use rootless podman

Author: nammn

scripts/dev/setup_ibm_container_runtime.sh

@@ -2,93 +2,37 @@
 
 set -Eeou pipefail
 
-echo "=========================================="
 echo "Setting up IBM container runtime (rootless)"
-echo "=========================================="
 
 # Setup XDG_RUNTIME_DIR for rootless podman
-# This directory must exist and be writable for rootless containers
-setup_runtime_dir() {
-  local uid
-  uid=$(id -u)
-  local runtime_dir="/run/user/${uid}"
-
-  if [[ ! -d "${runtime_dir}" ]]; then
-    echo "Creating XDG_RUNTIME_DIR: ${runtime_dir}"
+uid=$(id -u)
+runtime_dir="/run/user/${uid}"
+if [[ ! -d "${runtime_dir}" ]]; then
     sudo mkdir -p "${runtime_dir}"
     sudo chown "$(whoami):$(whoami)" "${runtime_dir}"
     sudo chmod 700 "${runtime_dir}"
-  elif [[ ! -w "${runtime_dir}" ]]; then
-    echo "Fixing permissions on XDG_RUNTIME_DIR: ${runtime_dir}"
-    sudo chown "$(whoami):$(whoami)" "${runtime_dir}"
-    sudo chmod 700 "${runtime_dir}"
-  fi
-
-  export XDG_RUNTIME_DIR="${runtime_dir}"
-  echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}"
-
-  # Create containers subdirectory
-  mkdir -p "${runtime_dir}/containers" 2>/dev/null || true
-}
-
-setup_runtime_dir
-
-echo "Cleaning DNF cache..."
-sudo dnf clean all && sudo rm -rf /var/cache/dnf || true
-
-echo "Installing/upgrading crun..."
-sudo dnf upgrade -y crun --disableplugin=subscription-manager || \
-sudo dnf install -y crun --disableplugin=subscription-manager || \
-sudo yum upgrade -y crun --disableplugin=subscription-manager || \
-sudo yum install -y crun --disableplugin=subscription-manager
-
-# Find crun path - it might be in different locations
-crun_path=""
-for path in /usr/bin/crun /usr/local/bin/crun /bin/crun; do
-  if [[ -x "${path}" ]]; then
-    crun_path="${path}"
-    break
-  fi
-done
-
-if [[ -z "${crun_path}" ]]; then
-  # Try to find it
-  crun_path=$(command -v crun 2>/dev/null || true)
-fi
-
-if [[ -z "${crun_path}" || ! -x "${crun_path}" ]]; then
-  echo "❌ crun not found after installation"
-  echo "Searching for crun..."
-  find /usr -name "crun" -type f 2>/dev/null || true
-  exit 1
 fi
+export XDG_RUNTIME_DIR="${runtime_dir}"
 
-echo "Found crun at: ${crun_path}"
-current_version=$("${crun_path}" --version | head -n1)
-echo "✅ Using crun: ${current_version}"
-
-# Clean up any existing conflicting configurations (user-level only for rootless)
-echo "Cleaning up existing container configurations..."
-rm -f ~/.config/containers/containers.conf 2>/dev/null || true
-
-# Configure for rootless podman with explicit crun path
-config="[containers]
-cgroup_manager = \"cgroupfs\"
-
-[engine]
-runtime = \"${crun_path}\""
+# Install crun
+echo "Installing crun..."
+sudo dnf clean all || true
+sudo dnf install -y crun --disableplugin=subscription-manager || \
+sudo yum install -y crun --disableplugin=subscription-manager || true
 
+# Configure rootless podman
 mkdir -p ~/.config/containers
-echo "${config}" > ~/.config/containers/containers.conf
 
-# Also set storage driver explicitly for rootless
-storage_config="[storage]
-driver = \"overlay\"
-runroot = \"${XDG_RUNTIME_DIR}/containers\"
-graphroot = \"${HOME}/.local/share/containers/storage\""
+cat > ~/.config/containers/containers.conf << 'EOF'
+[containers]
+cgroup_manager = "cgroupfs"
+EOF
 
-echo "${storage_config}" > ~/.config/containers/storage.conf
+cat > ~/.config/containers/storage.conf << EOF
+[storage]
+driver = "overlay"
+runroot = "${XDG_RUNTIME_DIR}/containers"
+graphroot = "${HOME}/.local/share/containers/storage"
+EOF
 
-echo "✅ Configured crun for rootless podman"
-echo "Config written to ~/.config/containers/containers.conf"
-echo "Storage config written to ~/.config/containers/storage.conf"
+echo "Done"

scripts/funcs/kubernetes

@@ -101,19 +101,10 @@ create_image_registries_secret() {
 
     # Detect the correct config file path based on container runtime
     local config_file
-    local temp_config_file=""
-    if command -v podman &> /dev/null && (podman info &> /dev/null || sudo podman info &> /dev/null); then
-      # For Podman, use root's auth.json since minikube uses sudo podman
-      config_file="/root/.config/containers/auth.json"
+    if command -v podman &> /dev/null && podman info &> /dev/null; then
+      config_file="${HOME}/.config/containers/auth.json"
       echo "Using Podman config: ${config_file}"
-
-      # Create a temporary copy that the current user can read
-      temp_config_file=$(mktemp)
-      sudo cp "${config_file}" "${temp_config_file}"
-      sudo chown "$(whoami):$(whoami)" "${temp_config_file}"
-      config_file="${temp_config_file}"
     else
-      # For Docker, use standard docker config
       config_file="${HOME}/.docker/config.json"
       echo "Using Docker config: ${config_file}"
     fi
@@ -127,11 +118,6 @@ create_image_registries_secret() {
     else
       echo "Skipping creating pull secret in ${context}/${namespace}. The namespace doesn't exist yet."
     fi
-
-    # Clean up temporary file
-    if [[ -n "${temp_config_file}" ]] && [[ -f "${temp_config_file}" ]]; then
-      rm -f "${temp_config_file}"
-    fi
   }
 
   echo "Creating/updating pull secret from docker configured file"