2022-06-28 11:15:45 +00:00
|
|
|
ARG RUNTIME_VERSION="3.9"
|
|
|
|
ARG DISTRO_VERSION="3.16"
|
|
|
|
ARG PULUMI_VERSION="3.35.1"
|
2021-09-23 17:27:06 +00:00
|
|
|
|
|
|
|
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder
|
|
|
|
ARG PULUMI_VERSION
|
|
|
|
|
|
|
|
RUN apk add --no-cache \
|
|
|
|
autoconf \
|
|
|
|
automake \
|
|
|
|
build-base \
|
|
|
|
cmake \
|
|
|
|
curl \
|
|
|
|
make \
|
|
|
|
libc6-compat \
|
|
|
|
gcc \
|
|
|
|
linux-headers \
|
|
|
|
libffi-dev \
|
2022-02-08 16:08:09 +00:00
|
|
|
openssl-dev \
|
|
|
|
git
|
2021-09-23 17:27:06 +00:00
|
|
|
|
|
|
|
RUN if [ "$PULUMI_VERSION" = "latest" ]; then \
|
|
|
|
curl -fsSL https://get.pulumi.com/ | sh; \
|
|
|
|
else \
|
|
|
|
curl -fsSL https://get.pulumi.com/ | sh -s -- --version $PULUMI_VERSION ; \
|
|
|
|
fi
|
|
|
|
|
|
|
|
ENV VIRTUAL_ENV=/venv
|
|
|
|
RUN python -m venv $VIRTUAL_ENV
|
|
|
|
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
|
|
|
|
|
|
|
|
# Install CloudBender
|
|
|
|
WORKDIR /app
|
|
|
|
COPY . /app
|
|
|
|
RUN pip install -r requirements.txt
|
|
|
|
RUN pip install . --no-deps
|
|
|
|
|
2022-06-01 11:16:19 +00:00
|
|
|
# minimal pulumi
|
|
|
|
RUN cd /root/.pulumi/bin && rm -f *dotnet *nodejs *go *java && strip pulumi* || true
|
2021-09-23 17:27:06 +00:00
|
|
|
|
|
|
|
|
2022-06-27 18:51:03 +00:00
|
|
|
# Now build the final runtime, incl. running rootless containers
|
2021-09-23 17:27:06 +00:00
|
|
|
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION}
|
|
|
|
|
2022-06-27 18:51:03 +00:00
|
|
|
ARG USER=cloudbender
|
|
|
|
|
2022-06-01 11:16:19 +00:00
|
|
|
#cd /etc/apk/keys && \
|
|
|
|
#echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
|
|
|
|
#cfssl@testing \
|
|
|
|
|
|
|
|
RUN apk upgrade -U --available --no-cache && \
|
|
|
|
apk add --no-cache \
|
2021-09-23 17:27:06 +00:00
|
|
|
libstdc++ \
|
|
|
|
libc6-compat \
|
|
|
|
ca-certificates \
|
2022-06-22 13:08:45 +00:00
|
|
|
aws-cli \
|
2022-06-27 18:51:03 +00:00
|
|
|
fuse-overlayfs \
|
|
|
|
podman \
|
|
|
|
buildah \
|
|
|
|
strace
|
2021-09-23 17:27:06 +00:00
|
|
|
|
|
|
|
COPY --from=builder /venv /venv
|
|
|
|
COPY --from=builder /root/.pulumi/bin /usr/local/bin
|
2022-06-27 18:51:03 +00:00
|
|
|
|
|
|
|
# Dont run as root by default
|
|
|
|
RUN addgroup $USER && adduser $USER -G $USER -D && \
|
|
|
|
mkdir -p /home/$USER/.local/share/containers && \
|
|
|
|
chown $USER:$USER -R /home/$USER
|
|
|
|
|
|
|
|
# Rootless podman
|
|
|
|
# https://github.com/containers/podman/blob/main/contrib/podmanimage/stable/Containerfile
|
|
|
|
ADD conf/containers.conf conf/registries.conf conf/storage.conf /etc/containers/
|
|
|
|
ADD --chown=$USER:$USER conf/podman-containers.conf /home/$USER/.config/containers/containers.conf
|
|
|
|
|
|
|
|
RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers \
|
|
|
|
/var/lib/shared/vfs-images /var/lib/shared/vfs-layers && \
|
|
|
|
touch /var/lib/shared/overlay-images/images.lock /var/lib/shared/overlay-layers/layers.lock \
|
|
|
|
/var/lib/shared/vfs-images/images.lock /var/lib/shared/vfs-layers/layers.lock && \
|
|
|
|
mkdir /tmp/podman-run-1000 && chown $USER:$USER /tmp/podman-run-1000 && chmod 700 /tmp/podman-run-1000 && \
|
|
|
|
echo -e "$USER:1:999\n$USER:1001:64535" > /etc/subuid && \
|
|
|
|
echo -e "$USER:1:999\n$USER:1001:64535" > /etc/subgid && \
|
|
|
|
mkdir /workspace && \
|
2022-06-01 11:16:19 +00:00
|
|
|
cd /usr/bin && ln -s podman docker
|
|
|
|
|
2021-09-23 17:27:06 +00:00
|
|
|
WORKDIR /workspace
|
|
|
|
|
2022-06-27 18:51:03 +00:00
|
|
|
ENV XDG_RUNTIME_DIR=/tmp/podman-run-1000
|
|
|
|
ENV _CONTAINERS_USERNS_CONFIGURED=""
|
|
|
|
ENV BUILDAH_ISOLATION=chroot
|
|
|
|
|
2021-09-23 17:27:06 +00:00
|
|
|
ENV VIRTUAL_ENV=/venv
|
|
|
|
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
|
|
|
|
|
2022-06-27 18:51:03 +00:00
|
|
|
USER $USER
|
|
|
|
|
|
|
|
# Allow container layers to be stored in PVCs
|
|
|
|
VOLUME /home/$USER/.local/share/containers
|
2021-09-23 17:27:06 +00:00
|
|
|
|
|
|
|
CMD ["cloudbender"]
|