2018-07-23 10:06:37 -07:00
|
|
|
# Copyright 2018 The Kubernetes Authors.
|
|
|
|
|
#
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
2019-10-23 10:12:20 -07:00
|
|
|
# kind node base image
|
2018-07-23 10:06:37 -07:00
|
|
|
#
|
|
|
|
|
# For systemd + docker configuration used below, see the following references:
|
2020-05-01 22:47:32 -07:00
|
|
|
# https://systemd.io/CONTAINER_INTERFACE/
|
2018-07-23 10:06:37 -07:00
|
|
|
|
2020-08-20 00:32:50 +02:00
|
|
|
# start from ubuntu 20.10, this image is reasonably small as a starting point
|
2019-10-23 10:12:20 -07:00
|
|
|
# for a kubernetes node image, it doesn't contain much we don't need
|
2021-05-21 15:05:47 -07:00
|
|
|
ARG BASE_IMAGE=ubuntu:21.04
|
2021-06-16 00:48:01 -07:00
|
|
|
FROM $BASE_IMAGE as build
|
2021-01-25 17:17:20 -08:00
|
|
|
|
|
|
|
|
# `docker buildx` automatically sets this arg value, but we add the arg for
|
|
|
|
|
# regular `docker bulid` invocations to force a selection
|
|
|
|
|
ARG TARGETARCH
|
2018-07-23 10:06:37 -07:00
|
|
|
|
2019-10-23 10:12:20 -07:00
|
|
|
# Configure containerd and runc binaries from kind-ci/containerd-nightlies repository
|
|
|
|
|
# The repository contains latest stable releases and nightlies built for multiple architectures
|
2021-05-21 15:04:10 -07:00
|
|
|
ARG CONTAINERD_VERSION="1.5.2"
|
2021-01-25 17:17:20 -08:00
|
|
|
ARG CONTAINERD_BASE_URL="https://github.com/kind-ci/containerd-nightlies/releases/download/containerd-${CONTAINERD_VERSION}"
|
|
|
|
|
ARG CONTAINERD_URL="${CONTAINERD_BASE_URL}/containerd-${CONTAINERD_VERSION}.linux-${TARGETARCH}.tar.gz"
|
2021-05-21 15:04:10 -07:00
|
|
|
ARG CONTAINERD_AMD64_SHA256SUM="1e39c79905adfde0aca9ed7347f37be9fb8b89776f4df829337eeeda983bf422"
|
|
|
|
|
ARG CONTAINERD_ARM64_SHA256SUM="2aac475f960ee8a3a331256fd80e6ffb5f05328161e0f577d9b8691424a39584"
|
|
|
|
|
ARG CONTAINERD_PPC64LE_SHA256SUM="21f7a229c431d0f66616312e437e5b4d01ae56302b0b2aa18ec315ced0876e60"
|
2021-01-25 17:17:20 -08:00
|
|
|
|
|
|
|
|
ARG RUNC_URL="${CONTAINERD_BASE_URL}/runc.${TARGETARCH}"
|
2021-05-21 15:04:10 -07:00
|
|
|
ARG RUNC_AMD64_SHA256SUM="ed9896e8c010b2f06cdfb55ec575865f9382e1a599078c06dcbddb86b97be285"
|
|
|
|
|
ARG RUNC_ARM64_SHA256SUM="75de65187fa809ae92eaeb49cbf725c7d9f226fbc589f84bd637e31aae38c453"
|
|
|
|
|
ARG RUNC_PPC64LE_SHA256SUM="40b42ff58de2e71164f03db931aa70cc0fee6eb35aa96915e23290341ca9fd49"
|
2021-01-25 17:17:20 -08:00
|
|
|
|
2019-10-23 10:12:20 -07:00
|
|
|
# Configure crictl binary from upstream
|
2021-04-20 09:14:36 +08:00
|
|
|
ARG CRICTL_VERSION="v1.21.0"
|
2021-01-25 17:17:20 -08:00
|
|
|
ARG CRICTL_URL="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-${TARGETARCH}.tar.gz"
|
2021-04-20 09:14:36 +08:00
|
|
|
ARG CRICTL_AMD64_SHA256SUM="85c78a35584971625bf1c3bcd46e5404a90396f979d7586f18b11119cb623e24"
|
|
|
|
|
ARG CRICTL_ARM64_SHA256SUM="454eecd29fe636282339af5b73c60234a7d10e4b11b9e18937e33056763d72cf"
|
|
|
|
|
ARG CRICTL_PPC64LE_SHA256SUM="0770100d30d430dbb67a58119ffed459856163ba01b6d71ac6fd4be7336253cf"
|
2021-01-25 17:17:20 -08:00
|
|
|
|
2021-02-05 12:46:28 -08:00
|
|
|
# Configure CNI binaries from upstream
|
2021-02-22 21:02:44 -08:00
|
|
|
ARG CNI_PLUGINS_VERSION="v0.9.1"
|
2021-02-05 12:46:28 -08:00
|
|
|
ARG CNI_PLUGINS_TARBALL="${CNI_PLUGINS_VERSION}/cni-plugins-linux-${TARGETARCH}-${CNI_PLUGINS_VERSION}.tgz"
|
|
|
|
|
ARG CNI_PLUGINS_URL="https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGINS_TARBALL}"
|
2021-02-22 21:02:44 -08:00
|
|
|
ARG CNI_PLUGINS_AMD64_SHA256SUM="962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7"
|
|
|
|
|
ARG CNI_PLUGINS_ARM64_SHA256SUM="ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0"
|
|
|
|
|
ARG CNI_PLUGINS_PPC64LE_SHA256SUM="5bd3c82ef248e5c6cc388f25545aa5a7d318778e5f9bc0a31475361bb27acefe"
|
2018-11-05 13:30:21 -08:00
|
|
|
|
2021-03-13 17:48:47 +09:00
|
|
|
# Configure containerd-fuse-overlayfs snapshotter binary from upstream
|
|
|
|
|
ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="1.0.2"
|
|
|
|
|
ARG CONTAINERD_FUSE_OVERLAYFS_TARBALL="v${CONTAINERD_FUSE_OVERLAYFS_VERSION}/containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}-linux-${TARGETARCH}.tar.gz"
|
|
|
|
|
ARG CONTAINERD_FUSE_OVERLAYFS_URL="https://github.com/containerd/fuse-overlayfs-snapshotter/releases/download/${CONTAINERD_FUSE_OVERLAYFS_TARBALL}"
|
|
|
|
|
ARG CONTAINERD_FUSE_OVERLAYFS_AMD64_SHA256SUM="1f1e69f71b5ea568e93e40059af1b02a377ac0966d2acd27e4cce388a27af218"
|
|
|
|
|
ARG CONTAINERD_FUSE_OVERLAYFS_ARM64_SHA256SUM="7ade1a44d880b3fb8eaa3c5ff7d3890a43b777d06ec80439c9a51ae35626c83c"
|
|
|
|
|
ARG CONTAINERD_FUSE_OVERLAYFS_PPC64LE_SHA256SUM="eaf9bdd3de4514546945ea93119acea2b7bfa55ced43766e20adabddd5d20978"
|
|
|
|
|
|
2021-03-17 01:42:52 -07:00
|
|
|
# copy in static files
|
|
|
|
|
# all scripts are 0755: http://www.filepermissions.com/file-permission/0755
|
|
|
|
|
COPY --chmod=0755 files/usr/local/bin/* /usr/local/bin/
|
|
|
|
|
|
|
|
|
|
# all configs are 0644: http://www.filepermissions.com/file-permission/0644
|
|
|
|
|
COPY --chmod=0644 files/etc/* /etc/
|
|
|
|
|
COPY --chmod=0644 files/etc/containerd/* /etc/containerd/
|
|
|
|
|
COPY --chmod=0644 files/etc/default/* /etc/default/
|
|
|
|
|
COPY --chmod=0644 files/etc/sysctl.d/* /etc/sysctl.d/
|
|
|
|
|
COPY --chmod=0644 files/etc/systemd/system/* /etc/systemd/system/
|
|
|
|
|
COPY --chmod=0644 files/etc/systemd/system/kubelet.service.d/* /etc/systemd/system/kubelet.service.d/
|
2018-11-05 13:30:21 -08:00
|
|
|
|
2019-10-23 10:12:20 -07:00
|
|
|
# Install dependencies, first from apt, then from release tarballs.
|
|
|
|
|
# NOTE: we use one RUN to minimize layers.
|
|
|
|
|
#
|
|
|
|
|
# First we must ensure that our util scripts are executable.
|
|
|
|
|
#
|
2021-06-16 00:48:01 -07:00
|
|
|
# The base image already has a basic userspace + apt but we need to install more packages.
|
2019-10-23 10:12:20 -07:00
|
|
|
# Packages installed are broken down into (each on a line):
|
2018-07-23 10:06:37 -07:00
|
|
|
# - packages needed to run services (systemd)
|
2019-04-09 11:49:23 -07:00
|
|
|
# - packages needed for kubernetes components
|
2019-12-19 16:54:14 -08:00
|
|
|
# - packages needed by the container runtime
|
2019-04-09 11:49:23 -07:00
|
|
|
# - misc packages kind uses itself
|
2020-05-01 21:58:35 -07:00
|
|
|
# - packages that provide semi-core kubernetes functionality
|
2019-10-23 10:12:20 -07:00
|
|
|
# After installing packages we cleanup by:
|
2019-10-23 13:33:20 -07:00
|
|
|
# - removing unwanted systemd services
|
2019-10-23 10:12:20 -07:00
|
|
|
# - disabling kmsg in journald (these log entries would be confusing)
|
2019-05-02 22:04:05 -07:00
|
|
|
#
|
2019-10-23 10:12:20 -07:00
|
|
|
# Then we install containerd from our nightly build infrastructure, as this
|
|
|
|
|
# build for multiple architectures and allows us to upgrade to patched releases
|
|
|
|
|
# more quickly.
|
2019-05-02 22:04:05 -07:00
|
|
|
#
|
2019-10-23 10:12:20 -07:00
|
|
|
# Next we download and extract crictl and CNI plugin binaries from upstream.
|
2019-05-02 22:04:05 -07:00
|
|
|
#
|
2019-11-05 15:42:11 -08:00
|
|
|
# Next we ensure the /etc/kubernetes/manifests directory exists. Normally
|
2021-01-06 22:03:03 -05:00
|
|
|
# a kubeadm debian / rpm package would ensure that this exists but we install
|
2019-10-23 10:12:20 -07:00
|
|
|
# freshly built binaries directly when we build the node image.
|
2019-11-05 15:42:11 -08:00
|
|
|
#
|
|
|
|
|
# Finally we adjust tempfiles cleanup to be 1 minute after "boot" instead of 15m
|
|
|
|
|
# This is plenty after we've done initial setup for a node, but before we are
|
|
|
|
|
# likely to try to export logs etc.
|
2021-06-16 00:48:01 -07:00
|
|
|
|
2021-03-17 01:42:52 -07:00
|
|
|
RUN echo "Installing Packages ..." \
|
2019-10-23 10:12:20 -07:00
|
|
|
&& DEBIAN_FRONTEND=noninteractive clean-install \
|
2019-12-19 16:54:14 -08:00
|
|
|
systemd \
|
2021-06-16 00:48:01 -07:00
|
|
|
conntrack iptables iproute2 ethtool socat util-linux mount ebtables kmod \
|
2020-06-10 11:47:10 -07:00
|
|
|
libseccomp2 pigz \
|
2019-04-09 11:49:23 -07:00
|
|
|
bash ca-certificates curl rsync \
|
2021-03-13 17:48:47 +09:00
|
|
|
nfs-common fuse-overlayfs \
|
2018-07-23 10:06:37 -07:00
|
|
|
&& find /lib/systemd/system/sysinit.target.wants/ -name "systemd-tmpfiles-setup.service" -delete \
|
|
|
|
|
&& rm -f /lib/systemd/system/multi-user.target.wants/* \
|
|
|
|
|
&& rm -f /etc/systemd/system/*.wants/* \
|
|
|
|
|
&& rm -f /lib/systemd/system/local-fs.target.wants/* \
|
|
|
|
|
&& rm -f /lib/systemd/system/sockets.target.wants/*udev* \
|
|
|
|
|
&& rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
|
2018-10-01 13:09:47 -07:00
|
|
|
&& rm -f /lib/systemd/system/basic.target.wants/* \
|
2019-04-09 11:49:23 -07:00
|
|
|
&& echo "ReadKMsg=no" >> /etc/systemd/journald.conf \
|
2021-06-16 00:48:01 -07:00
|
|
|
&& ln -s "$(which systemd)" /sbin/init
|
|
|
|
|
|
|
|
|
|
RUN echo "Enabling kubelet ... " \
|
|
|
|
|
&& systemctl enable kubelet.service
|
|
|
|
|
|
|
|
|
|
RUN echo "Installing containerd ..." \
|
2021-01-25 17:17:20 -08:00
|
|
|
&& curl -sSL --retry 5 --output /tmp/containerd.${TARGETARCH}.tgz "${CONTAINERD_URL}" \
|
|
|
|
|
&& echo "${CONTAINERD_AMD64_SHA256SUM} /tmp/containerd.amd64.tgz" | tee /tmp/containerd.sha256 \
|
|
|
|
|
&& echo "${CONTAINERD_ARM64_SHA256SUM} /tmp/containerd.arm64.tgz" | tee -a /tmp/containerd.sha256 \
|
|
|
|
|
&& echo "${CONTAINERD_PPC64LE_SHA256SUM} /tmp/containerd.ppc64le.tgz" | tee -a /tmp/containerd.sha256 \
|
|
|
|
|
&& sha256sum --ignore-missing -c /tmp/containerd.sha256 \
|
|
|
|
|
&& rm -f /tmp/containerd.sha256 \
|
|
|
|
|
&& tar -C /usr/local -xzvf /tmp/containerd.${TARGETARCH}.tgz \
|
|
|
|
|
&& rm -rf /tmp/containerd.${TARGETARCH}.tgz \
|
2019-12-19 16:54:14 -08:00
|
|
|
&& rm -f /usr/local/bin/containerd-stress /usr/local/bin/containerd-shim-runc-v1 \
|
2021-01-25 17:17:20 -08:00
|
|
|
&& curl -sSL --retry 5 --output /tmp/runc.${TARGETARCH} "${RUNC_URL}" \
|
|
|
|
|
&& echo "${RUNC_AMD64_SHA256SUM} /tmp/runc.amd64" | tee /tmp/runc.sha256 \
|
|
|
|
|
&& echo "${RUNC_ARM64_SHA256SUM} /tmp/runc.arm64" | tee -a /tmp/runc.sha256 \
|
|
|
|
|
&& echo "${RUNC_PPC64LE_SHA256SUM} /tmp/runc.ppc64le" | tee -a /tmp/runc.sha256 \
|
|
|
|
|
&& sha256sum --ignore-missing -c /tmp/runc.sha256 \
|
|
|
|
|
&& mv /tmp/runc.${TARGETARCH} /usr/local/sbin/runc \
|
2019-10-07 19:57:39 -07:00
|
|
|
&& chmod 755 /usr/local/sbin/runc \
|
2019-10-23 10:12:20 -07:00
|
|
|
&& containerd --version \
|
2020-06-10 11:05:50 -07:00
|
|
|
&& runc --version \
|
2021-07-07 20:21:46 +08:00
|
|
|
&& systemctl enable containerd
|
2021-06-16 00:48:01 -07:00
|
|
|
|
|
|
|
|
RUN echo "Installing crictl ..." \
|
2021-01-25 17:17:20 -08:00
|
|
|
&& curl -sSL --retry 5 --output /tmp/crictl.${TARGETARCH}.tgz "${CRICTL_URL}" \
|
|
|
|
|
&& echo "${CRICTL_AMD64_SHA256SUM} /tmp/crictl.amd64.tgz" | tee /tmp/crictl.sha256 \
|
|
|
|
|
&& echo "${CRICTL_ARM64_SHA256SUM} /tmp/crictl.arm64.tgz" | tee -a /tmp/crictl.sha256 \
|
|
|
|
|
&& echo "${CRICTL_PPC64LE_SHA256SUM} /tmp/crictl.ppc64le.tgz" | tee -a /tmp/crictl.sha256 \
|
|
|
|
|
&& sha256sum --ignore-missing -c /tmp/crictl.sha256 \
|
|
|
|
|
&& rm -f /tmp/crictl.sha256 \
|
|
|
|
|
&& tar -C /usr/local/bin -xzvf /tmp/crictl.${TARGETARCH}.tgz \
|
2021-06-16 00:48:01 -07:00
|
|
|
&& rm -rf /tmp/crictl.${TARGETARCH}.tgz
|
|
|
|
|
|
|
|
|
|
RUN echo "Installing CNI plugin binaries ..." \
|
2021-02-05 12:46:28 -08:00
|
|
|
&& curl -sSL --retry 5 --output /tmp/cni.${TARGETARCH}.tgz "${CNI_PLUGINS_URL}" \
|
|
|
|
|
&& echo "${CNI_PLUGINS_AMD64_SHA256SUM} /tmp/cni.amd64.tgz" | tee /tmp/cni.sha256 \
|
|
|
|
|
&& echo "${CNI_PLUGINS_ARM64_SHA256SUM} /tmp/cni.arm64.tgz" | tee -a /tmp/cni.sha256 \
|
|
|
|
|
&& echo "${CNI_PLUGINS_PPC64LE_SHA256SUM} /tmp/cni.ppc64le.tgz" | tee -a /tmp/cni.sha256 \
|
2021-01-25 17:17:20 -08:00
|
|
|
&& sha256sum --ignore-missing -c /tmp/cni.sha256 \
|
|
|
|
|
&& rm -f /tmp/cni.sha256 \
|
2018-07-23 10:06:37 -07:00
|
|
|
&& mkdir -p /opt/cni/bin \
|
2021-01-25 17:17:20 -08:00
|
|
|
&& tar -C /opt/cni/bin -xzvf /tmp/cni.${TARGETARCH}.tgz \
|
|
|
|
|
&& rm -rf /tmp/cni.${TARGETARCH}.tgz \
|
2019-12-19 16:13:43 -08:00
|
|
|
&& find /opt/cni/bin -type f -not \( \
|
|
|
|
|
-iname host-local \
|
|
|
|
|
-o -iname ptp \
|
|
|
|
|
-o -iname portmap \
|
|
|
|
|
-o -iname loopback \
|
|
|
|
|
\) \
|
2021-06-16 00:48:01 -07:00
|
|
|
-delete
|
|
|
|
|
|
|
|
|
|
RUN echo "Installing containerd-fuse-overlayfs ..." \
|
2021-03-13 17:48:47 +09:00
|
|
|
&& curl -sSL --retry 5 --output /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz "${CONTAINERD_FUSE_OVERLAYFS_URL}" \
|
|
|
|
|
&& echo "${CONTAINERD_FUSE_OVERLAYFS_AMD64_SHA256SUM} /tmp/containerd-fuse-overlayfs.amd64.tgz" | tee /tmp/containerd-fuse-overlayfs.sha256 \
|
|
|
|
|
&& echo "${CONTAINERD_FUSE_OVERLAYFS_ARM64_SHA256SUM} /tmp/containerd-fuse-overlayfs.arm64.tgz" | tee -a /tmp/containerd-fuse-overlayfs.sha256 \
|
|
|
|
|
&& echo "${CONTAINERD_FUSE_OVERLAYFS_PPC64LE_SHA256SUM} /tmp/containerd-fuse-overlayfs.ppc64le.tgz" | tee -a /tmp/containerd-fuse-overlayfs.sha256 \
|
|
|
|
|
&& sha256sum --ignore-missing -c /tmp/containerd-fuse-overlayfs.sha256 \
|
|
|
|
|
&& rm -f /tmp/containerd-fuse-overlayfs.sha256 \
|
|
|
|
|
&& tar -C /usr/local/bin -xzvf /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz \
|
2021-06-16 00:48:01 -07:00
|
|
|
&& rm -rf /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz
|
|
|
|
|
|
|
|
|
|
RUN echo "Ensuring /etc/kubernetes/manifests" \
|
2021-07-07 20:21:46 +08:00
|
|
|
&& mkdir -p /etc/kubernetes/manifests
|
2021-06-16 00:48:01 -07:00
|
|
|
|
|
|
|
|
RUN echo "Adjusting systemd-tmpfiles timer" \
|
|
|
|
|
&& sed -i /usr/lib/systemd/system/systemd-tmpfiles-clean.timer -e 's#OnBootSec=.*#OnBootSec=1min#'
|
2019-04-09 11:49:23 -07:00
|
|
|
|
2018-07-23 10:06:37 -07:00
|
|
|
# tell systemd that it is in docker (it will check for the container env)
|
2020-05-02 15:00:15 -07:00
|
|
|
# https://systemd.io/CONTAINER_INTERFACE/
|
2018-07-23 10:06:37 -07:00
|
|
|
ENV container docker
|
|
|
|
|
# systemd exits on SIGRTMIN+3, not SIGTERM (which re-executes it)
|
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1201657
|
|
|
|
|
STOPSIGNAL SIGRTMIN+3
|
2019-10-23 10:12:20 -07:00
|
|
|
# NOTE: this is *only* for documentation, the entrypoint is overridden later
|
2018-09-04 19:53:00 -07:00
|
|
|
ENTRYPOINT [ "/usr/local/bin/entrypoint", "/sbin/init" ]
|
2021-06-16 00:48:01 -07:00
|
|
|
|
|
|
|
|
# squash
|
|
|
|
|
FROM scratch
|
|
|
|
|
COPY --from=build / /
|
