build: Support arm64 container and add containerized build target

.dockerignore

@@ -0,0 +1 @@
+build

Makefile

@@ -11,6 +11,8 @@ BUILD = $(shell date --iso-8601=seconds)
 LDFLAGS = -s -w
 LDFLAGS +=  -X github.com/aws/amazon-cloudwatch-agent/cfg/agentinfo.VersionStr=${VERSION}
 LDFLAGS +=  -X github.com/aws/amazon-cloudwatch-agent/cfg/agentinfo.BuildStr=${BUILD}
+IMAGE = amazon/cloudwatch-agent:$(VERSION)
+DOCKER_BUILD_FROM_SOURCE = docker build -t $(IMAGE) -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile
 
 release: clean test build package-rpm package-deb package-win
 
@@ -160,3 +162,13 @@ package-win: package-prepare-win-zip
 	ARCH=amd64 TARGET_SUPPORTED_ARCH=x86_64 PREPKGPATH="$(BUILD_SPACE)/private/windows/amd64/zip/amazon-cloudwatch-agent-pre-pkg" $(BUILD_SPACE)/Tools/src/create_win.sh
 
 .PHONY: build test clean
+
+.PHONY: dockerized-build dockerized-build-vendor
+dockerized-build:
+	$(DOCKER_BUILD_FROM_SOURCE) .
+	@echo Built image:
+	@echo $(IMAGE)
+
+# Use vendor instead of proxy when building w/ vendor folder
+dockerized-build-vendor:
+	$(DOCKER_BUILD_FROM_SOURCE) --build-arg GO111MODULE=off .

README.md

@@ -20,6 +20,7 @@ Amazon Cloudwatch Agent uses the open-source project [telegraf](https://github.c
 * [Troubleshooting Cloudwatch Agent](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/troubleshooting-CloudWatch-Agent.html)
 
 ## Building and Running from source
+
 * Install go. For more information, see [Getting started](https://golang.org/doc/install)
 * The agent uses go modules for dependency management. For more information, see [Go Modules](https://github.com/golang/go/wiki/Modules)
 
@@ -55,6 +56,9 @@ build/bin/windows/amd64/amazon-cloudwatch-agent.zip
         * unzip `amazon-cloudwatch-agent.zip`
         * `./install.ps1`
 
+### Building and running container
+
+See [Dockerfiles](amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile).
 
 ### Make Targets
 The following targets are available. Each may be run with `make <target>`.
@@ -64,12 +68,13 @@ The following targets are available. Each may be run with `make <target>`.
 | `build`                  | `build` builds the agent for Linux, Debian and Windows amd64 environment |
 | `release`                | *(Default)* `release` builds the agent and also packages it into a RPM, DEB and ZIP package |
 | `clean`                  | `clean` removes build artifacts |
+| `dockerized-build`       | build using docker container without local go environment |
 
 ## Versioning
 It is using [Semantic versioning](https://semver.org/)
 
 ## Distributions
-You can download the offical release from S3, refer to [link](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/download-cloudwatch-agent-commandline.html)
+You can download the official release from S3, refer to [link](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/download-cloudwatch-agent-commandline.html)
 
 ## Security disclosures
 If you think you’ve found a potential security issue, please do not post it in the Issues.  Instead, please follow the instructions [here](https://aws.amazon.com/security/vulnerability-reporting/) or [email AWS security directly](mailto:aws-security@amazon.com).

amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/Dockerfile

@@ -1,10 +1,14 @@
-FROM debian:latest as build
+FROM ubuntu:latest as build
+
+# NOTE: This arg will be populated by docker buildx
+# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
+ARG TARGETARCH
 
 RUN apt-get update &&  \
     apt-get install -y ca-certificates curl && \
     rm -rf /var/lib/apt/lists/*
 
-RUN curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/debian/amd64/latest/amazon-cloudwatch-agent.deb && \
+RUN curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/${TARGETARCH:-$(dpkg --print-architecture)}/latest/amazon-cloudwatch-agent.deb && \
     dpkg -i -E amazon-cloudwatch-agent.deb && \
     rm -rf /tmp/* && \
     rm -rf /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard && \

amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/README.md

@@ -0,0 +1,66 @@
+# CloudWatch Agent Dockerfiles
+
+- [Dockerfile](Dockerfile) builds from the [latest release published on s3](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html)
+- [localdeb](localdeb/Dockerfile) builds from a local deb file
+- [source](source/Dockerfile) builds from source code, you can execute `make dockerized-build` at project root.
+
+## Multi arch image
+
+### Build multi arch image on mac
+
+- Make sure you are using the edge version instead of stable (btw: they [just got merged into one installer](https://docs.docker.com/docker-for-mac/faqs/#where-can-i-find-information-about-stable-and-edge-releases))
+
+```bash
+# NOTE: you need to create a builder, the name does not matter, you have a default one out of box, but that does not work multi-arch
+docker buildx create --name multi-builder
+docker buildx use multi-builder
+# Add proper tag and --push if you want to publish it
+docker buildx build --platform linux/amd64,linux/arm64 .
+```
+
+### Build multi arch image manifest from single arch images
+
+If you choose to build x86 and arm images on different machines, and create a multi arch image later.
+You need to be aware of the following:
+
+- Single arch images should already exists on registry first because the multi arch image is reference to existing images on the registry.
+  - `docker buildx` is an exception because it pushes blob to registry without creating a new tag for the single arch images.
+- Both [docker manifest](https://docs.docker.com/engine/reference/commandline/manifest/) command and [manifest-tool](https://github.com/estesp/manifest-tool) should work, `manifest-tool` does not requires a docker daemon.
+
+Example using `docker manifest`
+
+```bash
+# NOTE: manifest is a experimental command, docker versions released after mid 2018 should have it 
+# enable experimental in your ~/.docker/config.json with:
+# {
+#   "experimental": "enabled"
+# }
+docker manifest create cloudwatch-agent:foo --amend cloudwatch-agent:foo-arm64 --amend cloudwatch-agent:foo-amd64
+docker manifest push cloudwatch-agent:foo
+```
+
+Example using `manifest-tool` and ECR, make sure to replace `{{account_id}}` and `{{aws_region}}` with your AWS account id and region.
+
+```bash
+# NOTE: the released version of manifest-tool is a bit outdated, you need to build it from source
+manifest-tool push from-spec multi-arch-agent.yaml
+```
+
+```yaml
+# multi-arch-agent.yaml
+image: {{account_id}}.dkr.ecr.{{aws_region}}.amazonaws.com/cloudwatch-agent:foo
+manifests:
+  - image: {{account_id}}.dkr.ecr.{{aws_region}}.amazonaws.com/cloudwatch-agent:foo-amd64
+    platform:
+      architecture: amd64
+      os: linux
+  - image: {{account_id}}.dkr.ecr.{{aws_region}}.amazonaws.com/cloudwatch-agent:foo-arm64
+    platform:
+      architecture: arm64
+      os: linux
+```
+
+## References
+
+- [docker buildx](https://github.com/docker/buildx/#building-multi-platform-images)
+- [Multi-arch build and images, the simple way](https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/)

amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile

@@ -0,0 +1,23 @@
+ARG BUILD_IMAGE=ubuntu:latest
+FROM $BUILD_IMAGE as build
+
+RUN apt-get update &&  \
+    apt-get install -y ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY amazon-cloudwatch-agent.deb /tmp/amazon-cloudwatch-agent.deb
+
+RUN dpkg -i -E /tmp/amazon-cloudwatch-agent.deb && \
+    rm -rf /tmp/* && \
+    rm -rf /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard && \
+    rm -rf /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl && \
+    rm -rf /opt/aws/amazon-cloudwatch-agent/bin/config-downloader
+
+FROM scratch
+
+COPY --from=build /tmp /tmp
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=build /opt/aws/amazon-cloudwatch-agent /opt/aws/amazon-cloudwatch-agent
+
+ENV RUN_IN_CONTAINER="True"
+ENTRYPOINT ["/opt/aws/amazon-cloudwatch-agent/bin/start-amazon-cloudwatch-agent"]

amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/source/Dockerfile

@@ -0,0 +1,34 @@
+# Build the binary
+ARG GO_IMAGE=golang:latest
+ARG CERT_IMAGE=ubuntu:latest
+FROM $GO_IMAGE as builder
+
+RUN mkdir -p /go/src/github.com/aws/amazon-cloudwatch-agent/
+WORKDIR /go/src/github.com/aws/amazon-cloudwatch-agent/
+
+ARG GO111MODULE="on"
+ENV GO111MODULE=${GO111MODULE}
+
+COPY . /go/src/github.com/aws/amazon-cloudwatch-agent/
+RUN make build && make package-deb
+
+# Install cert and binaries
+FROM $CERT_IMAGE as cert
+
+# NOTE: This arg will be populated by docker buildx
+# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
+ARG TARGETARCH
+RUN apt-get update &&  \
+    apt-get install -y ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+COPY --from=builder /go/src/github.com/aws/amazon-cloudwatch-agent/build/bin/linux/ /tmp/deb
+RUN dpkg -i -E /tmp/deb/${TARGETARCH:-$(dpkg --print-architecture)}/amazon-cloudwatch-agent.deb
+
+FROM scratch
+
+COPY --from=cert /tmp /tmp
+COPY --from=cert /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=cert /opt/aws/amazon-cloudwatch-agent /opt/aws/amazon-cloudwatch-agent
+
+ENV RUN_IN_CONTAINER="True"
+ENTRYPOINT ["/opt/aws/amazon-cloudwatch-agent/bin/start-amazon-cloudwatch-agent"]