Merge branch 'master' into exec_fixes

2025-09-25 20:29:56 +00:00 · 2018-09-28 13:19:42 +02:00
parent 0bd695d8d1 d204a90dcf
commit fe8493bbe7
899 changed files with 14920 additions and 10781 deletions
--- a/build/build-image/cross/Dockerfile
+++ b/build/build-image/cross/Dockerfile
@@ -15,7 +15,7 @@
 # This file creates a standard build environment for building cross
 # platform go binary for the architecture kubernetes cares about.

-FROM golang:1.10.3
+FROM golang:1.10.4

 ENV GOARM 7
 ENV KUBE_DYNAMIC_CROSSPLATFORMS \
--- a/build/build-image/cross/VERSION
+++ b/build/build-image/cross/VERSION
@@ -1 +1 @@
-v1.10.3-1
+v1.10.4-1
--- a/build/common.sh
+++ b/build/common.sh
@@ -88,7 +88,7 @@ readonly KUBE_CONTAINER_RSYNC_PORT=8730
 #
 # $1 - server architecture
 kube::build::get_docker_wrapped_binaries() {
-  debian_iptables_version=v10.1
+  debian_iptables_version=v10.2
  ### If you change any of these lists, please also update DOCKERIZED_BINARIES
  ### in build/BUILD. And kube::golang::server_image_targets
  case $1 in
@@ -600,6 +600,7 @@ function kube::build::run_build_command_ex() {
    --env "GOFLAGS=${GOFLAGS:-}"
    --env "GOLDFLAGS=${GOLDFLAGS:-}"
    --env "GOGCFLAGS=${GOGCFLAGS:-}"
+    --env "SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH:-}"
  )

  if [[ -n "${DOCKER_CGROUP_PARENT:-}" ]]; then
--- a/build/debian-base/Makefile
+++ b/build/debian-base/Makefile
@@ -12,19 +12,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-all: build
+all: all-build

 REGISTRY ?= staging-k8s.gcr.io
-IMAGE ?= debian-base
+IMAGE ?= $(REGISTRY)/debian-base
 BUILD_IMAGE ?= debian-build

 TAG ?= 0.3.2

 TAR_FILE ?= rootfs.tar
 ARCH?=amd64
+ALL_ARCH = amd64 arm arm64 ppc64le s390x
+
 TEMP_DIR:=$(shell mktemp -d)
 QEMUVERSION=v2.9.1

+# This option is for running docker manifest command
+export DOCKER_CLI_EXPERIMENTAL := enabled
+
 ifeq ($(ARCH),amd64)
 	BASEIMAGE?=debian:stretch
 endif
@@ -45,6 +50,23 @@ ifeq ($(ARCH),s390x)
 	QEMUARCH=s390x
 endif

+sub-build-%:
+	$(MAKE) ARCH=$* build
+
+all-build: $(addprefix sub-build-,$(ALL_ARCH))
+
+sub-push-image-%:
+	$(MAKE) ARCH=$* push
+
+all-push-images: $(addprefix sub-push-image-,$(ALL_ARCH))
+
+all-push: all-push-images push-manifest
+
+push-manifest:
+	docker manifest create --amend $(IMAGE):$(TAG) $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(IMAGE)\-&:$(TAG)~g")
+	@for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${IMAGE}:${TAG} ${IMAGE}-$${arch}:${TAG}; done
+	docker manifest push ${IMAGE}:${TAG}
+
 build: clean
 	cp ./* $(TEMP_DIR)
 	cat Dockerfile.build \
@@ -69,13 +91,13 @@ endif
 	docker build --pull -t $(BUILD_IMAGE) -f $(TEMP_DIR)/Dockerfile.build $(TEMP_DIR)
 	docker create --name $(BUILD_IMAGE) $(BUILD_IMAGE)
 	docker export $(BUILD_IMAGE) > $(TEMP_DIR)/$(TAR_FILE)
-	docker build -t $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
+	docker build -t $(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
 	rm -rf $(TEMP_DIR)

 push: build
-	docker push $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG)
+	docker push $(IMAGE)-$(ARCH):$(TAG)

 clean:
-	docker rmi -f $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG) || true
+	docker rmi -f $(IMAGE)-$(ARCH):$(TAG) || true
 	docker rmi -f $(BUILD_IMAGE)   || true
 	docker rm  -f $(BUILD_IMAGE)   || true
--- a/build/debian-hyperkube-base/Dockerfile
+++ b/build/debian-hyperkube-base/Dockerfile
@@ -38,6 +38,7 @@ RUN echo CACHEBUST>/dev/null && clean-install \
    jq \
    kmod \
    openssh-client \
+    netbase \
    nfs-common \
    socat \
    udev \
--- a/build/debian-hyperkube-base/Makefile
+++ b/build/debian-hyperkube-base/Makefile
@@ -18,9 +18,10 @@
 #   [ARCH=amd64] [REGISTRY="staging-k8s.gcr.io"] make (build|push)

 REGISTRY?=staging-k8s.gcr.io
-IMAGE?=debian-hyperkube-base
-TAG=0.10.1
+IMAGE?=$(REGISTRY)/debian-hyperkube-base
+TAG=0.10.2
 ARCH?=amd64
+ALL_ARCH = amd64 arm arm64 ppc64le s390x
 CACHEBUST?=1

 BASEIMAGE=k8s.gcr.io/debian-base-$(ARCH):0.3.2
@@ -29,9 +30,29 @@ CNI_VERSION=v0.6.0
 TEMP_DIR:=$(shell mktemp -d)
 CNI_TARBALL=cni-plugins-$(ARCH)-$(CNI_VERSION).tgz

-.PHONY: all build push clean
+# This option is for running docker manifest command
+export DOCKER_CLI_EXPERIMENTAL := enabled

-all: push
+.PHONY: all build push clean all-build all-push-images all-push push-manifest
+
+all: all-push
+
+sub-build-%:
+	$(MAKE) ARCH=$* build
+
+all-build: $(addprefix sub-build-,$(ALL_ARCH))
+
+sub-push-image-%:
+	$(MAKE) ARCH=$* push
+
+all-push-images: $(addprefix sub-push-image-,$(ALL_ARCH))
+
+all-push: all-push-images push-manifest
+
+push-manifest:
+	docker manifest create --amend $(IMAGE):$(TAG) $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(IMAGE)\-&:$(TAG)~g")
+	@for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${IMAGE}:${TAG} ${IMAGE}-$${arch}:${TAG}; done
+	docker manifest push ${IMAGE}:${TAG}

 cni-tars/$(CNI_TARBALL):
 	mkdir -p cni-tars/
@@ -55,8 +76,8 @@ ifneq ($(ARCH),amd64)
 	# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
 	docker run --rm --privileged multiarch/qemu-user-static:register --reset
 endif
-	docker build --pull -t $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
+	docker build --pull -t $(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
 	rm -rf $(TEMP_DIR)

 push: build
-	docker push $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG)
+	docker push $(IMAGE)-$(ARCH):$(TAG)
--- a/build/debian-hyperkube-base/README.md
+++ b/build/debian-hyperkube-base/README.md
@@ -10,24 +10,16 @@ This image is compiled for multiple architectures.
 If you're editing the Dockerfile or some other thing, please bump the `TAG` in the Makefile.

 ```console
-# Build for linux/amd64 (default)
-$ make push ARCH=amd64
+# Build and  push images for all the architectures
+$ make all-push
 # ---> staging-k8s.gcr.io/debian-hyperkube-base-amd64:TAG
-
-$ make push ARCH=arm
 # ---> staging-k8s.gcr.io/debian-hyperkube-base-arm:TAG
-
-$ make push ARCH=arm64
 # ---> staging-k8s.gcr.io/debian-hyperkube-base-arm64:TAG
-
-$ make push ARCH=ppc64le
 # ---> staging-k8s.gcr.io/debian-hyperkube-base-ppc64le:TAG
-
-$ make push ARCH=s390x
 # ---> staging-k8s.gcr.io/debian-hyperkube-base-s390x:TAG
 ```

-If you don't want to push the images, run `make build` instead
+If you don't want to push the images, run `make all-build` instead


 [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/build/debian-hyperkube-base/README.md?pixel)]()
--- a/build/debian-iptables/Dockerfile
+++ b/build/debian-iptables/Dockerfile
@@ -19,4 +19,5 @@ RUN clean-install \
    ebtables \
    ipset \
    iptables \
-    kmod
+    kmod \
+    netbase
--- a/build/debian-iptables/Makefile
+++ b/build/debian-iptables/Makefile
@@ -12,16 +12,20 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-.PHONY:	build push
+.PHONY:	build push all all-build all-push-images all-push push-manifest

 REGISTRY?="staging-k8s.gcr.io"
-IMAGE=debian-iptables
-TAG?=v10.1
+IMAGE=$(REGISTRY)/debian-iptables
+TAG?=v10.2
 ARCH?=amd64
+ALL_ARCH = amd64 arm arm64 ppc64le s390x
 TEMP_DIR:=$(shell mktemp -d)

 BASEIMAGE?=k8s.gcr.io/debian-base-$(ARCH):0.3.2

+# This option is for running docker manifest command
+export DOCKER_CLI_EXPERIMENTAL := enabled
+
 build:
 	cp ./* $(TEMP_DIR)
 	cd $(TEMP_DIR) && sed -i "s|BASEIMAGE|$(BASEIMAGE)|g" Dockerfile
@@ -31,9 +35,26 @@ ifneq ($(ARCH),amd64)
 	docker run --rm --privileged multiarch/qemu-user-static:register --reset
 endif

-	docker build --pull -t $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
+	docker build --pull -t $(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)

 push: build
-	docker push $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG)
+	docker push $(IMAGE)-$(ARCH):$(TAG)

-all: push
+sub-build-%:
+	$(MAKE) ARCH=$* build
+
+all-build: $(addprefix sub-build-,$(ALL_ARCH))
+
+sub-push-image-%:
+	$(MAKE) ARCH=$* push
+
+all-push-images: $(addprefix sub-push-image-,$(ALL_ARCH))
+
+all-push: all-push-images push-manifest
+
+push-manifest:
+	docker manifest create --amend $(IMAGE):$(TAG) $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(IMAGE)\-&:$(TAG)~g")
+	@for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${IMAGE}:${TAG} ${IMAGE}-$${arch}:${TAG}; done
+	docker manifest push ${IMAGE}:${TAG}
+
+all: all-push
--- a/build/debian-iptables/README.md
+++ b/build/debian-iptables/README.md
@@ -9,24 +9,16 @@ This image is compiled for multiple architectures.
 If you're editing the Dockerfile or some other thing, please bump the `TAG` in the Makefile.

 ```console
-# Build for linux/amd64 (default)
-$ make push ARCH=amd64
+Build and  push images for all the architectures
+$ make all-push
 # ---> staging-k8s.gcr.io/debian-iptables-amd64:TAG
-
-$ make push ARCH=arm
 # ---> staging-k8s.gcr.io/debian-iptables-arm:TAG
-
-$ make push ARCH=arm64
 # ---> staging-k8s.gcr.io/debian-iptables-arm64:TAG
-
-$ make push ARCH=ppc64le
 # ---> staging-k8s.gcr.io/debian-iptables-ppc64le:TAG
-
-$ make push ARCH=s390x
 # ---> staging-k8s.gcr.io/debian-iptables-s390x:TAG
 ```

-If you don't want to push the images, run `make` or `make build` instead
+If you don't want to push the images, run `make build ARCH={target_arch}` or `make all-build` instead


 [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/build/debian-iptables/README.md?pixel)]()
--- a/build/root/WORKSPACE
+++ b/build/root/WORKSPACE
@@ -48,7 +48,7 @@ load("@io_bazel_rules_docker//docker:docker.bzl", "docker_pull", "docker_reposit
 go_rules_dependencies()

 go_register_toolchains(
-    go_version = "1.10.3",
+    go_version = "1.10.4",
 )

 docker_repositories()
@@ -67,18 +67,18 @@ http_file(

 docker_pull(
    name = "debian-iptables-amd64",
-    digest = "sha256:58e53e477d204fe32f761ec2718b792f653063d4192ae89efc79e4b6a8dbba91",
+    digest = "sha256:0987db7ce42949d20ed2647a65d4bee0b616b4d40c7ea54769cc24b7ad003677",
    registry = "k8s.gcr.io",
    repository = "debian-iptables-amd64",
-    tag = "v10.1",  # ignored, but kept here for documentation
+    tag = "v10.2",  # ignored, but kept here for documentation
 )

 docker_pull(
    name = "debian-hyperkube-base-amd64",
-    digest = "sha256:1c83ca9c8ac4a06e4585802edf8a1cd954011152409116e9c801f4736b97b956",
+    digest = "sha256:c50522965140c9f206900bf47d547d601c04943e1e59801ba5f70235773cfbb6",
    registry = "k8s.gcr.io",
    repository = "debian-hyperkube-base-amd64",
-    tag = "0.10.1",  # ignored, but kept here for documentation
+    tag = "0.10.2",  # ignored, but kept here for documentation
 )

 docker_pull(
--- a/build/rpms/50-kubeadm.conf
+++ b/build/rpms/50-kubeadm.conf
@@ -0,0 +1,2 @@
+# The file is provided as part of the kubeadm package
+net.ipv4.ip_forward = 1
--- a/build/rpms/kubeadm.conf
+++ b/build/rpms/kubeadm.conf
@@ -0,0 +1,2 @@
+# Load br_netfilter module at boot
+br_netfilter
--- a/build/rpms/kubeadm.spec
+++ b/build/rpms/kubeadm.spec
@@ -21,8 +21,15 @@ install -m 644 -d %{buildroot}%{_sysconfdir}/sysconfig/
 install -p -m 755 -t %{buildroot}%{_bindir} {kubeadm}
 install -p -m 644 -t %{buildroot}%{_sysconfdir}/systemd/system/kubelet.service.d/ {10-kubeadm.conf}
 install -p -m 644 -T {kubelet.env} %{buildroot}%{_sysconfdir}/sysconfig/kubelet
+mkdir -p %{buildroot}%{_libexecdir}/modules-load.d
+mkdir -p %{buildroot}%{_sysctldir}
+install -p -m 0644 -t %{buildroot}%{_libexecdir}/modules-load.d/ {kubeadm.conf}
+install -p -m 0644 -t %{buildroot}%{_sysctldir} %{50-kubeadm.conf}

 %files
 %{_bindir}/kubeadm
 %{_sysconfdir}/systemd/system/kubelet.service.d/10-kubeadm.conf
 %{_sysconfdir}/sysconfig/kubelet
+%dir %{_libexecdir}/modules-load.d
+%{_libexecdir}/modules-load.d/kubeadm.conf
+%{_sysctldir}/50-kubeadm.conf
--- a/build/rpms/kubelet.spec
+++ b/build/rpms/kubelet.spec
@@ -27,5 +27,5 @@ install -p -m 644 -t %{buildroot}%{_sysconfdir}/systemd/system/ {kubelet.service

 %files
 %{_bindir}/kubelet
-%{_sysconfdir}/systemd/system/kubelet.service
+%attr(644,-,-) %{_sysconfdir}/systemd/system/kubelet.service
 %{_sysconfdir}/kubernetes/manifests/