Get Image
Go 1.20-openssl development container image
Description
Go (a.k.a., Golang) is a statically-typed programming language, with syntax loosely derived from C. Go offers additional features such as garbage collection, type safety, certain dynamic-typing capabilities, additional built-in types (for example, variable-length arrays and key-value maps) as well as a large standard library.
FIPS 140-3
The image includes a FIPS 140-2/140-3 enabled Go wrapper that prefers using OpenSSL for cryptographic operations, if available at runtime. Therefore, you can use FIPS 140-2/140-3 validated routines, provided by the OpenSSL library, for cryptographic operations in the container environment.
Usage
We recommend using the Go image as a build environment. Thus, the compiler does not need to be shipped as part of the images that are deployed. Instead, we recommend to use the Go image as the builder image only.
There are two options to work with Go images. First, you can encapsulate your
application in a scratch
container image, essentially an empty filesystem
image. This approach only works if your Go application does not depend on libc
or any other library or files, as they will not be available.
The second option uses a slim base container image with just the minimal packages required to run the Go application.
To compile and deploy an application, copy the sources, fetch dependencies (assuming go.mod is used for dependency management), and build the binary using the following Dockerfile options.
Building from scratch
# Build the application using the Go 1.20-openssl development container image
FROM registry.suse.com/bci/golang:1.20-openssl as build
WORKDIR /app
# pre-copy/cache go.mod for pre-downloading dependencies and only
# redownloading them in subsequent builds if they change
COPY go.mod go.sum ./
RUN go mod download && go mod verify
COPY . ./
# Make sure to build the application with CGO disabled.
# This will force Go to use some Go implementations of code
# rather than those supplied by the host operating system.
# You need this for scratch images as those supporting libraries
# are not available.
RUN CGO_ENABLED=0 go build -o /hello
# Bundle the application into a scratch image
FROM scratch
COPY --from=build /hello /usr/local/bin/hello
CMD ["/usr/local/bin/hello"]
Build and run the container image:
$ podman build -t my-golang-app .
$ podman run -it --rm my-golang-app
There are situations when you don't want to run an application inside a container.
To compile the application, without running it inside a container instance, use the following command:
$ podman run --rm -v "$PWD":/app:Z -w /app registry.suse.com/bci/golang:1.20-openssl go build -v
To run the application tests inside a container, use the following command:
$ podman run --rm -v "$PWD":/app:Z -w /app registry.suse.com/bci/golang:1.20-openssl go test -v
Building from SLE BCI
The SLE BCI General Purpose Base Containers images offer four different options for deployment, depending on your exact requirements.
# Build the application using the Go 1.20-openssl development Container Image
FROM registry.suse.com/bci/golang:1.20-openssl as build
WORKDIR /app
# pre-copy/cache go.mod for pre-downloading dependencies and only
# redownloading them in subsequent builds if they change
COPY go.mod go.sum ./
RUN go mod download && go mod verify
COPY . ./
RUN go build -o /hello
# Bundle the application into a scratch image
FROM registry.suse.com/bci/bci-micro:latest
COPY --from=build /hello /usr/local/bin/hello
CMD ["/usr/local/bin/hello"]
The above example uses the SLE BCI micro image as the deployment image for the resulting application. See the SLE BCI use with Go documentation for further details.
FIPS 140-3
To restrict all TLS configuration to FIPS-approved settings, add the following line:
import _ "crypto/tls/fipsonly"
Additional tools
In addition to the standard SLE BCI development packages, the following tools are included in the image:
- go1.20-openssl-race
- make
Licensing
SPDX-License-Identifier: MIT
This documentation and the build recipe are licensed as MIT. The container itself contains various software components under various open source licenses listed in the associated Software Bill of Materials (SBOM).
This image is based on SLE BCI, a stable and redistributable foundation for software innovation. SLE BCI is enterprise-ready, and it comes with an option for support.
See the SLE BCI EULA for further information.
-
Image Data
Last Built: 02 Nov 05:32 UTC
Compressed Size: 172.7 MB
Uncompressed Size: 511.1 MB
Support Level: L3
-
-
Health Index
D0:C1:H7:M0:L0:ULast Scan:
about 9 hours ago