CLOUDP-362015 - use rootless podman #654
Draft
+100
−53
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MCK 1.6.2 Release Notes |
nammn
added
the
skip-changelog
nammn
commented
Dec 18, 2025
| fi | ||
| export XDG_RUNTIME_DIR="${runtime_dir}" | ||
|
|
||
| # Clean up stale podman state (fixes "cannot re-exec process to join the existing user namespace") |
Collaborator
Author
There was a problem hiding this comment.
this still happens, but once evg agents properly cleanup podman containers we should be able to rremove this: https://jira.mongodb.org/browse/DEVPROD-25447
nammn
commented
Dec 18, 2025
scripts/minikube/setup_minikube.sh
Outdated
| local start_args=("--driver=podman") | ||
| start_args+=("--cpus=4" "--memory=8g") | ||
| # Use containerd as container runtime inside minikube for better rootless support | ||
| start_args+=("--container-runtime=containerd") |
Collaborator
Author
There was a problem hiding this comment.
and containerd is also more stable
nammn
commented
Dec 18, 2025
| Fetches an auth token from ECR via boto3 and logs | ||
| into the Docker daemon via the Docker SDK. | ||
| """ | ||
| import boto3 |
Collaborator
Author
There was a problem hiding this comment.
lets only import this when we use this, otherwise build_image (for podman and minikube) and thus ibm container will need those deps
nammn
force-pushed
the
fix-ibm-docker-2
branch
from
1796a5a to
c14c030
Compare
3 tasks
nammn
force-pushed
the
fix-ibm-docker-2
branch
from
c14c030 to
bc55698
Compare
- Increase download timeout from 180s to 600s for large binaries on slow IBM networks - Fix rootful mode: unset MINIKUBE_ROOTLESS env var and use --rootless=false flag - Update kicbase to v0.0.48 to match minikube v1.37.0 - Use bridge CNI for ppc64le/s390x (kindnet lacks ppc64le images) - Add safe cleanup for shared CI machines (only kills orphaned processes) - Configure root-level podman for minikube rootful mode - Test podman functionality before proceeding 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
nammn
force-pushed
the
fix-ibm-docker-2
branch
from
18b4923 to
a2aea73
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Container Runtime and Podman Environment Improvements:
Major rewrite of
scripts/dev/setup_ibm_container_runtime.shto:crunas needed, and configure container and storage settings for both user and root contexts.In
scripts/minikube/setup_minikube.sh:Download and Setup Reliability:
curltimeout and retry delay inscripts/funcs/installto handle large binary downloads (like Minikube) on slow networks, and enable resume capability for interrupted downloads.Python Environment and Requirements Handling:
Proof of Work
Checklist
skip-changeloglabel if not needed