Newest Data Job Base Images are Broken

[doks5]

Describe the bug
Latest data job base images do not work properly due to ssl errors caused by the underlying OS packages. Building data job images succeeds, but subsequently job executions fail with User Errors, similar to the one below:

"An exception occurred, exception message was: An error in data job code  occurred. The error should be resolved by User. Here are the details:\n  WHAT HAPPENED : Failed loading job sources of 10_python_step.py\nWHY IT HAPPENED : An exception occurred, exception message was: No module named '<some-package-name>'\n   CONSEQUENCES : The provided Data Job will not be executed. Terminating application.\nCOUNTERMEASURES : See contents of the exception and fix the problem that causes it. Most likely importing a dependency or data job step failed, see logs for details and fix the failed step (details in stacktrace).",

There are some errors in the job builder logs, but these do not seem to stop the process of deployment, and job images are built and pushed successfully to the registry. Sample error logs:

Couldn't eval /usr/lib/libcrypto.so.3 with link /usr/lib/libcrypto.so.3

Couldn't eval /usr/lib/libssl.so.3 with link /usr/lib/libssl.so.3

Couldn't eval /usr/lib/libssl.so.1.1 with link /usr/lib/libssl.so.1.1

Couldn't eval /usr/lib/libcrypto.so.1.1 with link /usr/lib/libcrypto.so.1.1

Steps To Reproduce
Steps to reproduce the behavior:

1. Set the values.yaml of the Control Service to use data-job-base-python-3.9:latest for example.
2. Deploy an instance of the Control Service to allow data jobs to be deployed in a k8s cluster.
3. Deploy a test data job
4. Monitor the job builder pods for error logs.
5. After the job is deployed, execute it.
6. Observe User Error for Module Not Found

Expected behavior
The data job executes successfully without errors.

Version (please complete the following information):

• OS: Alpine/Debian (job builder OS images)
• Version (Not dependent on VDK version)

Additional context
We managed to workaround the error by using version 1.832469684 of the job base images (e.g., data-job-base-python-3.9:1.832469684)

An observation we made was that the newest job base images use python version 3.9.17, which was released on July 6, https://hub.docker.com/layers/library/python/3.9.17/images/sha256-46d99870b9c25e64c5583a59fec411df04191ab6b14cf81a72b9e4a20a78b659?context=explore

[antoniivanov]

Looking at the differences between the two python. base images , the only changes are in PYTHON_VERSION and PYTHON_PIP_VERSION.
OLD: data-job-base-python-3.11/1.832469684
NEW: data-job-base-python-3.11/1.927053752

PYTHON_VERSION=3.11.4 vs PYTHON_VERSION=3.11.3
PYTHON_PIP_VERSION=23.1.2 vs ENV PYTHON_PIP_VERSION=22.3.1

[antoniivanov]

Similar issues: GoogleContainerTools/kaniko#1395 and GoogleContainerTools/kaniko#1045

As far as I can see this issue is caused by trying to use separate image and copying kaniko executor into it.

The way we are preparing our job-builder image is like this:

FROM gcr.io/kaniko-project/executor

FROM alpine

COPY --from=0 /kaniko /kaniko

This is apparently known issue : https://github.com/GoogleContainerTools/kaniko#known-issues

Running kaniko in any Docker image other than the official kaniko image is not supported (ie YMMV).
This includes copying the kaniko executables from the official image into another image.

So instead making sure we built from kaniko image directly should fix the issue