search

slok / kube-code-generator

Kubernetes code generator docker image
74 stars 21 forks source link

Permission issue when generating code using docker #35

Open tkrop opened 2 months ago

tkrop commented 2 months ago

I struggled a bit to get the example running from the README.md.

docker run -it --rm \
  --volume $(pwd):/app:rw
  ghcr.io/slok/kube-code-generator:v0.2.0 \
  --apis-in ./apis --go-gen-out ./client --crd-gen-out ./manifests

was leading to a permission error the container was prepared to address by starting as follows:

docker run -it --rm \
  --user $(id -u):$(id -g) \
  --volume $(pwd):/app:rw \
  ghcr.io/slok/kube-code-generator:v0.2.0 \
  --apis-in ./apis --go-gen-out ./client --crd-gen-out ./manifests

However, this does not fix the issue, since the container tries to create the user .cache in the root directory now, which fails the same way with a permission error. So finally, I came up with

docker run -it --rm \
  --env HOME=/app \
  --user $(id -u):$(id -g) \
  --volume $(pwd):/app:rw \
  ghcr.io/slok/kube-code-generator:v0.2.0 \
  --apis-in ./apis --go-gen-out ./client --crd-gen-out ./manifests

Which is working.

@slok May be you like to fix this in the Dockerfile and improve the documentation.

slok commented 2 months ago

Hi @tkrop Thanks for sharing the issue. What OS are you using?

tkrop commented 2 months ago

I'm running on Ubuntu 22.04.

tkrop commented 2 months ago

@slok There may be an interesting follow up problem. After I tried the example, I'm trying the generation on my own api-code and getting the following error:

$ docker run -it --rm --user $(id -u):$(id -g) --env HOME=/app --volume $(pwd):/app   ghcr.io/slok/kube-code-generator:v0.2.0   --apis-in ./apis   --go-gen-out ./client   --crd-gen-out ./manifests;
INFO[0000] Go generated code package inferred            module=github.bus.zalan.do/automated-updates/codeshift/client version=v0.2.0
INFO[0000] Generating Go code...                         version=v0.2.0
Error: could not generate Go code: could not generate Go clients code: error while executing bash script: exit status 255: go: writing stat cache: open /go/pkg/mod/cache/download/github.com/google/gnostic-models/@v/v0.6.8.info391055367.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/k8s.io/gengo/v2/@v/v2.0.0-20240228010128-51d4e06bde70.info43905198.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/google.golang.org/protobuf/@v/v1.33.0.info310744993.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/github.com/golang/protobuf/@v/v1.5.4.info824388260.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/k8s.io/kube-openapi/@v/v0.0.0-20240228011516-70dd3763d340.info764875774.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/golang.org/x/tools/@v/v0.18.0.info952748080.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/github.com/go-openapi/jsonreference/@v/v0.20.2.info837426023.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/github.com/go-openapi/swag/@v/v0.22.3.info565611441.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/golang.org/x/mod/@v/v0.15.0.info523488642.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/github.com/go-openapi/jsonpointer/@v/v0.19.6.info426920719.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/github.com/mailru/easyjson/@v/v0.7.7.info320431917.tmp: permission denied
go: writing stat cache: open /go/pkg/mod/cache/download/github.com/josharian/intern/@v/v1.0.0.info219444440.tmp: permission denied
go: downloading k8s.io/apimachinery v0.30.3
go: writing go.mod cache: mkdir /go/pkg/mod/cache/download/github.com/sirupsen: permission denied
go: writing go.mod cache: open /go/pkg/mod/cache/download/k8s.io/apimachinery/@v/v0.30.3.mod554850431.tmp: permission denied
go: writing go.mod cache: open /go/pkg/mod/cache/download/golang.org/x/sys/@v/v0.0.0-20220715151400-c0bba94af5f8.mod901969475.tmp: permission denied
go: writing go.mod cache: open /go/pkg/mod/cache/download/github.com/stretchr/testify/@v/v1.7.0.mod144629576.tmp: permission denied
Generating client code for 1 targets
grep: ./client/clientset: No such file or directory
F0806 16:07:29.829259    2746 main.go:65] Error: failed making a parser: error(s) in "k8s.io/apimachinery/pkg/runtime/schema":
apis/codeshift/v1alpha1/register.go:6:2: open /go/pkg/mod/cache/download/k8s.io/apimachinery/@v/v0.30.3.lock: permission denied
error(s) in "k8s.io/apimachinery/pkg/apis/meta/v1":
apis/codeshift/v1alpha1/register.go:4:2: open /go/pkg/mod/cache/download/k8s.io/apimachinery/@v/v0.30.3.lock: permission denied
error(s) in "k8s.io/apimachinery/pkg/runtime":
apis/codeshift/v1alpha1/register.go:5:2: open /go/pkg/mod/cache/download/k8s.io/apimachinery/@v/v0.30.3.lock: permission denied
tkrop commented 2 months ago

Actually, with a bit of thinking I also found a solution for this:

docker run -it --rm --user $(id -u):$(id -g) --env HOME=/app \
  --volume $(pwd):/app --volume=${GOPATH}:/go \
  ghcr.io/slok/kube-code-generator:v0.2.0 \
  --apis-in ./apis --go-gen-out ./client --crd-gen-out ./manifests;
tkrop commented 2 months ago

Actually this here is an improved solution for me:

docker run -it --rm --user "$(id -u):$(id -g)" \
  --volume $(pwd):/app --volume ${GOPATH}:/go --volume ${HOME}/.cache:/.cache \
  ghcr.io/slok/kube-code-generator:v0.2.0 \
  --apis-in ./apis --go-gen-out ./client --crd-gen-out ./manifests;

I also tested to move the code generation to project sub-directory as follows:

docker run -it --rm --user "$(id -u):$(id -g)" \
  --volume $(pwd):/app --volume ${GOPATH}:/go \
  --volume ${HOME}/.cache:/.cache \
  ghcr.io/slok/kube-code-generator:v0.2.0 \
  --apis-in ./operator/apis \
  --go-gen-out ./operator/client \
  --crd-gen-out ./operator/manifests;

This works as expected after fixing a code bug.