forked from docker-library/docker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile-dind-rootless.template
62 lines (55 loc) · 2.35 KB
/
Dockerfile-dind-rootless.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
FROM docker:%%VERSION%%-dind
# busybox "ip" is insufficient:
# [rootlesskit:child ] error: executing [[ip tuntap add name tap0 mode tap] [ip link set tap0 address 02:50:00:00:00:01]]: exit status 1
RUN apk add --no-cache iproute2
# "/run/user/UID" will be used by default as the value of XDG_RUNTIME_DIR
RUN mkdir /run/user && chmod 1777 /run/user
# create a default user preconfigured for running rootless dockerd
RUN set -eux; \
adduser -h /home/rootless -g 'Rootless' -D -u 1000 rootless; \
echo 'rootless:100000:65536' >> /etc/subuid; \
echo 'rootless:100000:65536' >> /etc/subgid
RUN set -eux; \
\
# this "case" statement is generated via "update.sh"
%%ARCH-CASE%%; \
\
if ! wget -O rootless.tgz "https://download.docker.com/linux/static/${DOCKER_CHANNEL}/${dockerArch}/docker-rootless-extras-${DOCKER_VERSION}.tgz"; then \
echo >&2 "error: failed to download 'docker-rootless-extras-${DOCKER_VERSION}' from '${DOCKER_CHANNEL}' for '${dockerArch}'"; \
exit 1; \
fi; \
\
tar --extract \
--file rootless.tgz \
--strip-components 1 \
--directory /usr/local/bin/ \
'docker-rootless-extras/vpnkit' \
; \
rm rootless.tgz; \
\
# we download/build rootlesskit separately to get a newer release
# rootlesskit --version; \
vpnkit --version
# https://github.com/rootless-containers/rootlesskit/releases
ENV ROOTLESSKIT_VERSION 0.9.1
RUN set -eux; \
apk add --no-cache --virtual .rootlesskit-build-deps \
go \
libc-dev \
; \
wget -O rootlesskit.tgz "https://github.com/rootless-containers/rootlesskit/archive/v${ROOTLESSKIT_VERSION}.tar.gz"; \
export GOPATH='/go'; mkdir "$GOPATH"; \
mkdir -p "$GOPATH/src/github.com/rootless-containers/rootlesskit"; \
tar --extract --file rootlesskit.tgz --directory "$GOPATH/src/github.com/rootless-containers/rootlesskit" --strip-components 1; \
rm rootlesskit.tgz; \
go build -o /usr/local/bin/rootlesskit github.com/rootless-containers/rootlesskit/cmd/rootlesskit; \
go build -o /usr/local/bin/rootlesskit-docker-proxy github.com/rootless-containers/rootlesskit/cmd/rootlesskit-docker-proxy; \
rm -rf "$GOPATH"; \
apk del --no-network .rootlesskit-build-deps; \
rootlesskit --version
# pre-create "/var/lib/docker" for our rootless user
RUN set -eux; \
mkdir -p /home/rootless/.local/share/docker; \
chown -R rootless:rootless /home/rootless/.local/share/docker
VOLUME /home/rootless/.local/share/docker
USER rootless