Switch to CentOS Stream base, and add hacks for rootless podman-in-po…

…dman
okd-project · Feb 29, 2024 · 6aafd28 · 6aafd28
1 parent 79b243d
commit 6aafd28
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 16 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,15 +1,29 @@
-FROM quay.io/podman/testing:latest
-
-LABEL maintainer="luzuccar@redhat.com"
+FROM quay.io/centos/centos:stream9
 
 # gcc for cgo
 RUN dnf -y makecache && \
     dnf -y update && \
     rpm --setcaps shadow-utils 2>/dev/null && \
-    dnf install -y git gcc make unzip diffutils nodejs npm && \
+    dnf install -y git gcc make unzip diffutils nodejs npm podman fuse-overlayfs --exclude container-selinux && \
     dnf -y clean all && \
     rm -rf /var/cache /var/log/dnf* /var/log/yum.*
 
+# Start Podman Adaption
+# https://github.com/containers/podman/blob/main/contrib/podmanimage/stable/Containerfile
+ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
+ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
+ADD $_REPO_URL/podman-containers.conf /home/build/.config/containers/containers.conf
+
+# Copy & modify the defaults to provide reference if runtime changes needed.
+# Changes here are required for running with fuse-overlay storage inside container.
+RUN sed -i -e 's|^#mount_program|mount_program|g' \
+           -e '/additionalimage.*/a "/var/lib/shared",' \
+           -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,metacopy=on,fsync=0"|g' \
+           /etc/containers/storage.conf && \
+           chmod 644 /etc/containers/containers.conf
+# End Podman Adaption
+
+
 ENV GOLANG_VERSION 1.21.7
 ENV GOLANG_DOWNLOAD_URL https://golang.org/dl/go$GOLANG_VERSION.linux-amd64.tar.gz
 ENV GOLANG_DOWNLOAD_SHA256 13b76a9b2a26823e53062fa841b07087d48ae2ef2936445dc34c4ae03293702c
@@ -26,7 +40,6 @@ ENV GOLANGCI_LINT_VERSION v1.56.2
 
 RUN npm install -g yarn
 
-#RUN sed -r -i 's/(driver = ")[a-z]+/\1vfs/' /etc/containers/storage.conf
 
 RUN curl -fsSLo ${OPERATOR_SDK_BIN} "https://github.com/operator-framework/operator-sdk/releases/download/${OPERATOR_SDK_VERSION}/operator-sdk_${OS}_${ARCH}" \
     && chmod 0755 $OPERATOR_SDK_BIN
@@ -54,18 +67,24 @@ ENV GOENV /home/build/.config/go/env
 RUN useradd -u 65532 -ms /bin/bash build && \
     usermod --add-subuids 100000-165535 --add-subgids 100000-165535 build
 
-RUN mkdir -p /home/build/src /home/build/bin /home/build/pkg /home/build/build /home/build/.cache /home/build/.local \
+RUN mkdir -p /home/build/src /home/build/bin /home/build/pkg /home/build/build /home/build/.cache /home/build/.local/share/containers \
     && chmod -R 0777 /home/build
 
 RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen@${CONTROLLER_TOOLS_VERSION} \
     && go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
 RUN chown -R 65532:65532 /home/build
 
+
+# Podman setup taken from https://www.redhat.com/sysadmin/rootless-podman-jenkins-openshift
+RUN  chmod u-s /usr/bin/new[gu]idmap && \
+    setcap cap_setuid+eip /usr/bin/newuidmap && \
+    setcap cap_setgid+eip /usr/bin/newgidmap && \
+    rm -f /var/logs/*
+
 WORKDIR /home/build/
 
-COPY uid_entrypoint.sh /home/build/
+VOLUME /home/build/.local/share/containers
 
-USER build
 
-ENTRYPOINT [ "./uid_entrypoint.sh" ]
+USER build
diff --git a/uid_entrypoint.sh b/uid_entrypoint.sh