diff --git a/src/Dockerfile b/src/Dockerfile index 71c31c7..2cf3841 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,32 +1,40 @@ FROM registry.fedoraproject.org/fedora:40 -# Set environment variables for storage configuration +# Environment for Podman storage ENV CONTAINERS_STORAGE_CONF=/etc/containers/storage.conf \ STORAGE_RUNROOT=/run/containers/storage \ STORAGE_GRAPHROOT=/var/lib/containers/storage \ _CONTAINERS_USERNS_CONFIGURED="" -# Install necessary packages -RUN dnf install -y podman fuse-overlayfs shadow-utils && \ - dnf clean all +# Install runtime dependencies (Podman + Python) +RUN dnf install -y \ + podman \ + fuse-overlayfs \ + shadow-utils \ + python3 \ + && dnf clean all -# Set the setuid bit on newuidmap and newgidmap +# Allow unprivileged user namespaces RUN chmod u+s /usr/bin/newuidmap /usr/bin/newgidmap -# Create a non-root user and group with UID/GID 1000 -RUN groupadd -g 1000 podmanuser && \ - useradd -u 1000 -g podmanuser -m -s /bin/bash podmanuser && \ - mkdir -p /run/containers/storage /var/lib/containers/storage && \ - chown -R podmanuser:podmanuser /run/containers/storage /var/lib/containers/storage +# Create podmanuser with UID/GID 1000 and storage dirs +RUN groupadd -g 1000 podmanuser \ + && useradd -u 1000 -g podmanuser -m -s /bin/bash podmanuser \ + && mkdir -p /run/containers/storage /var/lib/containers/storage /home/podmanuser/workspace \ + && chown -R podmanuser:podmanuser /run/containers/storage /var/lib/containers/storage /home/podmanuser/workspace -# Copy the storage.conf file from the host to the container +# Copy in your host storage.conf COPY storage.conf /etc/containers/storage.conf -# Switch to the non-root user +# Create minimal health-check server script +COPY healthz.py /home/podmanuser/healthz.py +RUN chown podmanuser:podmanuser /home/podmanuser/healthz.py + +# Switch to non-root user USER podmanuser -# Create a volume for persistent storage if needed -# VOLUME /home/podmanuser/.local/share/containers/storage +# Expose port for Kubernetes probes +EXPOSE 8080 -# Run an infinite sleep to keep the container running -CMD ["sleep", "infinity"] +# Launch health-check server +CMD ["python3", "/home/podmanuser/healthz.py"] diff --git a/src/build.ps1 b/src/build.ps1 index 0c2b279..cb90d63 100644 --- a/src/build.ps1 +++ b/src/build.ps1 @@ -1,11 +1,12 @@ +param( + [string]$ContainerRuntime = $containerRuntime +) + $containerRuntime = "docker" $registryUrl = "cr.maks-it.com" # Modify this line to set your registry URL $imageName = "library/podman:latest" # Modify this line to set your desired image name -param( - [string]$ContainerRuntime = $containerRuntime -) if ($ContainerRuntime -ne "docker" -and $ContainerRuntime -ne "podman") { Write-Host "Error: Unsupported container runtime. Use 'docker' or 'podman'." -ForegroundColor Red @@ -40,9 +41,19 @@ $jsonString | Set-Content -Path $configFile & $ContainerRuntime build -t "$registryUrl/$ImageName" -f Dockerfile . # Push the container image using the generated config.json -& $ContainerRuntime --config $configFile push "$registryUrl/$ImageName" +if ($ContainerRuntime -eq "podman") { + & podman push --authfile $configFile "$registryUrl/$imageName" +} +elseif ($ContainerRuntime -eq "docker") { + $dockerConfigDir = "$env:USERPROFILE\.docker" + if (-not (Test-Path $dockerConfigDir)) { + New-Item -ItemType Directory -Path $dockerConfigDir | Out-Null + } + Copy-Item -Path $configFile -Destination "$dockerConfigDir\config.json" -Force + & docker push "$registryUrl/$imageName" +} -# Delete the config.json file after the push +# Cleanup Remove-Item -Path $configFile -Force Write-Host "Build and push completed successfully." -ForegroundColor Green diff --git a/src/healthz.py b/src/healthz.py new file mode 100644 index 0000000..fbd9b11 --- /dev/null +++ b/src/healthz.py @@ -0,0 +1,12 @@ +from http.server import BaseHTTPRequestHandler, HTTPServer + +class HealthzHandler(BaseHTTPRequestHandler): + def do_GET(self): + if self.path == '/healthz': + self.send_response(200) + else: + self.send_response(404) + self.end_headers() + +if __name__ == '__main__': + HTTPServer(('0.0.0.0', 8080), HealthzHandler).serve_forever() \ No newline at end of file