Change ownership of the project volume mount directory to the quarkus user #128
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cescoffier
approved these changes
Jan 27, 2021
|
LGTM, @zakkak what do you think? |
zakkak
approved these changes
Jan 27, 2021
There was a problem hiding this comment.
LGTM as well. Thanks @jonathan-meier
Tested with podman v2.2.1, mandrel 20.3.0.0.Final, and Quarkus 1.11.0.Final.
|
Awesome, thanks for the prompt reviews! The new images on quay.io work as expected now 👍 |
matthyx
pushed a commit
to matthyx/quarkus-images
that referenced
this pull request
Sep 20, 2021
Bug 1832629: Add metrics for 1xx, 3xx, and 4xx request counters, add latency, track reused connections
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Container builds for a native images on a remote docker host are currently not possible (quarkusio/quarkus#1610). The issue is that the native build step mounts a volume to the build container containing the sources for the native image build and to which the final native image is written back to the host. However, volume mounts are not available for remote docker daemons. Still, using remote docker daemons is a pretty common scenario.
I outlined a solution to this problem in a comment on the above mentioned issue quarkusio/quarkus#1610 (comment), which is to copy the build sources into the container as well as copy the final native image out of the container back to the host, instead of using the volume mount. PR quarkusio/quarkus#14635 implements this strategy, which used to work with the build images provided on quay.io some time ago (late August, I think), but does not work with the newest images anymore. It seems to be a permission issue with the
/projectmount point. It is created with the root user when building the docker image, but written to using the quarkus user (uid 1001) when building the native image, which fails. The native image builds only work, when an actual directory on the host is mounted as a volume using the z-flag. The z-flag unfortunately does not work for anonymous or named volumes.The solution provided in this PR is to explicitly create the
/projectfolder during the docker image build and let it be owned by thequarkususer (created in theadd-quarkus-usermodule) before the volume is created on it.