DEV Community

betadots profile image Robert Waffen
Robert Waffen for betadots

Posted on

OpenVox rootless Alpine Containers

#opensource #containers #openvox

Over the last weeks, I spent a lot of my Open Source time at betadots GmbH working on improving the OpenVox containers.

The result: both openvoxserver and openvoxdb are now regularly published as Ubuntu and Alpine based container images 🎉

The PRs

This may sound like a small packaging change at first glance, but it actually opens the door for several different deployment styles and operational preferences.

Some users prefer Ubuntu based images for compatibility, familiarity and enterprise environments. Others want the smaller Alpine footprint, faster pulls and a more minimal runtime environment.

How I got there

Building the Alpine containers was a significant challenge because we don’t have packages here. Building Alpine packages would have been another nightmare to solve. So, I looked into the build scripts for the Ubuntu/RHEL packages and extracted all the necessary steps to get the server running. Ideally, I thought, "That’s only a JAR, how complicated can this be? Containers are made for running JARs!" But I couldn’t have been further from the truth. The OpenVox JARs are not self-running and depend on a lot of files and directories being in the right place. Getting this working was a bit of a hassle! But in the end, I got all the steps together, and the containers were building and even starting! They were working! Then, I had to do it rootless. So, we figured out every place where a chmod or chown is made and got this out of the starting process. It wasn’t easy! But we solved it in the end. With much help from the community!

Rootless containers in detail 🥷🐳

One particularly exciting part: the Alpine images are already fully rootless.

That means they are prepared to run without root privileges inside the container, improving the security posture and aligning better with modern container best practices.

The Ubuntu variants are expected to follow soon as the remaining changes are being worked on.

Rootless containers are one of those things that feel a bit like upgrading from telnet to SSH. Once the ecosystem is ready for it, going back feels strange.

Community powered Open Source ❤️

Even though I implemented most of the changes during my Open Source time at betadots GmbH, this was absolutely not a solo effort.

There were reviews, discussions, testing, feedback and many tiny details coming from the OpenVox community. Open Source thrives when individuals collectively contribute their ideas, refining them until the final product surpasses the original draft.

Huge thanks to everyone involved 🙌

Why this matters

Infrastructure projects are often built from many small building blocks:

  • container images
  • CI pipelines
  • packaging
  • runtime security
  • multi-distro support
  • rootless compatibility

Individually, these changes may seem minor.

But together they make the ecosystem more flexible, more secure and easier to integrate into different environments, from homelabs to enterprise deployments.

What’s next?

There is still more work ahead around rootless support, image hardening and ecosystem improvements, but this is another nice milestone for OpenVox containers.

Feedback, testing and contributions are always welcome.

Open Source is still one of the few places where random people on the internet collectively assemble giant infrastructures out of YAML, shell scripts and sleep deprivation 🤖✨

Cheers, Robert

Top comments (0)