Astra-docker-image/Dockerfile.dind.rootless at master · NGRsoftlab/Astra-docker-image · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
ARG image_registry
ARG image_name=docker
ARG image_version=25.0-dind-astra1.8.2-slim

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#                         Base image                          #
#               First stage, prepare environment              #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
FROM ${image_registry}${image_name}:${image_version} AS base-stage

SHELL ["/bin/bash", "-exo", "pipefail", "-c"]

ARG dind_additional_tools='curl sshpass jq xmlstarlet yq'

## Install docker rootless mode and adapt for dind
## Always use the latest version available for the current DEB distribution
RUN \
    --mount=type=bind,source=./scripts,target=/usr/local/sbin,readonly \
    mkdir -p /run/program/divert/{bin,sbin,usr/bin,usr/sbin,lib/x86_64-linux-gnu,lib64} \
    && apt-install.sh \
## Dind rootless tools
        fuse-overlayfs \
        rootlesskit \
        slirp4netns \
## Additional tools
        ${dind_additional_tools} \
## Set environment
    && docker-set-environment.sh "rootlesskit" "dind_rootless" \
## Smoke test
    && rootlesskit --version \
    && slirp4netns --version \
## "/run/user/UID" will be used by default as the value of XDG_RUNTIME_DIR
    && install --verbose --directory --mode 1777 "/run/user" \
## Create a default user preconfigured for running rootless dockerd
    && useradd --uid 1000 --shell /bin/bash --create-home rootless \
    && echo 'rootless:100000:65536' >> /etc/subuid \
    && echo 'rootless:100000:65536' >> /etc/subgid \
## Pre-create "/var/lib/docker" for our rootless user
    && install --verbose --directory --owner rootless --group rootless "/home/rootless/.local/share/docker" \
## Remove cache
    && apt-clean.sh \
## Get image package dump
    && mkdir -p /usr/share/rocks \
    && ( \
        echo "# os-release" && cat /etc/os-release \
        && echo "# dpkg-query" \
        && dpkg-query -f \
            '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' \
            -W \
        ) >/usr/share/rocks/dpkg.query \
## Deduplication clean
    && dedup-clean.sh /usr/

VOLUME /home/rootless/.local/share/docker
USER rootless