Docker Image Compatibility with Openshift/Kubernetes #9248
Description
Description
The new production ready Docker images are not compatible out of the box for Openshift Deployment, as some Openshift key concepts where violated.
Example:
apache/airflow:1.10.10-python3.7
Use case / motivation
- Image must be runnable with arbitrary userid
- Image must be runnable without associated entry in /etc/passwd
A Key Problem is the installation of python requirements as uid 50000 (airflow).
Workaround
FROM apache/airflow:1.10.10-python3.7
ARG PYTHON_MAJOR_MINOR_VERSION="3.7"
ENV PYTHON_MAJOR_MINOR_VERSION=${PYTHON_MAJOR_MINOR_VERSION}
# Modifications to the make image compatible with Openshifts Support Arbitrary User IDs
# https://docs.openshift.com/container-platform/3.7/creating_images/guidelines.html
USER root
# directories to be modified
RUN chgrp -R 0 /home/airflow && chmod -R g=u /home/airflow
RUN chgrp -R 0 ${AIRFLOW_HOME} && chmod -R g=u ${AIRFLOW_HOME}
# additionally, airflow users python site-packages must be available to arbitrary user as well
# Reference: https://stackoverflow.com/a/7901603
RUN echo "/home/airflow/.local/lib/python${PYTHON_MAJOR_MINOR_VERSION}/site-packages" > /usr/local/lib/python${PYTHON_MAJOR_MINOR_VERSION}/site-packages/airflow.pth
RUN chmod g=u /etc/passwd
...Also a Shell Script must be used after startup to add a username, if none is found
if ! whoami &> /dev/null; then
if [ -w /etc/passwd ]; then
echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd
fi
fi