1+ ####################
2+ # base #
3+ ####################
4+ FROM registry.access.redhat.com/ubi9/python-311:latest AS base
5+
6+ WORKDIR /opt/app-root/bin
7+
8+ # OS Packages needs to be installed as root
9+ USER 0
10+
11+ # Install useful OS packages
12+ RUN dnf install -y mesa-libGL skopeo && dnf clean all && rm -rf /var/cache/yum
13+
14+ # Other apps and tools installed as default user
15+ USER 1001
16+
17+ # Install micropipenv to deploy packages from Pipfile.lock
18+ RUN pip install --no-cache-dir -U "micropipenv[toml]"
19+
20+ # Install the oc client
21+ RUN curl -L https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/clients/ocp/stable/openshift-client-linux.tar.gz \
22+ -o /tmp/openshift-client-linux.tar.gz && \
23+ tar -xzvf /tmp/openshift-client-linux.tar.gz oc && \
24+ rm -f /tmp/openshift-client-linux.tar.gz
25+
26+
27+ ####################
28+ # codeserver #
29+ ####################
30+ FROM base AS codeserver
31+
32+ ARG TARGETOS TARGETARCH
33+
34+ ARG CODESERVER_SOURCE_CODE=codeserver/ubi9-python-3.11
35+ ARG CODESERVER_VERSION=v4.98.0
36+
37+ USER 0
38+
39+ WORKDIR /opt/app-root/bin
40+
41+ # Install useful OS packages
42+ RUN dnf install -y jq git-lfs libsndfile && dnf clean all && rm -rf /var/cache/yum
43+
44+ # Install code-server
45+ RUN yum install -y "https://github.com/coder/code-server/releases/download/${CODESERVER_VERSION}/code-server-${CODESERVER_VERSION/v/}-${TARGETARCH}.rpm" && \
46+ yum -y clean all --enablerepo='*'
47+
48+ COPY --chown=1001:0 ${CODESERVER_SOURCE_CODE}/utils utils/
49+
50+ # Create and intall the extensions though build-time on a temporary directory. Later this directory will copied on the `/opt/app-root/src/.local/share/code-server/extensions` via run-code-server.sh file when it starts up.
51+ RUN mkdir -p /opt/app-root/extensions-temp && \
52+ code-server --install-extension /opt/app-root/bin/utils/ms-python.python-2025.2.0.vsix --extensions-dir /opt/app-root/extensions-temp && \
53+ code-server --install-extension /opt/app-root/bin/utils/ms-toolsai.jupyter-2025.2.0.vsix --extensions-dir /opt/app-root/extensions-temp
54+
55+ # Install NGINX to proxy code-server and pass probes check
56+ ENV NGINX_VERSION=1.24 \
57+ NGINX_SHORT_VER=124 \
58+ NGINX_CONFIGURATION_PATH=${APP_ROOT}/etc/nginx.d \
59+ NGINX_CONF_PATH=/etc/nginx/nginx.conf \
60+ NGINX_DEFAULT_CONF_PATH=${APP_ROOT}/etc/nginx.default.d \
61+ NGINX_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/nginx \
62+ NGINX_APP_ROOT=${APP_ROOT} \
63+ NGINX_LOG_PATH=/var/log/nginx \
64+ NGINX_PERL_MODULE_PATH=${APP_ROOT}/etc/perl
65+
66+ # Modules does not exist
67+ RUN yum install -y https://download.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
68+ INSTALL_PKGS="bind-utils nginx nginx-mod-stream nginx-mod-http-perl fcgiwrap initscripts chkconfig supervisor" && \
69+ yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
70+ rpm -V $INSTALL_PKGS && \
71+ yum -y clean all --enablerepo='*'
72+
73+ COPY --chown=1001:0 ${CODESERVER_SOURCE_CODE}/supervisord/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
74+
75+ # Copy extra files to the image.
76+ COPY --chown=1001:0 ${CODESERVER_SOURCE_CODE}/nginx/root/ /
77+
78+ # Changing ownership and user rights to support following use-cases:
79+ # 1) running container on OpenShift, whose default security model
80+ # is to run the container under random UID, but GID=0
81+ # 2) for working root-less container with UID=1001, which does not have
82+ # to have GID=0
83+ # 3) for default use-case, that is running container directly on operating system,
84+ # with default UID and GID (1001:0)
85+ # Supported combinations of UID:GID are thus following:
86+ # UID=1001 && GID=0
87+ # UID=<any>&& GID=0
88+ # UID=1001 && GID=<any>
89+ RUN sed -i -f ${NGINX_APP_ROOT}/nginxconf.sed ${NGINX_CONF_PATH} && \
90+ mkdir -p ${NGINX_APP_ROOT}/etc/nginx.d/ && \
91+ mkdir -p ${NGINX_APP_ROOT}/etc/nginx.default.d/ && \
92+ mkdir -p ${NGINX_APP_ROOT}/api/ && \
93+ mkdir -p ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \
94+ mkdir -p ${NGINX_LOG_PATH} && \
95+ mkdir -p ${NGINX_PERL_MODULE_PATH} && \
96+ chown -R 1001:0 ${NGINX_CONF_PATH} && \
97+ chown -R 1001:0 ${NGINX_APP_ROOT}/etc && \
98+ chown -R 1001:0 ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \
99+ chown -R 1001:0 /var/lib/nginx /var/log/nginx /run && \
100+ chmod ug+rw ${NGINX_CONF_PATH} && \
101+ chmod -R ug+rwX ${NGINX_APP_ROOT}/etc && \
102+ chmod -R ug+rwX ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \
103+ chmod -R ug+rwX /var/lib/nginx /var/log/nginx /run && \
104+ rpm-file-permissions && \
105+ # Ensure the temporary directory and target directory have the correct permissions
106+ mkdir -p /opt/app-root/src/.local/share/code-server/extensions && \
107+ mkdir -p /opt/app-root/src/.local/share/code-server/coder-logs && \
108+ chown -R 1001:0 /opt/app-root/src/.local/share/code-server && \
109+ chown -R 1001:0 /opt/app-root/extensions-temp && \
110+ chown -R 1001:0 /opt/app-root/src/.config/code-server
111+
112+ ## Configure nginx
113+ COPY ${CODESERVER_SOURCE_CODE}/nginx/serverconf/ /opt/app-root/etc/nginx.default.d/
114+ COPY ${CODESERVER_SOURCE_CODE}/nginx/httpconf/ /opt/app-root/etc/nginx.d/
115+ COPY ${CODESERVER_SOURCE_CODE}/nginx/api/ /opt/app-root/api/
116+
117+ # Launcher
118+ COPY --chown=1001:0 ${CODESERVER_SOURCE_CODE}/run-code-server.sh ${CODESERVER_SOURCE_CODE}/run-nginx.sh ./
119+
120+ ENV SHELL=/bin/bash
121+
122+ ENV PYTHONPATH=/opt/app-root/bin/python3
123+
124+ USER 1001
125+
126+ # Install useful packages from Pipfile.lock
127+ COPY ${CODESERVER_SOURCE_CODE}/Pipfile.lock ./
128+
129+ # Install packages and cleanup
130+ RUN echo "Installing softwares and packages" && \
131+ micropipenv install && \
132+ rm -f ./Pipfile.lock && \
133+ # Fix permissions to support pip in Openshift environments \
134+ chmod -R g+w /opt/app-root/lib/python3.11/site-packages && \
135+ fix-permissions /opt/app-root -P
136+
137+ WORKDIR /opt/app-root/src
138+
139+ CMD ["/opt/app-root/bin/run-code-server.sh"]
140+
141+ LABEL name="rhoai/odh-workbench-codeserver-datascience-cpu-py311-rhel9" \
142+ com.redhat.component="odh-workbench-codeserver-datascience-cpu-py311-rhel9" \
143+ io.k8s.display-name="odh-workbench-codeserver-datascience-cpu-py311-rhel9" \
144+ summary="code-server image with python 3.11 based on UBI 9" \
145+ description="code-server image with python 3.11 based on UBI9" \
146+ io.k8s.description="code-server image with python 3.11 based on UBI9" \
147+ com.redhat.license_terms="https://www.redhat.com/licenses/Red_Hat_Standard_EULA_20191108.pdf"
0 commit comments