Merge pull request #10 from okteto/jpf-okteto/plat-704

feat: dual rootless/rootful container image (PLAT-704)

Author: jpf-okteto

.circleci/config.yml

@@ -15,8 +15,11 @@ jobs:
       - checkout
       - run: *okteto-login
       - run: 
-          name: Build Image
-          command: make build
+          name: Build Rootful Image
+          command: make build-rootful
+      - run: 
+          name: Build Rootless Image
+          command: make build-rootless
   release:
     docker:
       - image: cimg/base:current
@@ -25,8 +28,11 @@ jobs:
       - run: *okteto-login
       - run: *docker-login
       - run:
-          name: Build and Push Image
-          command: make push
+          name: Build and Push Rootful Image
+          command: make push-rootful
+      - run:
+          name: Build and Push Rootless Image
+          command: make push-rootless
 
 workflows:
   version: 2

Dockerfile

@@ -1,5 +1,5 @@
 # syntax = docker/dockerfile:experimental
-FROM debian:bookworm-slim
+FROM debian:bookworm-slim as base
 
 COPY --from=cuelang/cue:0.9.2 /usr/bin/cue /usr/local/bin/cue
 COPY --from=mikefarah/yq:4 /usr/bin/yq /usr/local/bin/yq
@@ -19,3 +19,13 @@ RUN apt clean && apt update && \
         wait-for-it \
         jq \
         netcat-traditional
+
+FROM base as rootless
+
+RUN addgroup --gid 1000 runner && \
+    adduser --disabled-login --home /home/runner --ingroup runner --uid 1000 runner
+
+USER 1000
+
+# keep basic container image build rootful as before
+FROM base as rootful

Makefile

@@ -1,7 +1,25 @@
 CIRCLE_TAG ?= dev
 
-build:
-	okteto build --platform linux/amd64,linux/arm64 -f Dockerfile .
+# keep 'build' makefile step rootful for backwards compatibility
+build: build-rootful
 
-push:
-	okteto build -t okteto/pipeline-runner:${CIRCLE_TAG} --platform linux/amd64,linux/arm64 -f Dockerfile .
+build-rootful:
+	okteto build --platform linux/amd64,linux/arm64 -f Dockerfile --target rootful .
+
+build-rootless:
+	okteto build --platform linux/amd64,linux/arm64 -f Dockerfile --target rootless .
+
+# keep 'push' makefile step rootful for backwards compatibility
+push: push-rootful
+
+push-rootful:
+	okteto build -t okteto/pipeline-runner:${CIRCLE_TAG} --platform linux/amd64,linux/arm64 -f Dockerfile --target rootful .
+
+push-rootless:
+	okteto build -t okteto/pipeline-runner:${CIRCLE_TAG}-rootless --platform linux/amd64,linux/arm64 -f Dockerfile --target rootless .
+
+push-dev-rootful:
+	okteto build -t okteto.dev/pipeline-runner:dev --platform linux/amd64,linux/arm64 -f Dockerfile --target rootful .
+
+push-dev-rootless:
+	okteto build -t okteto.dev/pipeline-runner:dev-rootless --platform linux/amd64,linux/arm64 -f Dockerfile --target rootless .

README.md

@@ -17,4 +17,4 @@ installer:
   runner: okteto/pipeline-runner:1.0.0
 ```
 
-replacing `okteto/pipeline-runner:1.0.0` by your own pipeline runner image.
+replacing `okteto/pipeline-runner:1.0.0` by your own pipeline runner image.