Get rid of docker layer running the Makefile and hack scripts

mesosphere / kubernetes-mesos

A Kubernetes Framework for Apache Mesos

637 stars 92 forks source link

Get rid of docker layer running the Makefile and hack scripts #653

Open sttts opened 8 years ago

sttts commented 8 years ago

We run the scripts in hack/, build/ and the Makefile itself in a Docker container. This adds unnecessary complexity.

The original reason to do that was that we were sharing Teamcity agents with other proejcts. This is not the case anymore.

In addition we could clean up the e2e jobs by not using the root user.

karlkfi commented 8 years ago

There are several reasons to continue testing in a container:

Controlled environment
Environment & dependency versions in version control
Portable CI environment duplicatable on user machines for replication
Avoid external dependency installation/management: make, docker-compose, wget, probe
Easily communicate known-good env to users
Run tests with a single command

jdef commented 8 years ago

are there other ways to achieve the goal of not running as root?

karlkfi commented 8 years ago

docker has to be run with root privileges. Tho it's possible to create a user in the dockerfile and switch to that user so that the subsequent commands run as a different user.

jdef commented 8 years ago

For the docker commands that '[have] to be run with root privileges' .. what if we create a user, add that user to the "docker group", and then switch to that user for subsequent docker commands?

On Tue, Dec 1, 2015 at 6:15 PM, Karl Isenberg notifications@github.com wrote:

docker has to be run with root privileges. Tho it's possible to create a user in the dockerfile and switch to that user so that the subsequent commands run as a different user.

— Reply to this email directly or view it on GitHub https://github.com/mesosphere/kubernetes-mesos/issues/653#issuecomment-161127824 .

karlkfi commented 8 years ago

We could do that, but TeamCity already runs its builds as root. So we didn't need to. And the docker group is effectively the admin group. So there's almost no benefit. What are you trying to achieve?

jdef commented 8 years ago

It sounded like "running as root" was a possible concern. Was trying trying to suggest solutions.

On Tue, Dec 1, 2015 at 6:24 PM, Karl Isenberg notifications@github.com wrote:

We could do that, but TeamCity already runs its builds as root. So we didn't need to. And the docker group is effectively the admin group. So there's almost no benefit. What are you trying to achieve?

— Reply to this email directly or view it on GitHub https://github.com/mesosphere/kubernetes-mesos/issues/653#issuecomment-161129545 .