Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-4157

[RN] Enable build capabilities by default

    XMLWordPrintable

Details

    • False
    • None
    • False
    • Release Notes
    • Hide
      = Dockerfile build capabilities enabled by default

      With this update, Dockerfile build capabilities are enabled by default for new installations. Administrators can opt out of the feature by setting `spec.devEnvironments.disableBuildCapabilities` to `true`.

      [NOTE]
      ====
      This update does not change the value of `disableBuildCapabilities` of existing installations.
      ====
      Show
      = Dockerfile build capabilities enabled by default With this update, Dockerfile build capabilities are enabled by default for new installations. Administrators can opt out of the feature by setting `spec.devEnvironments.disableBuildCapabilities` to `true`. [NOTE] ==== This update does not change the value of `disableBuildCapabilities` of existing installations. ====
    • Enhancement
    • Done

    Description

      Enable Dockerfile build capabilities by default

      The Linux capabilities SETUID and SETGID, required to build a container image using podman in rootless mode, are now enabled by default. Administrators can still opt-out setting CheCluster CR .spec.devEnvironments.disableBuildCapabilities to true. This is the last step of the journey to allow building Dockerfile from within an Eclipse Che cloud development environment. It started with a manual procedure described in[ this blog post|https://che.eclipseprojects.io/2022/10/10/@mloriedo-building-container-images.html], was exposed through one single property in[ Eclipse Che v7.56|https://github.com/eclipse/che/releases/tag/7.56.0] and is now, after a months of feedbacks in real world Kubernetes clusters, enabled by default.

       

      Synced from eclipse/che issue

      https://github.com/eclipse/che/issues/22032

      Is your enhancement related to a problem? Please describe

      Current default configuration for Che is:

      spec.devEnvironments.disableBuildCapabilities: true

      and podman build doesn't work by default.

      Describe the solution you'd like

      For new installations the default should be:

      spec.devEnvironments.disableBuildCapabilities: false

      For update of existing installations we should not change the value of disableBuildCapabilities.

      Attachments

        Activity

          People

            rhn-ecs-pkovar Petr Kovar (Inactive)
            jiralint.codeready Bot Codeready
            Dmytro Nochevnov Dmytro Nochevnov
            Jana Vrbkova Jana Vrbkova
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: