Merge pull request #207 from ashcrow/podman

*: use podman instead of docker

Author: openshift-merge-robot

README.md

@@ -18,9 +18,9 @@ These instructions can be used for AWS:
     bazel build tarball
     ```
 
-    *Note*: the project can optionally be built without installing Bazel, provided Docker is installed:
+    *Note*: the project can optionally be built without installing Bazel, provided Podman is installed:
     ```sh
-    docker run --rm -v $PWD:$PWD:Z -w $PWD quay.io/coreos/tectonic-builder:bazel-v0.3 bazel --output_base=.cache build tarball
+    podman run --rm -v $PWD:$PWD:Z -w $PWD quay.io/coreos/tectonic-builder:bazel-v0.3 bazel --output_base=.cache build tarball
     ```
 
 3. Extract the tarball

hack/go-fmt.sh

@@ -5,7 +5,7 @@ if [ "$IS_CONTAINER" != "" ]; then
   done
   git diff --exit-code
 else
-  docker run --rm \
+  podman run --rm \
     --env IS_CONTAINER=TRUE \
     --volume "${PWD}:/go/src/github.com/openshift/installer:z" \
     --workdir /go/src/github.com/openshift/installer \

hack/go-lint.sh

@@ -4,7 +4,7 @@
 if [ "$IS_CONTAINER" != "" ]; then
   golint -set_exit_status "${@}"
 else
-  docker run --rm \
+  podman run --rm \
     --env IS_CONTAINER=TRUE \
     --volume "${PWD}:/go/src/github.com/openshift/installer:z" \
     --workdir /go/src/github.com/openshift/installer \

hack/go-vet.sh

@@ -2,7 +2,7 @@
 if [ "$IS_CONTAINER" != "" ]; then
   go vet "${@}"
 else
-  docker run --rm \
+  podman run --rm \
     --env IS_CONTAINER=TRUE \
     --volume "${PWD}:/go/src/github.com/openshift/installer:z" \
     --workdir /go/src/github.com/openshift/installer \

hack/shellcheck.sh

@@ -6,7 +6,7 @@ if [ "$IS_CONTAINER" != "" ]; then
     -o -path "${TOP_DIR}/.build" -prune \
     -o -type f -name '*.sh' -exec shellcheck --format=gcc {} \+
 else
-  docker run --rm \
+  podman run --rm \
     --env IS_CONTAINER=TRUE \
     --volume "${PWD}:/workdir:ro,z" \
     --entrypoint sh \

hack/test-bazel-build-tarball.sh

@@ -3,7 +3,7 @@ if [ "$IS_CONTAINER" != "" ]; then
   set -x
   bazel --output_base=/tmp build "$@" tarball
 else
-  docker run --rm \
+  podman run --rm \
     --env IS_CONTAINER=TRUE \
     --volume "${PWD}:${PWD}:z" \
     --workdir "${PWD}" \

hack/tf-fmt.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 
-# in prow, already in container, so no 'docker run'
+# in prow, already in container, so no 'podman run'
 if [ "$IS_CONTAINER" != "" ]; then
   set -x
   /terraform fmt -list -check -write=false
 else
-  docker run --rm \
+  podman run --rm \
     --env IS_CONTAINER=TRUE \
     --volume "${PWD}:${PWD}:ro,z" \
     --workdir "${PWD}" \

hack/tf-lint.sh

@@ -2,7 +2,7 @@
 if [ "$IS_CONTAINER" != "" ]; then
   tflint
 else
-  docker run --rm \
+  podman run --rm \
     --env IS_CONTAINER=TRUE \
     --volume "${PWD}:/data:z" \
     --entrypoint sh \

hack/yaml-lint.sh

@@ -2,7 +2,7 @@
 if [ "$IS_CONTAINER" != "" ]; then
   yamllint --config-data "{extends: default, rules: {line-length: {level: warning, max: 120}}}" ./examples/ ./installer/
 else
-  docker run --rm \
+  podman run --rm \
     --env IS_CONTAINER=TRUE \
     --volume "${PWD}:/workdir:z" \
     --entrypoint sh \

modules/bootkube/resources/bootkube.service

@@ -2,16 +2,12 @@
 Description=Bootstrap a Kubernetes cluster
 ConditionPathExists=!/opt/tectonic/init_bootkube.done
 Wants=kubelet.service
-Requires=docker.service
-After=kubelet.service docker.service
+After=kubelet.service
 
 [Service]
 Type=oneshot
 RemainAfterExit=true
 WorkingDirectory=/opt/tectonic
 
-User=root
-Group=root
-
 ExecStart=/usr/bin/bash /opt/tectonic/bootkube.sh
 ExecStartPost=/bin/touch /opt/tectonic/init_bootkube.done

modules/bootkube/resources/bootkube.sh

@@ -4,7 +4,7 @@ set -e
 echo "Rendering Kubernetes core manifests..."
 
 # shellcheck disable=SC2154
-/usr/bin/docker run \
+/usr/bin/podman run \
     --volume "$PWD:/assets:z" \
     --volume /etc/kubernetes:/etc/kubernetes:z \
     "${kube_core_renderer_image}" \
@@ -14,7 +14,7 @@ echo "Rendering Kubernetes core manifests..."
 echo "Rendering TNC manifests..."
 
 # shellcheck disable=SC2154
-/usr/bin/docker run \
+/usr/bin/podman run \
     --user 0 \
     --volume "$PWD:/assets:z" \
     "${tnc_operator_image}" \
@@ -29,14 +29,13 @@ cp "$PWD/tnc-bootstrap/tectonic-node-controller-config.yaml" /etc/kubernetes/tnc
 # We originally wanted to run the etcd cert signer as
 # a static pod, but kubelet could't remove static pod
 # when API server is not up, so we have to run this as
-# docker container.
+# podman container.
 # See https://github.com/kubernetes/kubernetes/issues/43292
 
 echo "Starting etcd certificate signer..."
 
 # shellcheck disable=SC2154
-SIGNER=$(/usr/bin/docker run -d \
-    --tmpfs /tmp \
+SIGNER=$(/usr/bin/podman run -d \
     --volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z \
     --network host \
     "${etcd_cert_signer_image}" \
@@ -57,8 +56,9 @@ i=0
 while true; do
     set +e
     # shellcheck disable=SC2154,SC2086
-    /usr/bin/docker run \
+    /usr/bin/podman run \
         --rm \
+        --network host \
         --name etcdctl \
         --env ETCDCTL_API=3 \
         --volume /opt/tectonic/tls:/opt/tectonic/tls:ro,z \
@@ -86,15 +86,15 @@ done
 
 echo "etcd cluster up. Killing etcd certificate signer..."
 
-/usr/bin/docker kill "$SIGNER"
+/usr/bin/podman kill "$SIGNER"
 rm /etc/kubernetes/manifests/tectonic-node-controller-pod.yaml
 
 cp -r "$PWD/bootstrap-configs" /etc/kubernetes/bootstrap-configs
 
 echo "Starting bootkube..."
 
 # shellcheck disable=SC2154
-/usr/bin/docker run \
+/usr/bin/podman run \
     --volume "$PWD:/assets:z" \
     --volume /etc/kubernetes:/etc/kubernetes:z \
     --network=host \

scripts/maintenance/clean-aws.sh

@@ -4,7 +4,7 @@ usage() {
   cat <<EOF
 
 $(basename "$0") deletes AWS resources tagged with tags specified in a tag file.
-Requires that 'docker' and 'jq' are installed.
+Requires that 'podman' and 'jq' are installed.
 
 AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environmental variables must be set.
 
@@ -86,7 +86,7 @@ while [ $# -gt 0 ]; do
   shift
 done
 
-if ! command -V docker >/dev/null || ! command -V jq >/dev/null; then
+if ! command -V podman >/dev/null || ! command -V jq >/dev/null; then
   echo "Missing required dependencies" >&2
   exit 1
 fi
@@ -155,9 +155,9 @@ if [ ! $force ]; then
   fi
 fi
 
-trap 'docker stop grafiti-deleter; exit' EXIT
+trap 'podman stop grafiti-deleter; exit' EXIT
 
-docker run -t --rm --name grafiti-deleter \
+podman run -t --rm --name grafiti-deleter \
 	-v "$tmp_dir":/tmp/config:z \
 	-e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
 	-e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \

scripts/maintenance/tag-aws.sh

@@ -5,7 +5,7 @@ usage() {
 
 $(basename "$0") tags AWS resources with 'expirationDate: some-date-string',
 defaulting to tomorrow's date, and excludes all resources tagged with
-tag keys/values specified in an 'exclude' file. Requires that 'docker' is
+tag keys/values specified in an 'exclude' file. Requires that 'podman' is
 installed.
 
 AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environmental variables must be set.
@@ -101,7 +101,7 @@ while [ $# -gt 0 ]; do
   shift
 done
 
-if ! command -V docker >/dev/null; then
+if ! command -V podman >/dev/null; then
   echo "Missing required dependencies" >&2
   exit 1
 fi
@@ -181,9 +181,9 @@ if [ ! $force ]; then
   fi
 fi
 
-trap 'docker stop grafiti-tagger; exit' EXIT
+trap 'podman stop grafiti-tagger; exit' EXIT
 
-docker run -t --rm --name grafiti-tagger \
+podman run -t --rm --name grafiti-tagger \
 	-v "$tmp_dir":/tmp/config:z \
 	-e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
 	-e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \