-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: update dind examples to use onCreateCommand (#350)
(cherry picked from commit 7c8e6a4)
- Loading branch information
Showing
12 changed files
with
115 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,23 @@ | ||
FROM ubuntu:noble | ||
|
||
# Install Docker using Docker's convenience script. | ||
RUN apt-get update && \ | ||
apt-get install -y curl apt-transport-https && \ | ||
curl -fsSL https://get.docker.com/ | sh -s - | ||
ADD entrypoint.sh /entrypoint.sh | ||
ENTRYPOINT ["/entrypoint.sh"] | ||
apt-get install -y curl sudo apt-transport-https && \ | ||
curl -fsSL https://get.docker.com/ | sh -s - | ||
|
||
# The ubuntu:noble image includes a non-root user by default, | ||
# but it does not have sudo privileges. We need to set this up. | ||
# Note: we chown /var/run/docker.sock to the non-root user | ||
# in the onCreateCommand script. Ideally you would add the | ||
# non-root user to the docker group, but in this scenario | ||
# this is a 'single-user' environment. It also avoids us | ||
# having to run `newgrp docker`. | ||
RUN echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu | ||
|
||
# Add our onCreateCommand script. | ||
ADD on-create.sh /on-create.sh | ||
|
||
# Switch to the non-root user. | ||
USER ubuntu | ||
|
||
ENTRYPOINT ["bash"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
{ | ||
"build": { | ||
"dockerfile": "Dockerfile" | ||
} | ||
} | ||
}, | ||
"onCreateCommand": "/on-create.sh" | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -euo pipefail | ||
|
||
# Start Docker in the background. | ||
sudo -u root /bin/sh -c 'nohup dockerd > /var/log/docker.log &' | ||
|
||
# Wait up to 10 seconds for Docker to start. | ||
for attempt in $(seq 1 10); do | ||
if [[ $attempt -eq 10 ]]; then | ||
echo "Failed to start Docker" | ||
exit 1 | ||
fi | ||
if [[ ! -e /var/run/docker.sock ]]; then | ||
sleep 1 | ||
else | ||
break | ||
fi | ||
done | ||
|
||
# Change the owner of the Docker socket so that the non-root user can use it. | ||
sudo chown ubuntu:docker /var/run/docker.sock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,22 @@ | ||
FROM ubuntu:noble | ||
ADD entrypoint.sh /entrypoint.sh | ||
ENTRYPOINT ["/entrypoint.sh"] | ||
|
||
# Install some dependencies such as curl and sudo. | ||
# Also set up passwordless sudo for the ubuntu user. | ||
RUN apt-get update && \ | ||
DEBIAN_FRONTEND=noninteractive apt-get install -y \ | ||
curl \ | ||
sudo \ | ||
apt-transport-https && \ | ||
echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu | ||
|
||
# Add our onCreateCommand script. | ||
ADD on-create.sh /on-create.sh | ||
|
||
# Switch to the non-root user. | ||
USER ubuntu | ||
|
||
# The devcontainer feature provides /usr/local/share/docker-init.sh | ||
# which will handle most of the steps of setting up Docker. | ||
# We can't put this in the entrypoint as it gets overridden, so | ||
# we call it in the on-create script. | ||
ENTRYPOINT ["bash"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -euo pipefail | ||
|
||
# Known issue: Kaniko does not symlink /run => /var/run properly. | ||
# This results in /var/run/ being owned by root:root which interferes | ||
# with accessing the Docker socket even if the permissions are set | ||
# correctly. Workaround: symlink it manually | ||
sudo ln -s /run /var/run | ||
|
||
# Run the docker init script. This needs to be | ||
# run as root. It will take care of starting the | ||
# daemon and adding the ubuntu user to the docker | ||
# group. | ||
sudo /usr/local/share/docker-init.sh | ||
|
||
# Change the owner of the Docker socket so that the non-root user can use it. | ||
sudo chown ubuntu:docker /var/run/docker.sock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
{ | ||
"build": { | ||
"dockerfile": "Dockerfile" | ||
} | ||
} | ||
}, | ||
"onCreateCommand": "/on-create.sh" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters