containers

The Go Toolset package delivers the Go language with Federal Information Processing Standard (FIPS) support for cryptographic modules and the Delve debugger to Red Hat Enterprise Linux customers. We introduced this package a few years ago. Now we also provide Go Toolset in container images. This article illustrates how these images support modern Go development.

Obtaining Go Toolset container images

The images are in Red Hat's container image catalog. Search for go-toolset here. As of this writing, we have images based on Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Red Hat Universal Base Images (UBI) 7 and 8. To learn more about UBI, check the article Red Hat UBI is a Verified Publisher on Docker Hub.

If you don't want to use the Go Toolset container image, you can still install the Go Toolset package inside a ubi8 container. Just run dnf install go-toolset inside the registry.access.redhat.com/ubi8 image, and you'll be all set.

Pull the latest version of the Go Toolset image

Using your container engine is the best way to pull down a container image. Let's use Podman for this example. The following commands pull down the latest version of the image based on UBI 8 and run a shell inside it:

[alex@lab ~]$ podman pull registry.access.redhat.com/ubi8/go-toolset:latest
[alex@lab ~]$ podman run --rm -it go-toolset /bin/bash
bash-4.4$ go version
go version go1.17.7 linux/amd64
bash-4.4$ exit
exit
[alex@lab ~]$

Using the image in a multistage environment

You can refer to the image in a Dockerfile like any other image and use it, for example, as a build step in a multistage Dockerfile in tandem with the Red Hat Universal Base Image 8 Micro image:

FROM ubi8/go-toolset as build
COPY ./src .

RUN go mod init my_app && \
    go mod tidy && \
    go build .

FROM ubi8/ubi-micro
COPY --from=build /opt/app-root/src/my_app .
CMD ./my_app

The ubi-micro image takes up less than 40MB, so the surface of your container is tiny but holds all of the great features UBI delivers.

Go Toolset works with Toolbox

I won’t be lying if I say Toolbox is one of my favorite software tools. It allows you to keep working with your files and configurations inside a new container. I use Toolbox every day, and it works wonderfully with the Go Toolset image.

You can install Toolbox in both Red Hat Enterprise Linux and Fedora with dnf install toolbox. The toolbox command lets you install other resources:

[alex@lab ~]$ cat /etc/redhat-release
Fedora release 35 (Thirty Five)
[alex@lab ~]$ toolbox create --image registry.access.redhat.com/ubi8/go-toolset
[alex@lab ~]$ toolbox enter go-toolset
[alex@toolbox ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.6 (Ootpa)

Now you have all the files, configurations, and packages included with the image.

Attach VS Code for IDE support

You can improve productivity by attaching Visual Studio Code, VS Code to a running container. Install the Remote Containers extension and execute Attach to Running Container. There is no need to configure Git or Kerberos tokens; simply jump into the container and start working.

I use this process to play with the new versions of the container images we built and bootstrap projects such as Go.

Go Toolset includes FIPS security

One exciting feature supported by the golang package in Go Toolset is FIPS 140-2 cryptographic modules. You can expect Go Toolset to follow the FIPS 140-2 security standard. Check for FIPS mode inside the Go Toolset container image:

[alex@lab ~]$ fips-mode-setup --check
FIPS mode is enabled.
[alex@lab ~]$ toolbox enter go-toolset
[alex@toolbox ~]$ fips-mode-setup --check
FIPS mode is enabled.

Enterprise-ready Go in Red Hat Enterprise Linux

The Go Toolset package is available as an image and integrates smoothly with other popular developer tools. By following the instructions I have provided, you can quickly become a more productive Go programmer in the cloud.

Comments