From b6b6019bfc639243ba1d322662f07533ce46aabe Mon Sep 17 00:00:00 2001 From: Django Cass Date: Fri, 5 Jul 2024 11:21:02 +1000 Subject: [PATCH] added ability to override the username and uid added flag to enable dirfs --- cmd/build.go | 23 +++++++++++++++++++++-- docs/KRM.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ pkg/api/v1/types.go | 7 +++++++ 3 files changed, 72 insertions(+), 2 deletions(-) diff --git a/cmd/build.go b/cmd/build.go index 2974202..37d66c3 100644 --- a/cmd/build.go +++ b/cmd/build.go @@ -90,7 +90,8 @@ func build(cmd *cobra.Command, _ []string) error { platform, _ := cmd.Flags().GetString(flagPlatform) skipCaCerts, _ := cmd.Flags().GetBool(flagSkipCACerts) - username, _ := cmd.Flags().GetString(flagUsername) + forceUsername, _ := cmd.Flags().GetString(flagUsername) + forceUid, _ := cmd.Flags().GetInt(flagUid) imgPlatform, err := v1.ParsePlatform(platform) if err != nil { @@ -253,14 +254,32 @@ func build(cmd *cobra.Command, _ []string) error { entrypoint = []string{"/bin/sh"} } + // figure out what the username should be + username := cfg.Spec.User.Username + if username == "" && forceUsername != defaultUsername { + username = forceUsername + } else if username == "" { + username = defaultUsername + } + + // figure out what the uid should be + uid := cfg.Spec.User.Uid + if uid <= 0 && forceUid > 0 && forceUid != defaultUid { + uid = forceUid + } else if uid <= 0 { + uid = defaultUid + } + // package everything up as our final container image + log.Info("preparing to build image", "username", username, "uid", uid, "dirfs", cfg.Spec.DirFS) imageBuilder, err := builder.NewBuilder(cmd.Context(), baseImage, pipelineStatements, builder.Options{ Username: username, + Uid: uid, WorkingDir: wd, Entrypoint: entrypoint, Command: cfg.Spec.Command, ForceEntrypoint: true, - DirFS: false, + DirFS: cfg.Spec.DirFS, Metadata: builder.MetadataOptions{ CreatedBy: "all-your-base", }, diff --git a/docs/KRM.md b/docs/KRM.md index 1684f07..5937aa3 100644 --- a/docs/KRM.md +++ b/docs/KRM.md @@ -227,3 +227,47 @@ spec: command: - /some/magic/application.sh ``` + +## Advanced configuration + +### DirFS + +By default, all-your-base uses an in-memory virtual filesystem, which for highly complex builds may cause memory issues. +You can optionally set the `dirFS` parameter to true which will make all-your-base use a temporary directory as the root filesystem. + +See [here](https://github.com/Snakdy/container-build-engine/blob/main/docs/VFS.md) for further explanation. + +> Only set this if you know what you're doing. + +```yaml +apiVerison: ayb.dcas.dev/v1 +kind: Build +metadata: + name: my-image +spec: + dirFS: true +``` + +### User + +The container must be run as a non-root user, however some options are exposed to tweak this user. +By default, a user named `somebody` will be created with `uid=1001` and `gid=0`. + +```yaml +apiVerison: ayb.dcas.dev/v1 +kind: Build +metadata: + name: my-image +spec: + user: + username: some-user + uid: 1234 +``` + +Note: the `uid` MUST be above `0`. + +Additionally, you can override both of these values with CLI arguments: + +```shell +ayb build -c build.yaml --username=some-user --uid=1234 +``` diff --git a/pkg/api/v1/types.go b/pkg/api/v1/types.go index c5933a1..fda93fb 100644 --- a/pkg/api/v1/types.go +++ b/pkg/api/v1/types.go @@ -21,6 +21,13 @@ type BuildSpec struct { Files []File `json:"files,omitempty"` Links []Link `json:"links,omitempty"` Env []EnvVar `json:"env,omitempty"` + User User `json:"user,omitempty"` + DirFS bool `json:"dirFS,omitempty"` +} + +type User struct { + Username string `json:"username,omitempty"` + Uid int `json:"uid,omitempty"` } type Repository struct {