Skip to content

Commit df7e2d6

Browse files
yetoneyetone
committed
f
1 parent ec2424a commit df7e2d6

File tree

3 files changed

+20
-4
lines changed

3 files changed

+20
-4
lines changed

container_images/buildah/Dockerfile

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,11 @@ RUN touch /etc/subgid /etc/subuid \
77

88
ENV BUILDAH_ISOLATION=chroot
99

10+
ARG BENTO_USER=bentoml
11+
ARG BENTO_USER_UID=1034
12+
ARG BENTO_USER_GID=1034
13+
RUN groupadd -g $BENTO_USER_GID -o $BENTO_USER && useradd -m -u $BENTO_USER_UID -g $BENTO_USER_GID -o -r $BENTO_USER
14+
1015
USER build
1116
WORKDIR /home/build
1217

scripts/quick-install-yatai-image-builder.sh

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,7 @@ echo "✅ cert-manager is working properly"
140140
helm repo add twuni https://helm.twun.io
141141
helm repo update twuni
142142
echo "🤖 installing docker-registry..."
143-
helm upgrade --install docker-registry twuni/docker-registry -n ${namespace}
143+
helm upgrade --install docker-registry ./helm/docker-registry -n ${namespace}
144144

145145
echo "⏳ waiting for docker-registry to be ready..."
146146
kubectl -n ${namespace} wait --for=condition=ready --timeout=600s pod -l app=docker-registry
@@ -155,6 +155,8 @@ metadata:
155155
namespace: ${namespace}
156156
labels:
157157
app: docker-private-registry-proxy
158+
annotations:
159+
openshift.io/scc: hostnetwork
158160
spec:
159161
selector:
160162
matchLabels:
@@ -165,6 +167,10 @@ spec:
165167
labels:
166168
app: docker-private-registry-proxy
167169
spec:
170+
securityContext:
171+
runAsNonRoot: true
172+
seccompProfile:
173+
type: RuntimeDefault
168174
containers:
169175
- args:
170176
- tcp
@@ -181,6 +187,11 @@ spec:
181187
limits:
182188
cpu: 100m
183189
memory: 100Mi
190+
securityContext:
191+
allowPrivilegeEscalation: false
192+
capabilities:
193+
drop:
194+
- ALL
184195
EOF
185196

186197
echo "⏳ waiting for docker-private-registry-proxy to be ready..."

tests/e2e/installation_test.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,12 @@
22

33
set -xe
44

5-
kubectl create ns yatai-system
6-
kubectl create ns yatai-image-builder
5+
kubectl create ns yatai-system || true
6+
kubectl create ns yatai-image-builder || true
77
kubectl create ns yatai || true
88

99
echo "🚀 Creating AWS Secret Access Key..."
10-
kubectl create secret generic aws-secret-access-key --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} --namespace yatai-image-builder
10+
kubectl create secret generic aws-secret-access-key --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} --namespace yatai-image-builder || true
1111
echo "🚀 Installing yatai-image-builder..."
1212
YATAI_ENDPOINT='empty' USE_LOCAL_HELM_CHART=true UPGRADE_CRDS=false AWS_SECRET_ACCESS_KEY_EXISTING_SECRET_NAME=aws-secret-access-key AWS_SECRET_ACCESS_KEY_EXISTING_SECRET_KEY=AWS_SECRET_ACCESS_KEY bash ./scripts/quick-install-yatai-image-builder.sh
1313
echo "yatai-image-builder helm release values:"

0 commit comments

Comments
 (0)