openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

OSDOCS9297: Using /dev/fuse to access faster builds

Browse Source
This commit is contained in:
Daniel Chadwick
2024-02-08 16:24:27 -05:00
committed by openshift-cherrypick-robot
parent 7896672355
commit 9a410ee704
3 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
_topic_maps/_topic_map.yml
View File

@@ -2507,6 +2507,8 @@ Topics:
File: nodes-containers-port-forwarding
- Name: Using sysctls in containers
File: nodes-containers-sysctls
- Name: Accessing faster builds with /dev/fuse
File: nodes-containers-dev-fuse
- Name: Working with clusters
Dir: clusters
Topics:

66
modules/nodes-containers-dev-fuse-configuring.adoc Normal file
View File

@@ -0,0 +1,66 @@
// Module included in the following assemblies:
//
// * nodes/nodes-containers-dev-fuse.adoc
:_mod-docs-content-type: PROCEDURE
[id="nodes-containers-dev-fuse-configuring_{context}"]
= Configuring /dev/fuse on unprivileged pods
As an alternative to the virtual filesystem, you can configure the `/dev/fuse` device to the `io.kubernetes.cri-o.Devices` annotation to access faster builds within unprivileged pods. Using `/dev/fuse` is secure, efficient, and scalable, and allows unprivileged users to mount an overlay filesystem as if the unprivileged pod was privileged.
.Procedure
. Create the pod.
+
[source,terminal]
----
$ oc exec -ti no-priv -- /bin/bash
----
+
[source,terminal]
----
$ cat >> Dockerfile <<EOF
FROM registry.access.redhat.com/ubi9
EOF
----
+
[source,terminal]
----
$ podman build .
----
. Implement `/dev/fuse` by adding the `/dev/fuse` device to the `io.kubernetes.cri-o.Devices` annotation.
+
[source,yaml]
----
io.kubernetes.cri-o.Devices: "/dev/fuse"
----
+
For example:
+
[source,yaml]
----
apiVersion: v1
kind: Pod
metadata:
  name: podman-pod
  annotations:
    io.kubernetes.cri-o.Devices: "/dev/fuse"
----
. Configure the `/dev/fuse` device in your pod specifications.
+
[source,yaml]
----
spec:
  containers:
  - name: podman-container
    image: quay.io/podman/stable
    args:
    - sleep
    - "1000000"
    securityContext:
      runAsUser: 1000
----

11
nodes/containers/nodes-containers-dev-fuse.adoc Normal file
View File

@@ -0,0 +1,11 @@
:_mod-docs-content-type: ASSEMBLY
:context: nodes-containers-dev-fuse
[id="nodes-containers-dev-fuse"]
= Accessing faster builds with /dev/fuse
include::_attributes/common-attributes.adoc[]
toc::[]
You can configure your pods with the `/dev/fuse` device to access faster builds.
include::modules/nodes-containers-dev-fuse-configuring.adoc[leveloffset=+1]