all: support docker:// with Dind

giautm · giautm · commit d67b20c0ffbb · 2024-10-16T15:45:28.000+07:00
diff --git a/Dockerfile b/Dockerfile
@@ -46,11 +46,13 @@ ARG ATLAS_VERSION=latest
 ENV ATLAS_VERSION=${ATLAS_VERSION}
 RUN curl -sSf https://atlasgo.sh | sh
 
+FROM docker:27.3.1-cli-alpine3.20 as docker
+
 FROM alpine:3.20
+ENV ATLAS_KUBERNETES_OPERATOR=1
 WORKDIR /
-COPY --from=builder /workspace/manager .
 COPY --from=atlas /usr/local/bin/atlas /usr/local/bin
-RUN chmod +x /usr/local/bin/atlas
-ENV ATLAS_KUBERNETES_OPERATOR=1
+COPY --from=docker /usr/local/bin/docker /usr/local/bin
+COPY --from=builder /workspace/manager .
 USER 65532:65532
 ENTRYPOINT ["/manager"]
diff --git a/config/dind/kustomization.yaml b/config/dind/kustomization.yaml
@@ -0,0 +1,52 @@
+# Copyright 2023 The Atlas Operator Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+namespace: atlas-operator-system
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../default
+patches:
+- target:
+    kind: Deployment
+    namespace: system
+    name: controller-manager
+  patch: |-
+    - op: add
+      path: "/spec/template/spec/containers/0/env/-"
+      value:
+        name: DOCKER_HOST
+        value: "unix:///run/user/1000/docker.sock"
+    - op: add
+      path: "/spec/template/spec/containers/0/volumeMounts/-"
+      value:
+        name: dind-sock
+        mountPath: /run/user
+    - op: add
+      path: "/spec/template/spec/containers/-"
+      value:
+        name: dind
+        image: docker:27.3.1-dind-rootless
+        securityContext:
+          privileged: true
+          runAsGroup: 1000
+          runAsUser: 1000
+        volumeMounts:
+          - name: dind-sock
+            mountPath: /run/user
+    - op: add
+      path: "/spec/template/spec/volumes/-"
+      value:
+        name: dind-sock
+        emptyDir: {}
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -114,5 +114,7 @@ spec:
           requests:
             cpu: 10m
             memory: 64Mi
+        volumeMounts: []
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
+      volumes: []
diff --git a/skaffold.yaml b/skaffold.yaml
@@ -30,6 +30,7 @@ profiles:
       paths:
       - config/default
       - config/sqlserver
+      - config/dind
 - name: helm
   deploy:
     helm:
diff --git a/test/e2e/testscript/schema-dind.txtar b/test/e2e/testscript/schema-dind.txtar
@@ -0,0 +1,97 @@
+env DB_URL=postgres://root:pass@postgres.${NAMESPACE}:5432/postgres?sslmode=disable
+kubectl apply -f database.yaml
+kubectl create secret generic postgres-credentials --from-literal=url=${DB_URL}
+# Wait for the DB ready before creating the schema
+kubectl wait --for=condition=ready --timeout=60s -l app=postgres pods
+
+# Create the schema
+kubectl apply -f schema.yaml
+kubectl wait --for=condition=ready --timeout=360s AtlasSchema/atlasschema-postgres
+
+# Inspect the schema to ensure it's correct
+atlas schema inspect -u ${DB_URL}
+cmp stdout schema.hcl
+-- schema.hcl --
+table "users2" {
+  schema = schema.public
+  column "id" {
+    null = false
+    type = integer
+  }
+  primary_key {
+    columns = [column.id]
+  }
+}
+schema "public" {
+  comment = "standard public schema"
+}
+-- schema.yaml --
+apiVersion: db.atlasgo.io/v1alpha1
+kind: AtlasSchema
+metadata:
+  name: atlasschema-postgres
+spec:
+  devURL: docker://postgres/15/dev
+  urlFrom:
+    secretKeyRef:
+      name: postgres-credentials
+      key: url
+  schema:
+    sql: |
+      create table users2 (
+        id int not null,
+        primary key (id)
+      );
+-- database.yaml --
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+spec:
+  selector:
+    app: postgres
+  ports:
+    - name: postgres
+      port: 5432
+      targetPort: postgres
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+spec:
+  selector:
+    matchLabels:
+      app: postgres
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 999
+      containers:
+        - name: postgres
+          image: postgres:15.4
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - all
+          env:
+            - name: POSTGRES_PASSWORD
+              value: pass
+            - name: POSTGRES_USER
+              value: root
+          ports:
+            - containerPort: 5432
+              name: postgres
+          readinessProbe:
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            timeoutSeconds: 1
+            exec:
+              command: [ "pg_isready" ]
