GITHUB_TOKEN variable with the token generated on the preparation step, for travis workflows to function properly
+ - COVERITY_SCAN_SUBMIT_EMAIL and COVERITY_SCAN_TOKEN variables to enable Travis to submit your code for analysis to Coverity.
+
+Having followed these instructions, your forked repository should be all set up for Travis Integration, happy testing!
diff --git a/packaging/docker/build-test.sh b/packaging/docker/build-test.sh
new file mode 100755
index 000000000..a7e31d4f4
--- /dev/null
+++ b/packaging/docker/build-test.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+# Docker build wrapper, for testing manually the docker build process
+# TODO: This script should consume build.sh after setting up required parameters
+#
+# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
+#
+# Author : Chris Akritidis (chris@netdata.cloud)
+# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
+
+printhelp() {
+ echo "Usage: packaging/docker/build-test.sh -r <REPOSITORY> -v <VERSION> -u <DOCKER_USERNAME> -p <DOCKER_PWD> [-s]
+ -s skip build, just push the image
+Builds an amd64 image and pushes it to the docker hub repository REPOSITORY"
+}
+
+set -e
+
+if [ ! -f .gitignore ]; then
+ echo "Run as ./packaging/docker/$(basename "$0") from top level directory of git repository"
+ exit 1
+fi
+
+DOBUILD=1
+while getopts :r:v:u:p:s option
+do
+ case "$option" in
+ r)
+ REPOSITORY=$OPTARG
+ ;;
+ v)
+ VERSION=$OPTARG
+ ;;
+ u)
+ DOCKER_USERNAME=$OPTARG
+ ;;
+ p)
+ DOCKER_PWD=$OPTARG
+ ;;
+ s)
+ DOBUILD=0
+ ;;
+ *)
+ printhelp
+ exit 1
+ ;;
+ esac
+done
+
+if [ -n "${REPOSITORY}" ] && [ -n "${VERSION}" ] && [ -n "${DOCKER_USERNAME}" ] && [ -n "${DOCKER_PWD}" ] ; then
+ if [ $DOBUILD -eq 1 ] ; then
+ echo "Building ${VERSION} of ${REPOSITORY} container"
+ docker run --rm --privileged multiarch/qemu-user-static:register --reset
+
+ # Build images using multi-arch Dockerfile.
+ eval docker build --build-arg ARCH="amd64" --tag "${REPOSITORY}:${VERSION}" --file packaging/docker/Dockerfile ./
+
+ # Create temporary docker CLI config with experimental features enabled (manifests v2 need it)
+ mkdir -p /tmp/docker
+ #echo '{"experimental":"enabled"}' > /tmp/docker/config.json
+ fi
+
+ # Login to docker hub to allow futher operations
+ echo "Logging into docker"
+ echo "$DOCKER_PWD" | docker --config /tmp/docker login -u "$DOCKER_USERNAME" --password-stdin
+
+ echo "Pushing ${REPOSITORY}:${VERSION}"
+ docker --config /tmp/docker push "${REPOSITORY}:${VERSION}"
+else
+ echo "Missing parameter. REPOSITORY=${REPOSITORY} VERSION=${VERSION} DOCKER_USERNAME=${DOCKER_USERNAME} DOCKER_PWD=${DOCKER_PWD}"
+ printhelp
+ exit 1
+fi
diff --git a/packaging/docker/build.sh b/packaging/docker/build.sh
new file mode 100755
index 000000000..f15c7dad7
--- /dev/null
+++ b/packaging/docker/build.sh
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+#
+#
+# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
+#
+# Author : Pawel Krupa (paulfantom)
+# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
+
+set -e
+
+if [ "${BASH_VERSINFO[0]}" -lt "4" ]; then
+ echo "This mechanism currently can only run on BASH version 4 and above"
+ exit 1
+fi
+
+VERSION="$1"
+declare -A ARCH_MAP
+ARCH_MAP=(["i386"]="386" ["amd64"]="amd64" ["armhf"]="arm" ["aarch64"]="arm64")
+DEVEL_ARCHS=(amd64)
+ARCHS="${!ARCH_MAP[@]}"
+
+if [ -z ${REPOSITORY} ]; then
+ REPOSITORY="${TRAVIS_REPO_SLUG}"
+ if [ -z ${REPOSITORY} ]; then
+ echo "REPOSITORY not set, build cannot proceed"
+ exit 1
+ else
+ echo "REPOSITORY was not detected, attempted to use TRAVIS_REPO_SLUG setting: ${TRAVIS_REPO_SLUG}"
+ fi
+fi
+
+# When development mode is set, build on DEVEL_ARCHS
+if [ ! -z ${DEVEL+x} ]; then
+ declare -a ARCHS=(${DEVEL_ARCHS[@]})
+fi
+
+# Ensure there is a version, the most appropriate one
+if [ "${VERSION}" == "" ]; then
+ VERSION=$(git tag --points-at)
+ if [ "${VERSION}" == "" ]; then
+ VERSION="latest"
+ fi
+fi
+
+# If we are not in netdata git repo, at the top level directory, fail
+TOP_LEVEL=$(basename "$(git rev-parse --show-toplevel)")
+CWD=$(git rev-parse --show-cdup)
+if [ ! -z $CWD ] || [ ! "${TOP_LEVEL}" == "netdata" ]; then
+ echo "Run as ./packaging/docker/$(basename "$0") from top level directory of netdata git repository"
+ echo "Docker build process aborted"
+ exit 1
+fi
+
+echo "Docker image build in progress.."
+echo "Version : ${VERSION}"
+echo "Repository : ${REPOSITORY}"
+echo "Architectures : ${ARCHS[*]}"
+
+docker run --rm --privileged multiarch/qemu-user-static:register --reset
+
+# Build images using multi-arch Dockerfile.
+for ARCH in ${ARCHS[@]}; do
+ TAG="${REPOSITORY}:${VERSION}-${ARCH}"
+ echo "Building tag ${TAG}.."
+ eval docker build --no-cache \
+ --build-arg ARCH="${ARCH}" \
+ --tag "${TAG}" \
+ --file packaging/docker/Dockerfile ./
+ echo "..Done!"
+done
+
+echo "Docker build process completed!"
diff --git a/packaging/docker/check_login.sh b/packaging/docker/check_login.sh
new file mode 100755
index 000000000..7cc8d4e50
--- /dev/null
+++ b/packaging/docker/check_login.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+#
+# This is a credential checker script, to help get early input on docker credentials status
+# If these are wrong, then build/publish has no point running
+#
+# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
+#
+# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
+
+set -e
+
+if [ "${BASH_VERSINFO[0]}" -lt "4" ]; then
+ echo "This mechanism currently can only run on BASH version 4 and above"
+ exit 1
+fi
+
+DOCKER_CMD="docker "
+
+# There is no reason to continue if we cannot log in to docker hub
+if [ -z ${DOCKER_USERNAME+x} ] || [ -z ${DOCKER_PWD+x} ]; then
+ echo "No docker hub username or password found, aborting without publishing"
+ exit 1
+fi
+
+# If we are not in netdata git repo, at the top level directory, fail
+TOP_LEVEL=$(basename "$(git rev-parse --show-toplevel)")
+CWD=$(git rev-parse --show-cdup)
+if [ -n "$CWD" ] || [ ! "${TOP_LEVEL}" == "netdata" ]; then
+ echo "Run as ./packaging/docker/$(basename "$0") from top level directory of netdata git repository"
+ echo "Docker build process aborted"
+ exit 1
+fi
+
+# Login to docker hub to allow futher operations
+echo "Attempting to login to docker"
+echo "$DOCKER_PWD" | $DOCKER_CMD login -u "$DOCKER_USERNAME" --password-stdin
+
+echo "Docker login successful!"
+$DOCKER_CMD logout
+
+echo "Docker login validation completed"
diff --git a/packaging/docker/publish.sh b/packaging/docker/publish.sh
new file mode 100755
index 000000000..948787b0b
--- /dev/null
+++ b/packaging/docker/publish.sh
@@ -0,0 +1,115 @@
+#!/usr/bin/env bash
+#
+# Cross-arch docker publish helper script
+# Needs docker in version >18.02 due to usage of manifests
+#
+# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
+#
+# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
+
+set -e
+
+if [ "${BASH_VERSINFO[0]}" -lt "4" ]; then
+ echo "This mechanism currently can only run on BASH version 4 and above"
+ exit 1
+fi
+
+WORKDIR="$(mktemp -d)" # Temporary folder, removed after script is done
+VERSION="$1"
+declare -A ARCH_MAP
+ARCH_MAP=(["i386"]="386" ["amd64"]="amd64" ["armhf"]="arm" ["aarch64"]="arm64")
+DEVEL_ARCHS=(amd64)
+ARCHS="${!ARCH_MAP[@]}"
+DOCKER_CMD="docker --config ${WORKDIR}"
+
+if [ -z ${REPOSITORY} ]; then
+ REPOSITORY="${TRAVIS_REPO_SLUG}"
+ if [ -z ${REPOSITORY} ]; then
+ echo "REPOSITORY not set, publish cannot proceed"
+ exit 1
+ else
+ echo "REPOSITORY was not detected, attempted to use TRAVIS_REPO_SLUG setting: ${TRAVIS_REPO_SLUG}"
+ fi
+fi
+
+# When development mode is set, build on DEVEL_ARCHS
+if [ ! -z ${DEVEL+x} ]; then
+ declare -a ARCHS=(${DEVEL_ARCHS[@]})
+fi
+
+# Ensure there is a version, the most appropriate one
+if [ "${VERSION}" == "" ]; then
+ VERSION=$(git tag --points-at)
+ if [ "${VERSION}" == "" ]; then
+ VERSION="latest"
+ fi
+fi
+MANIFEST_LIST="${REPOSITORY}:${VERSION}"
+
+# There is no reason to continue if we cannot log in to docker hub
+if [ -z ${DOCKER_USERNAME+x} ] || [ -z ${DOCKER_PWD+x} ]; then
+ echo "No docker hub username or password found, aborting without publishing"
+ exit 1
+fi
+
+# If we are not in netdata git repo, at the top level directory, fail
+TOP_LEVEL=$(basename "$(git rev-parse --show-toplevel)")
+CWD=$(git rev-parse --show-cdup)
+if [ ! -z $CWD ] || [ ! "${TOP_LEVEL}" == "netdata" ]; then
+ echo "Run as ./packaging/docker/$(basename "$0") from top level directory of netdata git repository"
+ echo "Docker build process aborted"
+ exit 1
+fi
+
+echo "Docker image publishing in progress.."
+echo "Version : ${VERSION}"
+echo "Repository : ${REPOSITORY}"
+echo "Architectures : ${ARCHS[*]}"
+echo "Manifest list : ${MANIFEST_LIST}"
+
+# Create temporary docker CLI config with experimental features enabled (manifests v2 need it)
+echo '{"experimental":"enabled"}' > "${WORKDIR}"/config.json
+
+# Login to docker hub to allow futher operations
+echo "$DOCKER_PWD" | $DOCKER_CMD login -u "$DOCKER_USERNAME" --password-stdin
+
+# Push images to registry
+for ARCH in ${ARCHS[@]}; do
+ TAG="${MANIFEST_LIST}-${ARCH}"
+ echo "Publishing image ${TAG}.."
+ $DOCKER_CMD push "${TAG}" &
+ echo "Image ${TAG} published succesfully!"
+done
+
+echo "Waiting for images publishing to complete"
+wait
+
+# Recreate docker manifest list
+echo "Creating manifest list.."
+$DOCKER_CMD manifest create --amend "${MANIFEST_LIST}" \
+ "${MANIFEST_LIST}-i386" \
+ "${MANIFEST_LIST}-armhf" \
+ "${MANIFEST_LIST}-aarch64" \
+ "${MANIFEST_LIST}-amd64"
+
+# Annotate manifest with CPU architecture information
+
+echo "Executing manifest annotate.."
+for ARCH in ${ARCHS[@]}; do
+ TAG="${MANIFEST_LIST}-${ARCH}"
+ echo "Annotating manifest for $ARCH, with TAG: ${TAG} (Manifest list: ${MANIFEST_LIST})"
+ $DOCKER_CMD manifest annotate "${MANIFEST_LIST}" "${TAG}" --os linux --arch "${ARCH_MAP[$ARCH]}"
+done
+
+# Push manifest to docker hub
+echo "Pushing manifest list to docker.."
+$DOCKER_CMD manifest push -p "${MANIFEST_LIST}"
+
+# Show current manifest (debugging purpose only)
+echo "Evaluating manifest list entry"
+$DOCKER_CMD manifest inspect "${MANIFEST_LIST}"
+
+# Cleanup
+rm -r "${WORKDIR}"
+
+echo "Docker publishing process completed!"
diff --git a/packaging/docker/run.sh b/packaging/docker/run.sh
new file mode 100644
index 000000000..243cae8a2
--- /dev/null
+++ b/packaging/docker/run.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+#set -e
+
+if [ ${RESCRAMBLE+x} ]; then
+ echo "Reinstalling all packages to get the latest Polymorphic Linux scramble"
+ apk upgrade --update-cache --available
+fi
+
+if [ ${PGID+x} ]; then
+ echo "Adding user netdata to group with id ${PGID}"
+ addgroup -g "${PGID}" -S hostgroup 2>/dev/null
+ sed -i "s/${PGID}:$/${PGID}:netdata/g" /etc/group
+fi
+
+exec /usr/sbin/netdata -u netdata -D -s /host -p "${NETDATA_PORT}" "$@"