add example dockerfile with podman rootless

reubenmiller · reubenmiller · commit 79deab3b060e · 2025-09-10T15:42:48.000+02:00
diff --git a/test-images/alpine-openrc-podman-cli-rootless/Dockerfile b/test-images/alpine-openrc-podman-cli-rootless/Dockerfile
@@ -0,0 +1,67 @@
+FROM docker.io/alpine:3.22
+ARG TARGETPLATFORM
+
+RUN apk add --no-cache \
+        openrc \
+        mdevd-openrc \
+        wget \
+        curl \
+        bash \
+        sudo \
+        jq \
+        dasel \
+        shadow \
+        podman \
+        podman-compose \
+        # Required when running inside docker
+        # see https://github.com/containers/buildah/issues/3666
+        fuse-overlayfs \
+        # Add packages which are required for rootless
+        shadow-uidmap \
+        iproute2 \
+        ip6tables \
+    && wget -O - thin-edge.io/install.sh | sh -s \
+    && apk add \
+        tedge-apk-plugin \
+        tedge-command-plugin
+
+ADD https://raw.githubusercontent.com/thin-edge/tedge-demo-container/refs/heads/main/images/common/bootstrap.sh /usr/bin/
+RUN chmod 755 /usr/bin/bootstrap.sh
+
+RUN sed -i '/getty/d' /etc/inittab \
+    && sed -i 's/#mount_program/mount_program/' /etc/containers/storage.conf
+
+COPY dist/*.apk /tmp/
+RUN case ${TARGETPLATFORM} in \
+        "linux/386")  PKG_ARCH=linux_386  ;; \
+        "linux/amd64")  PKG_ARCH=linux_amd64  ;; \
+        "linux/arm64")  PKG_ARCH=linux_arm64  ;; \
+        "linux/arm/v6")  PKG_ARCH=linux_armv6  ;; \
+        "linux/arm/v7")  PKG_ARCH=linux_armv7  ;; \
+        *) echo "Unsupported target platform: TARGETPLATFORM=$TARGETPLATFORM"; exit 1 ;; \
+    esac \
+    && apk add --allow-untrusted /tmp/*${PKG_ARCH}*.apk \
+    && mkdir -p /opt/packages \
+    && cp /tmp/*${PKG_ARCH}*.apk /opt/packages/ \
+    && rm -f /tmp/*.apk
+
+RUN echo "tedge  ALL = (ALL) NOPASSWD: /usr/bin/tedge-container" | tee /etc/sudoers.d/tedge-containers \
+    && mkdir -p /etc/tedge-container-plugin \
+    && echo "CONTAINER_METRICS_INTERVAL=60s" | tee -a /etc/tedge-container-plugin/env \
+    && dasel put -r toml -t string -v '60s' 'metrics.interval' --indent 0 < /etc/tedge/plugins/tedge-container-plugin.toml > /etc/tedge/plugins/tedge-container-plugin.toml.tmp \
+    && mv /etc/tedge/plugins/tedge-container-plugin.toml.tmp /etc/tedge/plugins/tedge-container-plugin.toml
+
+# Setup podman rootless for the tedge user
+RUN mkdir -p /home/tedge/.config/containers/ \
+    && chown -R tedge:tedge /home/tedge \
+    && usermod --add-subuids 100000-165535 --add-subgids 100000-165535 tedge \
+    && sed -i 's/.*podman_user=.*/podman_user="tedge"/g' /etc/conf.d/podman \
+    && sed -i 's/.*command_user=.*/command_user="tedge"/g' /etc/conf.d/tedge-container-plugin \
+    # Workaround: disable modprobe checks due to an issue with /lib/modules not being present
+    # possibly due to running podman within docker?
+    && sed -i 's/modprob/#modprobe/g' /etc/init.d/podman
+
+# Default services
+RUN rc-update add podman
+
+CMD ["/sbin/init"]
