Merge pull request #71401 from DCChadwick/osdocs9297

bscott-rh · web-flow · commit 376259e838b5 · 2024-02-20T12:26:14.000-05:00
OSDOCS9297: Using /dev/fuse to access faster builds
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
@@ -2508,6 +2508,8 @@ Topics:
     File: nodes-containers-port-forwarding
   - Name: Using sysctls in containers
     File: nodes-containers-sysctls
+  - Name: Accessing faster builds with /dev/fuse
+    File: nodes-containers-dev-fuse
 - Name: Working with clusters
   Dir: clusters
   Topics:
diff --git a/modules/nodes-containers-dev-fuse-configuring.adoc b/modules/nodes-containers-dev-fuse-configuring.adoc
@@ -0,0 +1,66 @@
+// Module included in the following assemblies:
+//
+// * nodes/nodes-containers-dev-fuse.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="nodes-containers-dev-fuse-configuring_{context}"]
+= Configuring /dev/fuse on unprivileged pods
+
+As an alternative to the virtual filesystem, you can configure the `/dev/fuse` device to the `io.kubernetes.cri-o.Devices` annotation to access faster builds within unprivileged pods. Using `/dev/fuse` is secure, efficient, and scalable, and allows unprivileged users to mount an overlay filesystem as if the unprivileged pod was privileged. 
+
+.Procedure
+
+. Create the pod.
++
+[source,terminal]
+----
+$ oc exec -ti no-priv -- /bin/bash
+----
++
+[source,terminal]
+----
+$ cat >> Dockerfile <<EOF
+FROM registry.access.redhat.com/ubi9
+EOF
+----
++
+[source,terminal]
+----
+$ podman build .
+----
+
+. Implement `/dev/fuse` by adding the `/dev/fuse` device to the `io.kubernetes.cri-o.Devices` annotation.
++
+[source,yaml]
+----
+io.kubernetes.cri-o.Devices: "/dev/fuse"
+----
++
+For example:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: podman-pod
+  annotations:
+    io.kubernetes.cri-o.Devices: "/dev/fuse"
+----
+
+. Configure the `/dev/fuse` device in your pod specifications.
++
+[source,yaml]
+----
+spec:
+  containers:
+  - name: podman-container
+    image: quay.io/podman/stable
+    args:
+    - sleep
+    - "1000000"
+    securityContext:
+      runAsUser: 1000
+----
+
+
diff --git a/nodes/containers/nodes-containers-dev-fuse.adoc b/nodes/containers/nodes-containers-dev-fuse.adoc
@@ -0,0 +1,11 @@
+:_mod-docs-content-type: ASSEMBLY
+:context: nodes-containers-dev-fuse
+[id="nodes-containers-dev-fuse"]
+= Accessing faster builds with /dev/fuse
+include::_attributes/common-attributes.adoc[]
+
+toc::[]
+
+You can configure your pods with the `/dev/fuse` device to access faster builds.
+
+include::modules/nodes-containers-dev-fuse-configuring.adoc[leveloffset=+1]
