added ability to override the username and uid

added flag to enable dirfs
djcass44 · Jul 5, 2024 · b6b6019 · b6b6019
1 parent 7871cf8
commit b6b6019
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 2 deletions.
diff --git a/cmd/build.go b/cmd/build.go
@@ -90,7 +90,8 @@ func build(cmd *cobra.Command, _ []string) error {
 	platform, _ := cmd.Flags().GetString(flagPlatform)
 	skipCaCerts, _ := cmd.Flags().GetBool(flagSkipCACerts)
 
-	username, _ := cmd.Flags().GetString(flagUsername)
+	forceUsername, _ := cmd.Flags().GetString(flagUsername)
+	forceUid, _ := cmd.Flags().GetInt(flagUid)
 
 	imgPlatform, err := v1.ParsePlatform(platform)
 	if err != nil {
@@ -253,14 +254,32 @@ func build(cmd *cobra.Command, _ []string) error {
 		entrypoint = []string{"/bin/sh"}
 	}
 
+	// figure out what the username should be
+	username := cfg.Spec.User.Username
+	if username == "" && forceUsername != defaultUsername {
+		username = forceUsername
+	} else if username == "" {
+		username = defaultUsername
+	}
+
+	// figure out what the uid should be
+	uid := cfg.Spec.User.Uid
+	if uid <= 0 && forceUid > 0 && forceUid != defaultUid {
+		uid = forceUid
+	} else if uid <= 0 {
+		uid = defaultUid
+	}
+
 	// package everything up as our final container image
+	log.Info("preparing to build image", "username", username, "uid", uid, "dirfs", cfg.Spec.DirFS)
 	imageBuilder, err := builder.NewBuilder(cmd.Context(), baseImage, pipelineStatements, builder.Options{
 		Username:        username,
+		Uid:             uid,
 		WorkingDir:      wd,
 		Entrypoint:      entrypoint,
 		Command:         cfg.Spec.Command,
 		ForceEntrypoint: true,
-		DirFS:           false,
+		DirFS:           cfg.Spec.DirFS,
 		Metadata: builder.MetadataOptions{
 			CreatedBy: "all-your-base",
 		},

diff --git a/docs/KRM.md b/docs/KRM.md
@@ -227,3 +227,47 @@ spec:
   command:
     - /some/magic/application.sh
 ```
+
+## Advanced configuration
+
+### DirFS
+
+By default, all-your-base uses an in-memory virtual filesystem, which for highly complex builds may cause memory issues.
+You can optionally set the `dirFS` parameter to true which will make all-your-base use a temporary directory as the root filesystem.
+
+See [here](https://github.com/Snakdy/container-build-engine/blob/main/docs/VFS.md) for further explanation.
+
+> Only set this if you know what you're doing.
+
+```yaml
+apiVerison: ayb.dcas.dev/v1
+kind: Build
+metadata:
+  name: my-image
+spec:
+  dirFS: true
+```
+
+### User
+
+The container must be run as a non-root user, however some options are exposed to tweak this user.
+By default, a user named `somebody` will be created with `uid=1001` and `gid=0`.
+
+```yaml
+apiVerison: ayb.dcas.dev/v1
+kind: Build
+metadata:
+  name: my-image
+spec:
+  user:
+    username: some-user
+    uid: 1234
+```
+
+Note: the `uid` MUST be above `0`.
+
+Additionally, you can override both of these values with CLI arguments:
+
+```shell
+ayb build -c build.yaml --username=some-user --uid=1234
+```
diff --git a/pkg/api/v1/types.go b/pkg/api/v1/types.go
@@ -21,6 +21,13 @@ type BuildSpec struct {
 	Files        []File                  `json:"files,omitempty"`
 	Links        []Link                  `json:"links,omitempty"`
 	Env          []EnvVar                `json:"env,omitempty"`
+	User         User                    `json:"user,omitempty"`
+	DirFS        bool                    `json:"dirFS,omitempty"`
+}
+
+type User struct {
+	Username string `json:"username,omitempty"`
+	Uid      int    `json:"uid,omitempty"`
 }
 
 type Repository struct {