-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathContainerfile
More file actions
89 lines (73 loc) · 3.07 KB
/
Containerfile
File metadata and controls
89 lines (73 loc) · 3.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# Containerfile for Sysadmin Agents
# Based on official Google ADK deployment patterns
# Compatible with Podman and Docker
#
# Build:
# podman build -t sysadmin-agents:latest -f Containerfile .
#
# Run:
# podman run -d \
# -p 8000:8000 \
# -e GOOGLE_API_KEY="your-key" \
# -e LINUX_MCP_USER="admin" \
# -v ~/.ssh/id_ed25519:/opt/app-root/src/.ssh/id_ed25519:ro \
# sysadmin-agents:latest
FROM registry.access.redhat.com/ubi9/python-311:latest
# Labels for container metadata
LABEL org.opencontainers.image.title="Sysadmin Agents"
LABEL org.opencontainers.image.description="AI agents for Linux/RHEL system administration using Google ADK"
LABEL org.opencontainers.image.source="https://github.com/your-org/sysadmin-agents"
# Set working directory (UBI images use /opt/app-root/src by default)
WORKDIR /opt/app-root/src
# Copy dependency files first for better layer caching
COPY pyproject.toml ./
COPY uv.lock ./
# Install dependencies
# Note: Using pip since UBI9 python image has pip pre-installed
# Install google-adk with web UI support and linux-mcp-server
RUN pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir \
"google-adk[web]>=1.18.0" \
"linux-mcp-server>=0.1.0a0" \
"pyyaml>=6.0.0" \
"pydantic-settings>=2.0.0" \
"aiosqlite>=0.19.0" \
"python-dotenv>=1.0.0"
# Copy application code
COPY main.py ./
COPY agents/ ./agents/
COPY core/ ./core/
# Create directories for runtime mounts (UBI9 runs as non-root user UID 1001)
# - SSH keys: mounted at runtime for MCP server
# - Config overrides: optional ConfigMap mounts for external configuration
RUN mkdir -p ${HOME}/.ssh && \
chmod 700 ${HOME}/.ssh && \
mkdir -p /opt/app-root/config && \
mkdir -p /opt/app-root/agent-config
# Environment variables with sensible defaults
# All can be overridden at runtime
ENV PORT=8000
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
# Session storage (SQLite by default, can be overridden)
ENV SESSION_SERVICE_URI="sqlite+aiosqlite:///./sessions.db"
# CORS allowed origins (configure for your deployment)
ENV ALLOWED_ORIGINS="*"
# MCP server configuration defaults
# Uses $HOME/.ssh which is /opt/app-root/src/.ssh in UBI9
ENV LINUX_MCP_SSH_KEY_PATH="/opt/app-root/src/.ssh/id_ed25519"
ENV LINUX_MCP_LOG_LEVEL="INFO"
ENV LINUX_MCP_ALLOWED_LOG_PATHS="/var/log/messages,/var/log/secure"
# Config mount paths (for ConfigMap/Secret mounts)
# Mount .env file to /opt/app-root/config/.env for app configuration
ENV CONFIG_PATH="/opt/app-root/config"
# Mount agent config overrides to /opt/app-root/agent-config
ENV AGENT_CONFIG_PATH="/opt/app-root/agent-config"
# Expose the server port
EXPOSE 8000
# Health check using Python (curl not available in UBI9 minimal)
HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:${PORT}/list-apps')" || exit 1
# Run the FastAPI application using uvicorn
# Following the exact pattern from Google ADK Cloud Run docs
CMD ["sh", "-c", "uvicorn main:app --host 0.0.0.0 --port ${PORT}"]