Add executor sandbox overlay mechanism to distribute nsenter and socat

cluster/mesos/docker/docker-compose.yml

@@ -147,6 +147,7 @@ scheduler:
     --cluster-dns=10.10.10.10
     --cluster-domain=cluster.local
     --mesos-executor-cpus=1.0
+    --mesos-sandbox-overlay=/opt/sandbox-overlay.tar.gz
     --v=4
     --executor-logv=4
     --profiling=true

cluster/mesos/docker/km/Dockerfile

@@ -14,4 +14,4 @@ RUN apt-get update -qq && \
     apt-get clean
 
 COPY ./bin/* /usr/local/bin/
-ADD ./opt/mesos-cloud.conf /opt/
+COPY ./opt/* /opt/

cluster/mesos/docker/km/build.sh

@@ -47,6 +47,11 @@ fi
 kube_bin_path=$(dirname ${km_path})
 common_bin_path=$(cd ${script_dir}/../common/bin && pwd -P)
 
+# download nsenter and socat
+mkdir -p "${script_dir}/overlay"
+docker run --rm -v "${script_dir}/overlay:/target" jpetazzo/nsenter
+docker run --rm -v "${script_dir}/overlay:/target" mesosphere/kubernetes-socat
+
 cd "${KUBE_ROOT}"
 
 # create temp workspace to place compiled binaries with image-specific scripts
@@ -65,6 +70,7 @@ echo "Copying files to workspace"
 
 # binaries & scripts
 mkdir -p "${workspace}/bin"
+
 #cp "${script_dir}/bin/"* "${workspace}/bin/"
 cp "${common_bin_path}/"* "${workspace}/bin/"
 cp "${kube_bin_path}/km" "${workspace}/bin/"
@@ -73,6 +79,13 @@ cp "${kube_bin_path}/km" "${workspace}/bin/"
 mkdir -p "${workspace}/opt"
 cp "${script_dir}/opt/"* "${workspace}/opt/"
 
+# package up the sandbox overay
+mkdir -p "${workspace}/overlay/bin"
+cp -a "${script_dir}/overlay/nsenter" "${workspace}/overlay/bin"
+cp -a "${script_dir}/overlay/socat" "${workspace}/overlay/bin"
+chmod +x "${workspace}/overlay/bin/"*
+cd "${workspace}/overlay" && tar -czvf "${workspace}/opt/sandbox-overlay.tar.gz" . && cd -
+
 # docker
 cp "${script_dir}/Dockerfile" "${workspace}/"
 

cluster/mesos/docker/socat/Dockerfile

@@ -0,0 +1,16 @@
+FROM ubuntu:14.04.3
+MAINTAINER Mesosphere <support@mesosphere.io>
+
+RUN apt-get update -qq && \
+    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qqy \
+        build-essential curl \
+        && \
+    apt-get clean
+
+RUN mkdir -p /src
+WORKDIR /src
+RUN curl -f -osocat-1.7.2.4.tar.bz2 http://www.dest-unreach.org/socat/download/socat-1.7.2.4.tar.bz2
+RUN tar -xjvf socat-1.7.2.4.tar.bz2 && cd socat-1.7.2.4 && ./configure --disable-openssl && LDFLAGS=-static make
+
+VOLUME ["/target"]
+CMD ["cp", "/src/socat-1.7.2.4/socat", "/target"]

cluster/mesos/docker/socat/build.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Builds a docker image that contains the kubernetes-mesos binaries.
+
+set -o errexit
+set -o nounset
+set -o pipefailscript_dir=$(cd $(dirname "${BASH_SOURCE}") && pwd -P)
+
+cd "${script_dir}"
+
+docker build -t mesosphere/kubernetes-socat .