Merge pull request #2235 from justincormack/use-library-docker

Use the upstream dind package to run docker
2025-07-20 09:39:08 +00:00 · 2017-07-18 17:27:45 +01:00 · 2017-07-18 17:27:45 +01:00 · 09e9357499
commit 09e9357499
parent 2f0933ba43 a4650b242f
10 changed files with 20 additions and 66 deletions
--- a/blueprints/docker-for-mac/docker-17.06-ce.yml
+++ b/blueprints/docker-for-mac/docker-17.06-ce.yml
@ -3,7 +3,7 @@ services:
  # Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit
  # for vpnkit coordination and /var/config/docker for the configuration file.
  - name: docker-dfm
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
    net: host
@ -18,7 +18,7 @@ services:
     - /var/config/docker:/var/config/docker
     - /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy
     - /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper 
-    command: [ "/usr/bin/docker-init", "/usr/bin/dockerd", "--",
+    command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
            "--config-file", "/var/config/docker/daemon.json",
            "--swarm-default-advertise-addr=eth0",
            "--userland-proxy-path", "/usr/bin/vpnkit-expose-port",
@ -27,3 +27,7 @@ services:
 files:
    - path: /var/config/docker/daemon.json
      contents: '{ "debug": true }'
 trust:
    org:
        - library
--- a/examples/docker.yml
+++ b/examples/docker.yml
@ -30,7 +30,7 @@ services:
  - name: ntpd
    image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
    net: host
@ -41,6 +41,7 @@ services:
     - /var/lib/docker:/var/lib/docker
     - /lib/modules:/lib/modules
     - /etc/docker/daemon.json:/etc/docker/daemon.json
    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
 files:
  - path: var/lib/docker
    directory: true
@ -49,3 +50,4 @@ files:
 trust:
  org:
    - linuxkit
    - library
--- a/pkg/docker-ce/Dockerfile
+++ b/pkg/docker-ce/Dockerfile
@ -1,48 +0,0 @@
 FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
 # removed openssl as I do not think server needs it
 RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
 RUN apk add --no-cache --initdb -p /out \
 	alpine-baselayout \
 	btrfs-progs \
 	busybox \
 	ca-certificates \
 	curl \
 	e2fsprogs \
 	e2fsprogs-extra \
 	iptables \
 	musl \
 	xfsprogs \
 	xz
 RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
 FROM scratch
 COPY --from=mirror /out/ /
 # set up Docker group
 # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
 RUN set -x \
 	&& addgroup -S docker \
 	&& addgroup -S dockremap \
 	&& adduser -S -G dockremap dockremap \
 	&& echo 'dockremap:165536:65536' >> /etc/subuid \
 	&& echo 'dockremap:165536:65536' >> /etc/subgid
 # DOCKER_TYPE is stable, edge or test
 ENV DOCKER_TYPE stable
 ENV DOCKER_VERSION 17.06.0-ce
 ENV DOCKER_SHA256 e582486c9db0f4229deba9f8517145f8af6c5fae7a1243e6b07876bd3e706620
 # we could avoid installing client here I suppose
 RUN set -x \
 	&& curl -fSL "https://download.docker.com/linux/static/${DOCKER_TYPE}/$(uname -m)/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \
 	&& echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
 	&& tar -xzvf docker.tgz \
 	&& mv docker/* /usr/bin/ \
 	&& rmdir docker \
 	&& rm docker.tgz \
 	&& docker -v
 # use the Docker copy of tini as our init for zombie reaping
 ENTRYPOINT ["/usr/bin/docker-init", "/usr/bin/dockerd"]
--- a/pkg/docker-ce/Makefile
+++ b/pkg/docker-ce/Makefile
@ -1,4 +0,0 @@
 IMAGE=docker-ce
 NETWORK=1
 include ../package.mk
--- a/projects/compose/compose-dynamic.yml
+++ b/projects/compose/compose-dynamic.yml
@ -27,10 +27,9 @@ services:
  - name: ntpd
    image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
    net: host
    mounts:
     - type: cgroup
       options: ["rw","nosuid","noexec","nodev","relatime"]
@ -39,6 +38,7 @@ services:
     - /lib/modules:/lib/modules
     - /var/run:/var/run
     - /var/html:/var/html
    command: ["/usr/bin/docker-init", "/usr/bin/dockerd"]
  - name: compose
    image: linuxkitprojects/compose:0535e78608f57702745dfd56fbe78d28d237e469
    binds:
--- a/projects/compose/compose-static.yml
+++ b/projects/compose/compose-static.yml
@ -27,10 +27,9 @@ services:
  - name: ntpd
    image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
    net: host
    mounts:
     - type: cgroup
       options: ["rw","nosuid","noexec","nodev","relatime"]
@ -39,6 +38,7 @@ services:
     - /lib/modules:/lib/modules
     - /var/run:/var/run
     - /var/html:/var/html
    command: ["/usr/bin/docker-init", "/usr/bin/dockerd"]
  - name: compose
    image: linuxkitprojects/compose:0535e78608f57702745dfd56fbe78d28d237e469
    binds:
--- a/projects/kubernetes/image-cache/Dockerfile
+++ b/projects/kubernetes/image-cache/Dockerfile
@ -1,4 +1,4 @@
-FROM linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+FROM docker:17.06.0-ce-dind
 ADD . /images
 ENTRYPOINT [ "/bin/sh", "-c" ]
 CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
--- a/projects/kubernetes/kube-master.yml
+++ b/projects/kubernetes/kube-master.yml
@ -39,10 +39,9 @@ services:
  - name: sshd
    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
    net: host
    pid: host
    mounts:
     - type: cgroup
@ -55,6 +54,7 @@ services:
     - /etc/cni:/etc/cni:rshared,rbind
     - /opt/cni:/opt/cni:rshared,rbind
    rootfsPropagation: shared
    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
  - name: kubernetes-image-cache-common
    image: linuxkit/kubernetes:latest-image-cache-common
  - name: kubernetes-image-cache-control-plane
--- a/projects/kubernetes/kube-node.yml
+++ b/projects/kubernetes/kube-node.yml
@ -39,10 +39,9 @@ services:
  - name: sshd
    image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
    net: host
    pid: host
    mounts:
     - type: cgroup
@ -55,6 +54,7 @@ services:
     - /etc/cni:/etc/cni:rshared,rbind
     - /opt/cni:/opt/cni:rshared,rbind
    rootfsPropagation: shared
    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
  - name: kubernetes-image-cache-common
    image: linuxkit/kubernetes:latest-image-cache-common
  - name: kubelet
--- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml
+++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml
@ -24,10 +24,9 @@ services:
  - name: dhcpcd
    image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
  - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
    capabilities:
     - all
    net: host
    mounts:
     - type: cgroup
       options: ["rw","nosuid","noexec","nodev","relatime"]
@ -35,6 +34,7 @@ services:
     - /var/lib/docker:/var/lib/docker
     - /lib/modules:/lib/modules
     - /run:/var/run
    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
  - name: test-docker-bench
    image: linuxkit/test-docker-bench:4999d3484771e8466580c0dc2e479595e49faa85
    ipc: host