From 53d037aaf21481a69b190f8ae60318b291102d7e Mon Sep 17 00:00:00 2001 From: Rob Vesse Date: Tue, 22 Jan 2019 10:21:38 +0000 Subject: [PATCH 1/2] [SPARK-26685][K8S] Correct placement of ARG declaration Latest Docker releases are stricter in their enforcement of build argument scope. The location of the ARG spark_uid declaration in the Python and R Dockerfiles means the variable is out of scope by the time it is used in a USER declaration resulting in a container running as root rather than the default/configured UID. This commit moves the ARG declaration to just before the argument is used such that it is in scope. --- .../docker/src/main/dockerfiles/spark/bindings/R/Dockerfile | 2 +- .../src/main/dockerfiles/spark/bindings/python/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/bindings/R/Dockerfile b/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/bindings/R/Dockerfile index 9ded57c655104..34d449c9f08b9 100644 --- a/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/bindings/R/Dockerfile +++ b/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/bindings/R/Dockerfile @@ -16,7 +16,6 @@ # ARG base_img -ARG spark_uid=185 FROM $base_img WORKDIR / @@ -35,4 +34,5 @@ WORKDIR /opt/spark/work-dir ENTRYPOINT [ "/opt/entrypoint.sh" ] # Specify the User that the actual main process will run as +ARG spark_uid=185 USER ${spark_uid} diff --git a/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/bindings/python/Dockerfile b/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/bindings/python/Dockerfile index 36b91eb9a3aac..5044900d1d8a6 100644 --- a/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/bindings/python/Dockerfile +++ b/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/bindings/python/Dockerfile @@ -16,7 +16,6 @@ # ARG base_img -ARG spark_uid=185 FROM $base_img WORKDIR / @@ -46,4 +45,5 @@ WORKDIR /opt/spark/work-dir ENTRYPOINT [ "/opt/entrypoint.sh" ] # Specify the User that the actual main process will run as +ARG spark_uid=185 USER ${spark_uid} From 0ee1c3b71b46d2844841c3dc288b0d55d9087dbe Mon Sep 17 00:00:00 2001 From: Rob Vesse Date: Tue, 22 Jan 2019 10:49:03 +0000 Subject: [PATCH 2/2] [SPARK-26685][K8S] Fix -u not propagating to Python/R bindings Make sure that BINDING_BUILD_ARGS include the build argument that sets the desired UID if configured by the user --- bin/docker-image-tool.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/docker-image-tool.sh b/bin/docker-image-tool.sh index 4f66137eb1c7a..efaf09e74c405 100755 --- a/bin/docker-image-tool.sh +++ b/bin/docker-image-tool.sh @@ -154,10 +154,11 @@ function build { fi local BINDING_BUILD_ARGS=( - ${BUILD_PARAMS} + ${BUILD_ARGS[@]} --build-arg base_img=$(image_ref spark) ) + local BASEDOCKERFILE=${BASEDOCKERFILE:-"kubernetes/dockerfiles/spark/Dockerfile"} local PYDOCKERFILE=${PYDOCKERFILE:-false} local RDOCKERFILE=${RDOCKERFILE:-false}