Created
July 22, 2019 13:31
-
-
Save hypery2k/0a1d1e9b39ce0cc84e87ce1150eafade to your computer and use it in GitHub Desktop.
Podman & OpenShift
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM centos/s2i-base-centos7:latest | |
ENV DESCRIPTION="Podman image runtime for releasing" | |
ENV TZ="Europe/Berlin" | |
ENV HOME=/podman | |
LABEL summary="$SUMMARY" \ | |
description="$DESCRIPTION" \ | |
version="$GIT_TAG" \ | |
build-user="$LAST_BUILD_USER" \ | |
build-timestamp="$LAST_BUILD_TIMESTAMP" \ | |
vcs-branch=$GIT_BRANCH \ | |
vcs-ref=$GIT_REF \ | |
vcs-type=git \ | |
io.k8s.description="$DESCRIPTION" \ | |
org.label-schema.name="$SUMMARY" \ | |
org.label-schema.description="$DESCRIPTION" \ | |
org.label-schema.docker.schema-version="1.0" | |
# setup podman | |
RUN printf '[podman.repo]\nname=virt7-container-common-candidate\nbaseurl=https://cbs.centos.org/repos/virt7-container-common-candidate/x86_64/os/\nenabled=1\ngpgcheck=0' > /etc/yum.repos.d/podman.repo && \ | |
curl -o /etc/yum.repos.d/rhel7.6-rootless-preview.repo https://copr.fedorainfracloud.org/coprs/vbatts/shadow-utils-newxidmap/repo/epel-7/vbatts-shadow-utils-newxidmap-epel-7.repo && \ | |
yum -y update && \ | |
yum install -y atomic-registries containers-common podman shadow-utils46-newxidmap slirp4netns && \ | |
yum clean all && rm -rf /var/cache/yum | |
# FIXME, remove this when issue is resolved: https://github.com/containers/libpod/issues/3589 | |
RUN yum install -y sudo golang runc git ostree-devel gpgme-devel device-mapper-devel btrfs-progs-devel libassuan-devel libseccomp-devel automake autoconf gettext-devel libtool libxslt libsemanage-devel bison libcap-devel podman | |
RUN wget https://dl.google.com/go/go1.11.12.linux-amd64.tar.gz && \ | |
tar -xzf go1.11.12.linux-amd64.tar.gz && mv go /usr/local | |
RUN export GOROOT=/usr/local/go && export PATH=$GOROOT/bin:$PATH && go get github.com/pquerna/ffjson && \ | |
mkdir -p /var/tmp/go/src/github.com/containers/ && cd /var/tmp/go/src/github.com/containers/ && git clone https://github.com/rhatdan/storage.git && cd storage && git checkout applydiff && git clean -xdf && \ | |
source contrib/cirrus/lib.sh && install_ooe && make install.tools && make vendor && showrun make local-binary && \ | |
ln -s go/bin/podman /usr/bin/podman | |
# END FIXME | |
# configure podman | |
RUN set -eux; \ | |
printf 'default:100000:65536' > /etc/subuid; \ | |
printf 'default:100000:65536' > /etc/subgid; \ | |
printf 'user.max_user_namespace=28633' > /etc/sysctl.d/namespaces.conf; \ | |
mkdir -pm 775 /etc/containers /podman/.config/containers /etc/cni/net.d /podman/.local/share/containers/storage/libpod; \ | |
wget -O /etc/containers/registries.conf https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora; \ | |
wget -O /etc/containers/policy.json https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json; \ | |
wget -O /etc/cni/net.d/99-bridge.conflist https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist; \ | |
runc --help > /dev/null; \ | |
/usr/bin/podman --help > /dev/null; \ | |
/usr/libexec/podman/conmon --help > /dev/null; \ | |
/usr/bin/fix-permissions /podman; \ | |
chmod g=u /etc/passwd; \ | |
# prepare entrypoint, see https://docs.openshift.com/container-platform/3.6/creating_images/guidelines.html#use-uid | |
printf 'if ! whoami &> /dev/null; then\n' > /usr/local/bin/setup_uid; \ | |
printf ' if [ -w /etc/passwd ]; then\n' >> /usr/local/bin/setup_uid; \ | |
printf " sed \'/default:/d\' /etc/passwd > /tmp/passwd && cat /tmp/passwd > /etc/passwd && rm /tmp/passwd\n" >> /usr/local/bin/setup_uid; \ | |
printf ' echo ${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin >> /etc/passwd\n' >> /usr/local/bin/setup_uid; \ | |
printf ' fi\n' >> /usr/local/bin/setup_uid; \ | |
printf 'fi\n' >> /usr/local/bin/setup_uid; \ | |
printf 'podman system migrate\n' >> /usr/local/bin/setup_uid; \ | |
chmod +x /usr/local/bin/setup_uid | |
USER 1001 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment