Sample code supporting the Enable Sysadmin article How to build images with rootless Podman in Jenkins on OpenShift.
Code fixes and updates from the original article have been made:
-
I noticed an error in the SecurityContextConstraints definition:
Uid: 1001should beuid: 1001. I regret the error. It has been fixed here. -
Since the writing of the article, CRC has been updated and new version cannot install podman/skopeo/buildah on the Red Hat supplied Jenkins Agent image; therefore, after playing with it for awhile, I created a Fedora based Jenkins Agent image to get around the problem.
Dockerfile.baseis now based on this image. If you are running in a RHEL cluster with a valid subscription, you should have no problem with the originalDockerfile.basefrom the article, but if you are running a later version of CRC you can use this Dockerfile for testing purposes. -
Dockerfile.base was also updated from
chmod u-s /usr/bin/newuidmap && \ chmod u-s /usr/bin/newgidmap && \to
chmod u-s /usr/bin/new[gu]idmap && \ setcap cap_setuid+eip /usr/bin/newuidmap && \ setcap cap_setgid+eip /usr/bin/newgidmap && \The latter code makes sure the proper capabilites are set on the two binaries. Use the latter when creating your own Jenkins Agents, just to be sure.
-
The Jenkinsfile was updated so that it can be run multiple times without failing.
oc new-appwill only be executed once now. -
A Jenkins instance will now be created automatically for you when running
agent-image-build.sh, so there's no need to do so separately.