feat: user 1001

This is the one used in the builder image
apache · Jun 27, 2023 · 4a8072d · 4a8072d
1 parent 3d74dfa
commit 4a8072d
Show file tree

Hide file tree

Showing 13 changed files with 83 additions and 27 deletions.
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -45,13 +45,13 @@ ENV MAVEN_OPTS="${MAVEN_OPTS} -Dlogback.configurationFile=${MAVEN_HOME}/conf/log
 ADD build/_maven_output ${MVN_REPO}
 ADD build/_kamelets /kamelets
 
-RUN chgrp -R 0 ${MVN_REPO} \
-    && chmod -R g=u ${MVN_REPO} \
+RUN chgrp -R 1001 ${MVN_REPO} \
+    && chown -R 1001 ${MVN_REPO} \
     && chgrp -R 0 /kamelets \
     && chmod -R g=u /kamelets \
-    && chgrp -R 0 ${MAVEN_HOME} \
-    && chmod -R g=u ${MAVEN_HOME}
+    && chgrp -R 1001 ${MAVEN_HOME} \
+    && chown -R 1001 ${MAVEN_HOME}
 
-USER 1000
+USER 1001
 
 ADD build/_output/bin/kamel /usr/local/bin/kamel
diff --git a/config/samples/bases/camel_v1_integrationplatform.yaml b/config/samples/bases/camel_v1_integrationplatform.yaml
@@ -22,6 +22,3 @@ metadata:
   labels:
     app: "camel-k"
 spec:
-  build:
-    buildConfiguration:
-      strategy: pod
diff --git a/e2e/common/traits/builder_test.go b/e2e/common/traits/builder_test.go
@@ -70,6 +70,7 @@ func TestBuilderTrait(t *testing.T) {
 			"-t", "builder.limit-cpu=1000m",
 			"-t", "builder.request-memory=2Gi",
 			"-t", "builder.limit-memory=3Gi",
+			"-t", "builder.strategy=pod",
 		).Execute()).To(Succeed())
 
 		Eventually(IntegrationPodPhase(ns, name), TestTimeoutLong).Should(Equal(corev1.PodRunning))
@@ -101,10 +102,11 @@ func TestBuilderTrait(t *testing.T) {
 			"--name", name,
 			"-t", "builder.tasks=custom1;alpine;tree",
 			"-t", "builder.tasks=custom2;alpine;cat maven/pom.xml",
+			"-t", "builder.strategy=pod",
 		).Execute()).To(Succeed())
 
 		Eventually(IntegrationPodPhase(ns, name), TestTimeoutLong).Should(Equal(corev1.PodRunning))
-		Eventually(IntegrationConditionStatus(ns, name, v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue))
+		Eventually(IntegrationConditionStatus(ns, name, v1.IntegrationConditionReady), TestTimeoutLong).Should(Equal(corev1.ConditionTrue))
 		Eventually(IntegrationLogs(ns, name), TestTimeoutShort).Should(ContainSubstring("Magicstring!"))
 
 		integrationKitName := IntegrationKit(ns, name)()
@@ -144,13 +146,14 @@ func TestBuilderTrait(t *testing.T) {
 		Expect(KamelRunWithID(operatorID, ns, "files/Java.java",
 			"--name", name,
 			"-t", "builder.tasks=custom1;alpine;cat missingfile.txt",
+			"-t", "builder.strategy=pod",
 		).Execute()).To(Succeed())
 
 		Eventually(IntegrationPhase(ns, name)).Should(Equal(v1.IntegrationPhaseBuildingKit))
 		integrationKitName := IntegrationKit(ns, name)()
 		// Check containers conditions
-		Eventually(Build(ns, integrationKitName), TestTimeoutShort).ShouldNot(BeNil())
-		Eventually(BuildConditions(ns, integrationKitName), TestTimeoutShort).ShouldNot(BeNil())
+		Eventually(Build(ns, integrationKitName), TestTimeoutLong).ShouldNot(BeNil())
+		Eventually(BuildConditions(ns, integrationKitName), TestTimeoutLong).ShouldNot(BeNil())
 		Eventually(
 			Build(ns, integrationKitName)().Status.GetCondition(v1.BuildConditionType("Container custom1 succeeded")).Status,
 			TestTimeoutShort).Should(Equal(corev1.ConditionFalse))

diff --git a/e2e/commonwithcustominstall/builder_test.go b/e2e/commonwithcustominstall/builder_test.go
@@ -59,7 +59,7 @@ func TestBuilderTimeout(t *testing.T) {
 
 		t.Run("run yaml", func(t *testing.T) {
 			name := "yaml"
-			Expect(KamelRunWithID(operatorID, ns, "files/yaml.yaml").Execute()).To(Succeed())
+			Expect(KamelRunWithID(operatorID, ns, "files/yaml.yaml", "-t", "builder.strategy=pod").Execute()).To(Succeed())
 			// As the build hits timeout, it keeps trying building
 			Eventually(IntegrationPhase(ns, name)).Should(Equal(v1.IntegrationPhaseBuildingKit))
 			integrationKitName := IntegrationKit(ns, name)()

diff --git a/e2e/commonwithcustominstall/incremental_build_test.go b/e2e/commonwithcustominstall/incremental_build_test.go
@@ -34,7 +34,7 @@ import (
 	"github.com/apache/camel-k/v2/pkg/util/defaults"
 )
 
-func TestRunIncrementalBuild(t *testing.T) {
+func TestRunIncrementalBuildRoutine(t *testing.T) {
 	WithNewTestNamespace(t, func(ns string) {
 		operatorID := "camel-k-incremental-build"
 		Expect(KamelInstallWithID(operatorID, ns).Execute()).To(Succeed())
@@ -48,12 +48,63 @@ func TestRunIncrementalBuild(t *testing.T) {
 		Eventually(IntegrationLogs(ns, name), TestTimeoutShort).Should(ContainSubstring("Magicstring!"))
 		integrationKitName := IntegrationKit(ns, name)()
 		Eventually(Kit(ns, integrationKitName)().Status.BaseImage).Should(Equal(defaults.BaseImage()))
+
+		t.Run("Reuse previous kit", func(t *testing.T) {
+			nameClone := "java-clone"
+			Expect(KamelRunWithID(operatorID, ns, "files/Java.java",
+				"--name", nameClone,
+			).Execute()).To(Succeed())
+			Eventually(IntegrationPodPhase(ns, nameClone), TestTimeoutLong).Should(Equal(corev1.PodRunning))
+			Eventually(IntegrationConditionStatus(ns, nameClone, v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue))
+			Eventually(IntegrationLogs(ns, nameClone), TestTimeoutShort).Should(ContainSubstring("Magicstring!"))
+			integrationCloneKitName := IntegrationKit(ns, nameClone)()
+			Eventually(integrationCloneKitName).Should(Equal(integrationKitName))
+		})
+
+		t.Run("Create incremental kit", func(t *testing.T) {
+			// Another integration that should be built on top of the previous IntegrationKit
+			// just add a new random dependency
+			nameIncremental := "java-incremental"
+			Expect(KamelRunWithID(operatorID, ns, "files/Java.java",
+				"--name", nameIncremental,
+				"-d", "camel:zipfile",
+			).Execute()).To(Succeed())
+			Eventually(IntegrationPodPhase(ns, nameIncremental), TestTimeoutLong).Should(Equal(corev1.PodRunning))
+			Eventually(IntegrationConditionStatus(ns, nameIncremental, v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue))
+			Eventually(IntegrationLogs(ns, nameIncremental), TestTimeoutShort).Should(ContainSubstring("Magicstring!"))
+			integrationIncrementalKitName := IntegrationKit(ns, nameIncremental)()
+			// the container comes in a format like
+			// 10.108.177.66/test-d7cad110-bb1d-4e79-8a0e-ebd44f6fe5d4/camel-k-kit-c8357r4k5tp6fn1idm60@sha256:d49716f0429ad8b23a1b8d20a357d64b1aa42a67c1a2a534ebd4c54cd598a18d
+			// we should be save just to check the substring is contained
+			Eventually(Kit(ns, integrationIncrementalKitName)().Status.BaseImage).Should(ContainSubstring(integrationKitName))
+		})
+
+		Expect(Kamel("delete", "--all", "-n", ns).Execute()).To(Succeed())
+	})
+}
+
+func TestRunIncrementalBuildPod(t *testing.T) {
+	WithNewTestNamespace(t, func(ns string) {
+		operatorID := "camel-k-incremental-build"
+		Expect(KamelInstallWithID(operatorID, ns).Execute()).To(Succeed())
+
+		name := "java"
+		Expect(KamelRunWithID(operatorID, ns, "files/Java.java",
+			"--name", name,
+			"-t", "builder.strategy=pod",
+		).Execute()).To(Succeed())
+		Eventually(IntegrationPodPhase(ns, name), TestTimeoutLong).Should(Equal(corev1.PodRunning))
+		Eventually(IntegrationConditionStatus(ns, name, v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue))
+		Eventually(IntegrationLogs(ns, name), TestTimeoutShort).Should(ContainSubstring("Magicstring!"))
+		integrationKitName := IntegrationKit(ns, name)()
+		Eventually(Kit(ns, integrationKitName)().Status.BaseImage).Should(Equal(defaults.BaseImage()))
 		Eventually(BuilderPodsCount(ns)).Should(Equal(1))
 
 		t.Run("Reuse previous kit", func(t *testing.T) {
 			nameClone := "java-clone"
 			Expect(KamelRunWithID(operatorID, ns, "files/Java.java",
 				"--name", nameClone,
+				"-t", "builder.strategy=pod",
 			).Execute()).To(Succeed())
 			Eventually(IntegrationPodPhase(ns, nameClone), TestTimeoutLong).Should(Equal(corev1.PodRunning))
 			Eventually(IntegrationConditionStatus(ns, nameClone, v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue))
@@ -70,6 +121,7 @@ func TestRunIncrementalBuild(t *testing.T) {
 			Expect(KamelRunWithID(operatorID, ns, "files/Java.java",
 				"--name", nameIncremental,
 				"-d", "camel:zipfile",
+				"-t", "builder.strategy=pod",
 			).Execute()).To(Succeed())
 			Eventually(IntegrationPodPhase(ns, nameIncremental), TestTimeoutLong).Should(Equal(corev1.PodRunning))
 			Eventually(IntegrationConditionStatus(ns, nameIncremental, v1.IntegrationConditionReady), TestTimeoutShort).Should(Equal(corev1.ConditionTrue))

diff --git a/e2e/install/kustomize/uninstall_test.go b/e2e/install/kustomize/uninstall_test.go
@@ -65,7 +65,8 @@ func TestKustomizeUninstallBasic(t *testing.T) {
 		Eventually(OperatorPod(ns)).Should(BeNil())
 		Eventually(Platform(ns)).Should(BeNil())
 		// The operator can dynamically create a for its builders
-		Eventually(Role(ns)).Should(HaveLen(1))
+		// so, in case there is a build strategy "pod", expect this to have 1 role
+		Eventually(Role(ns)).Should(BeNil())
 		Eventually(ClusterRole()).Should(BeNil())
 		// CRDs should be still there
 		Eventually(CRDs()).Should(HaveLen(ExpectedCRDs))

diff --git a/go.mod b/go.mod
@@ -100,7 +100,7 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/go-containerregistry v0.13.0 // indirect
+	github.com/google/go-containerregistry v0.15.2 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect

diff --git a/go.sum b/go.sum
@@ -333,8 +333,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.13.0 h1:y1C7Z3e149OJbOPDBxLYR8ITPz8dTKqQwjErKVHJC8k=
-github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo=
+github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE=
+github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
 github.com/google/go-github/v52 v52.0.0 h1:uyGWOY+jMQ8GVGSX8dkSwCzlehU3WfdxQ7GweO/JP7M=
 github.com/google/go-github/v52 v52.0.0/go.mod h1:WJV6VEEUPuMo5pXqqa2ZCZEdbQqua4zAk2MZTIo+m+4=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=

diff --git a/pkg/controller/build/build_pod.go b/pkg/controller/build/build_pod.go
@@ -113,8 +113,7 @@ var (
 )
 
 func newBuildPod(ctx context.Context, c ctrl.Reader, build *v1.Build) (*corev1.Pod, error) {
-	// TODO we must find a way to run this non-root
-	var ugfid int64 = 0
+	var ugfid int64 = 1001
 	pod := &corev1.Pod{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: corev1.SchemeGroupVersion.String(),
@@ -264,10 +263,6 @@ func addBuildTaskToPod(build *v1.Build, taskName string, pod *corev1.Pod) {
 			Name:  "HOME",
 			Value: filepath.Join(builderDir, build.Name),
 		},
-		/*corev1.EnvVar{
-			Name:  "MAVEN_USER_HOME",
-			Value: "/usr/share/maven",
-		},*/
 	)
 
 	container := corev1.Container{
@@ -384,6 +379,7 @@ func addBuildahTaskToPod(ctx context.Context, c ctrl.Reader, build *v1.Build, ta
 		image = fmt.Sprintf("%s:v%s", builder.BuildahDefaultImageName, defaults.BuildahVersion)
 	}
 
+	var root int64 = 0
 	container := corev1.Container{
 		Name:            task.Name,
 		Image:           image,
@@ -393,6 +389,11 @@ func addBuildahTaskToPod(ctx context.Context, c ctrl.Reader, build *v1.Build, ta
 		Env:             env,
 		WorkingDir:      filepath.Join(builderDir, build.Name, builder.ContextDir),
 		VolumeMounts:    volumeMounts,
+		// Buildah requires root privileges
+		SecurityContext: &corev1.SecurityContext{
+			RunAsUser:  &root,
+			RunAsGroup: &root,
+		},
 	}
 
 	pod.Spec.Volumes = append(pod.Spec.Volumes, volumes...)

diff --git a/pkg/controller/catalog/initialize.go b/pkg/controller/catalog/initialize.go
@@ -175,7 +175,7 @@ func initializeS2i(ctx context.Context, c client.Client, ip *v1.IntegrationPlatf
 	// Dockfile
 	dockerfile := string([]byte(`
 		FROM ` + catalog.Spec.GetQuarkusToolingImage() + `
-		USER 1000
+		USER 1001
 		ADD /usr/local/bin/kamel /usr/local/bin/kamel
 		ADD /usr/share/maven/mvnw/ /usr/share/maven/mvnw/
 		ADD ` + defaults.LocalRepository + ` ` + defaults.LocalRepository + `
@@ -382,6 +382,8 @@ func initializeS2i(ctx context.Context, c client.Client, ip *v1.IntegrationPlatf
 func imageExistsSpectrum(options spectrum.Options) bool {
 	Log.Infof("Checking if Camel K builder container %s already exists...", options.Base)
 	ctrImg, err := spectrum.Pull(options)
+	// Ignore the error-indent-flow as we save the need to declare a dependency explicitly
+	// nolint: revive
 	if ctrImg != nil && err == nil {
 		if hash, err := ctrImg.Digest(); err != nil {
 			Log.Errorf(err, "Cannot calculate digest")

diff --git a/pkg/platform/defaults.go b/pkg/platform/defaults.go
@@ -82,7 +82,7 @@ func ConfigureDefaults(ctx context.Context, c client.Client, p *v1.IntegrationPl
 	}
 
 	if p.Status.Build.BuildConfiguration.Strategy == "" {
-		p.Status.Build.BuildConfiguration.Strategy = v1.BuildStrategyPod
+		p.Status.Build.BuildConfiguration.Strategy = v1.BuildStrategyRoutine
 		log.Debugf("Integration Platform %s [%s]: setting build strategy %s", p.Name, p.Namespace, p.Status.Build.BuildConfiguration.Strategy)
 	}
 

diff --git a/pkg/util/defaults/defaults.go b/pkg/util/defaults/defaults.go
@@ -29,7 +29,7 @@ const (
 	DefaultRuntimeVersion = "2.16.0-SNAPSHOT"
 
 	// BuildahVersion --
-	BuildahVersion = "1.23.3"
+	BuildahVersion = "1.30.0"
 
 	// KanikoVersion --
 	KanikoVersion = "1.9.1"

diff --git a/script/Makefile b/script/Makefile
@@ -24,7 +24,7 @@ VERSION ?= 2.0.0-SNAPSHOT
 LAST_RELEASED_IMAGE_NAME := camel-k-operator
 LAST_RELEASED_VERSION ?= 1.12.1
 RUNTIME_VERSION := 2.16.0-SNAPSHOT
-BUILDAH_VERSION := 1.23.3
+BUILDAH_VERSION := 1.30.0
 KANIKO_VERSION := 1.9.1
 CONTROLLER_GEN_VERSION := v0.6.1
 CODEGEN_VERSION := v0.25.6