diff --git a/build/root/WORKSPACE b/build/root/WORKSPACE index 51e793620a5..5a082fe6057 100644 --- a/build/root/WORKSPACE +++ b/build/root/WORKSPACE @@ -73,11 +73,11 @@ container_repositories() load("@io_bazel_rules_docker//container:container.bzl", "container_pull") container_pull( - name = "debian_jessie", - digest = "sha256:e25703ee6ab5b2fac31510323d959cdae31eebdf48e88891c549e55b25ad7e94", - registry = "index.docker.io", - repository = "library/debian", - tag = "jessie", # ignored when digest provided, but kept here for documentation. + name = "distroless_base", + digest = "sha256:7fa7445dfbebae4f4b7ab0e6ef99276e96075ae42584af6286ba080750d6dfe5", + registry = "gcr.io", + repository = "distroless/base", + tag = "latest", # ignored when digest provided, but kept here for documentation. ) load("//build:workspace.bzl", "release_dependencies") diff --git a/cluster/images/kubemark/BUILD b/cluster/images/kubemark/BUILD index 965bdc3fa9d..5f3b1d19786 100644 --- a/cluster/images/kubemark/BUILD +++ b/cluster/images/kubemark/BUILD @@ -4,7 +4,7 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_image", "cont container_image( name = "image", - base = "@debian_jessie//image", + base = "@distroless_base//image", entrypoint = ["/kubemark"], files = ["//cmd/kubemark"], stamp = True, diff --git a/cluster/images/kubemark/Dockerfile b/cluster/images/kubemark/Dockerfile index 9c0b119667e..e606d856ad3 100644 --- a/cluster/images/kubemark/Dockerfile +++ b/cluster/images/kubemark/Dockerfile @@ -12,8 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -# The line below points to debian:jessie as of 2019-10-23. The SHA should be -# kept in sycn with debian_jessie definition in the WORKSPACE file. -FROM debian@sha256:e25703ee6ab5b2fac31510323d959cdae31eebdf48e88891c549e55b25ad7e94 +# The line below points to distroless/base as of 2019-11-15. The SHA should be +# kept in sycn with distroless_base definition in the WORKSPACE file. +FROM gcr.io/distroless/base@sha256:7fa7445dfbebae4f4b7ab0e6ef99276e96075ae42584af6286ba080750d6dfe5 COPY kubemark /kubemark diff --git a/pkg/kubemark/hollow_kubelet.go b/pkg/kubemark/hollow_kubelet.go index 3b3706f7f32..6081f3a2156 100644 --- a/pkg/kubemark/hollow_kubelet.go +++ b/pkg/kubemark/hollow_kubelet.go @@ -111,7 +111,7 @@ func NewHollowKubelet( VolumePlugins: volumePlugins(), TLSOptions: nil, OOMAdjuster: oom.NewFakeOOMAdjuster(), - Mounter: mount.New("" /* default mount path */), + Mounter: &mount.FakeMounter{}, Subpather: &subpath.FakeSubpath{}, HostUtil: hostutil.NewFakeHostUtil(nil), } diff --git a/test/kubemark/iks/startup.sh b/test/kubemark/iks/startup.sh index ea574c5a024..27a152a6ef7 100644 --- a/test/kubemark/iks/startup.sh +++ b/test/kubemark/iks/startup.sh @@ -235,13 +235,18 @@ EOF fi proxy_mem_per_node=50 proxy_mem=$((100 * 1024 + proxy_mem_per_node*NUM_NODES)) + hollow_kubelet_params=$(eval "for param in ${HOLLOW_KUBELET_TEST_ARGS:-}; do echo -n \\\"\$param\\\",; done") + hollow_kubelet_params=${hollow_kubelet_params%?} + hollow_proxy_params=$(eval "for param in ${HOLLOW_PROXY_TEST_ARGS:-}; do echo -n \\\"\$param\\\",; done") + hollow_proxy_params=${hollow_proxy_params%?} + sed -i'' -e "s/{{HOLLOW_PROXY_CPU}}/${proxy_cpu}/g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" sed -i'' -e "s/{{HOLLOW_PROXY_MEM}}/${proxy_mem}/g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" sed -i'' -e "s'{{kubemark_image_registry}}'${KUBEMARK_IMAGE_REGISTRY}${KUBE_NAMESPACE}'g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" sed -i'' -e "s/{{kubemark_image_tag}}/${KUBEMARK_IMAGE_TAG}/g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" sed -i'' -e "s/{{master_ip}}/${MASTER_IP}/g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" - sed -i'' -e "s/{{hollow_kubelet_params}}/${HOLLOW_KUBELET_TEST_ARGS:-}/g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" - sed -i'' -e "s/{{hollow_proxy_params}}/${HOLLOW_PROXY_TEST_ARGS:-}/g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" + sed -i'' -e "s/{{hollow_kubelet_params}}/${hollow_kubelet_params}/g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" + sed -i'' -e "s/{{hollow_proxy_params}}/${hollow_proxy_params}/g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" sed -i'' -e "s'{{kubemark_mig_config}}'${KUBEMARK_MIG_CONFIG:-}'g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" "${KUBECTL}" create -f "${RESOURCE_DIRECTORY}/hollow-node.yaml" --namespace="kubemark" diff --git a/test/kubemark/resources/hollow-node_template.yaml b/test/kubemark/resources/hollow-node_template.yaml index 61c77efe95b..eec32a4c409 100644 --- a/test/kubemark/resources/hollow-node_template.yaml +++ b/test/kubemark/resources/hollow-node_template.yaml @@ -50,10 +50,16 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - command: - - /bin/sh - - -c - - /kubemark --morph=kubelet --name=$(NODE_NAME) {{hollow_kubelet_params}} --kubeconfig=/kubeconfig/kubelet.kubeconfig $(CONTENT_TYPE) --alsologtostderr 1>>/var/log/kubelet-$(NODE_NAME).log 2>&1 + command: [ + "/kubemark", + "--morph=kubelet", + "--name=$(NODE_NAME)", + "--kubeconfig=/kubeconfig/kubelet.kubeconfig", + "$(CONTENT_TYPE)", + "--log-file=/var/log/kubelet-$(NODE_NAME).log", + "--logtostderr=false", + {{hollow_kubelet_params}} + ] volumeMounts: - name: kubeconfig-volume mountPath: /kubeconfig @@ -78,10 +84,16 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - command: - - /bin/sh - - -c - - /kubemark --morph=proxy --name=$(NODE_NAME) {{hollow_proxy_params}} --kubeconfig=/kubeconfig/kubeproxy.kubeconfig $(CONTENT_TYPE) --alsologtostderr 1>>/var/log/kubeproxy-$(NODE_NAME).log 2>&1 + command: [ + "/kubemark", + "--morph=proxy", + "--name=$(NODE_NAME)", + "--kubeconfig=/kubeconfig/kubeproxy.kubeconfig", + "$(CONTENT_TYPE)", + "--log-file=/var/log/kubeproxy-$(NODE_NAME).log", + "--logtostderr=false", + {{hollow_proxy_params}} + ] volumeMounts: - name: kubeconfig-volume mountPath: /kubeconfig diff --git a/test/kubemark/start-kubemark.sh b/test/kubemark/start-kubemark.sh index de5505f1953..33b4da49f1b 100755 --- a/test/kubemark/start-kubemark.sh +++ b/test/kubemark/start-kubemark.sh @@ -152,6 +152,10 @@ function create-kube-hollow-node-resources { proxy_cpu=${KUBEMARK_HOLLOW_PROXY_MILLICPU:-$proxy_cpu} proxy_mem_per_node=${KUBEMARK_HOLLOW_PROXY_MEM_PER_NODE_KB:-50} proxy_mem=$((100 * 1024 + proxy_mem_per_node*NUM_NODES)) + hollow_kubelet_params=$(eval "for param in ${HOLLOW_KUBELET_TEST_ARGS:-}; do echo -n \\\"\$param\\\",; done") + hollow_kubelet_params=${hollow_kubelet_params%?} + hollow_proxy_params=$(eval "for param in ${HOLLOW_PROXY_TEST_ARGS:-}; do echo -n \\\"\$param\\\",; done") + hollow_proxy_params=${hollow_proxy_params%?} sed -i'' -e "s@{{hollow_kubelet_millicpu}}@${KUBEMARK_HOLLOW_KUBELET_MILLICPU:-40}@g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" sed -i'' -e "s@{{hollow_kubelet_mem_Ki}}@${KUBEMARK_HOLLOW_KUBELET_MEM_KB:-$((100*1024))}@g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" @@ -162,8 +166,8 @@ function create-kube-hollow-node-resources { sed -i'' -e "s@{{kubemark_image_registry}}@${KUBEMARK_IMAGE_REGISTRY}@g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" sed -i'' -e "s@{{kubemark_image_tag}}@${KUBEMARK_IMAGE_TAG}@g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" sed -i'' -e "s@{{master_ip}}@${MASTER_IP}@g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" - sed -i'' -e "s@{{hollow_kubelet_params}}@${HOLLOW_KUBELET_TEST_ARGS}@g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" - sed -i'' -e "s@{{hollow_proxy_params}}@${HOLLOW_PROXY_TEST_ARGS}@g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" + sed -i'' -e "s@{{hollow_kubelet_params}}@${hollow_kubelet_params}@g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" + sed -i'' -e "s@{{hollow_proxy_params}}@${hollow_proxy_params}@g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" sed -i'' -e "s@{{kubemark_mig_config}}@${KUBEMARK_MIG_CONFIG:-}@g" "${RESOURCE_DIRECTORY}/hollow-node.yaml" "${KUBECTL}" create -f "${RESOURCE_DIRECTORY}/hollow-node.yaml" --namespace="kubemark"