mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-25 03:34:58 +00:00
Use the upstream dind package to run docker
It is pretty close to our docker package, if we adjust the command that is run to avoid the actual dind startup script. We can't use the normal docker image as it does not have mkfs and so on. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
parent
5df1dbc23e
commit
a4650b242f
@ -3,7 +3,7 @@ services:
|
||||
# Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit
|
||||
# for vpnkit coordination and /var/config/docker for the configuration file.
|
||||
- name: docker-dfm
|
||||
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
|
||||
image: docker:17.06.0-ce-dind
|
||||
capabilities:
|
||||
- all
|
||||
net: host
|
||||
@ -18,7 +18,7 @@ services:
|
||||
- /var/config/docker:/var/config/docker
|
||||
- /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy
|
||||
- /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper
|
||||
command: [ "/usr/bin/docker-init", "/usr/bin/dockerd", "--",
|
||||
command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
|
||||
"--config-file", "/var/config/docker/daemon.json",
|
||||
"--swarm-default-advertise-addr=eth0",
|
||||
"--userland-proxy-path", "/usr/bin/vpnkit-expose-port",
|
||||
@ -27,3 +27,7 @@ services:
|
||||
files:
|
||||
- path: /var/config/docker/daemon.json
|
||||
contents: '{ "debug": true }'
|
||||
|
||||
trust:
|
||||
org:
|
||||
- library
|
||||
|
@ -30,7 +30,7 @@ services:
|
||||
- name: ntpd
|
||||
image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
|
||||
- name: docker
|
||||
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
|
||||
image: docker:17.06.0-ce-dind
|
||||
capabilities:
|
||||
- all
|
||||
net: host
|
||||
@ -41,9 +41,11 @@ services:
|
||||
- /var/lib/docker:/var/lib/docker
|
||||
- /lib/modules:/lib/modules
|
||||
- /etc/docker/daemon.json:/etc/docker/daemon.json
|
||||
command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
|
||||
files:
|
||||
- path: etc/docker/daemon.json
|
||||
contents: '{"debug": true}'
|
||||
trust:
|
||||
org:
|
||||
- linuxkit
|
||||
- library
|
||||
|
@ -1,48 +0,0 @@
|
||||
FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror
|
||||
|
||||
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
|
||||
# removed openssl as I do not think server needs it
|
||||
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
|
||||
RUN apk add --no-cache --initdb -p /out \
|
||||
alpine-baselayout \
|
||||
btrfs-progs \
|
||||
busybox \
|
||||
ca-certificates \
|
||||
curl \
|
||||
e2fsprogs \
|
||||
e2fsprogs-extra \
|
||||
iptables \
|
||||
musl \
|
||||
xfsprogs \
|
||||
xz
|
||||
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
|
||||
|
||||
FROM scratch
|
||||
COPY --from=mirror /out/ /
|
||||
|
||||
# set up Docker group
|
||||
# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
|
||||
RUN set -x \
|
||||
&& addgroup -S docker \
|
||||
&& addgroup -S dockremap \
|
||||
&& adduser -S -G dockremap dockremap \
|
||||
&& echo 'dockremap:165536:65536' >> /etc/subuid \
|
||||
&& echo 'dockremap:165536:65536' >> /etc/subgid
|
||||
|
||||
# DOCKER_TYPE is stable, edge or test
|
||||
ENV DOCKER_TYPE stable
|
||||
ENV DOCKER_VERSION 17.06.0-ce
|
||||
ENV DOCKER_SHA256 e582486c9db0f4229deba9f8517145f8af6c5fae7a1243e6b07876bd3e706620
|
||||
|
||||
# we could avoid installing client here I suppose
|
||||
RUN set -x \
|
||||
&& curl -fSL "https://download.docker.com/linux/static/${DOCKER_TYPE}/$(uname -m)/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \
|
||||
&& echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
|
||||
&& tar -xzvf docker.tgz \
|
||||
&& mv docker/* /usr/bin/ \
|
||||
&& rmdir docker \
|
||||
&& rm docker.tgz \
|
||||
&& docker -v
|
||||
|
||||
# use the Docker copy of tini as our init for zombie reaping
|
||||
ENTRYPOINT ["/usr/bin/docker-init", "/usr/bin/dockerd"]
|
@ -1,4 +0,0 @@
|
||||
IMAGE=docker-ce
|
||||
NETWORK=1
|
||||
|
||||
include ../package.mk
|
@ -27,10 +27,9 @@ services:
|
||||
- name: ntpd
|
||||
image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
|
||||
- name: docker
|
||||
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
|
||||
image: docker:17.06.0-ce-dind
|
||||
capabilities:
|
||||
- all
|
||||
net: host
|
||||
mounts:
|
||||
- type: cgroup
|
||||
options: ["rw","nosuid","noexec","nodev","relatime"]
|
||||
@ -39,6 +38,7 @@ services:
|
||||
- /lib/modules:/lib/modules
|
||||
- /var/run:/var/run
|
||||
- /var/html:/var/html
|
||||
command: ["/usr/bin/docker-init", "/usr/bin/dockerd"]
|
||||
- name: compose
|
||||
image: linuxkitprojects/compose:0535e78608f57702745dfd56fbe78d28d237e469
|
||||
binds:
|
||||
|
@ -27,10 +27,9 @@ services:
|
||||
- name: ntpd
|
||||
image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
|
||||
- name: docker
|
||||
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
|
||||
image: docker:17.06.0-ce-dind
|
||||
capabilities:
|
||||
- all
|
||||
net: host
|
||||
mounts:
|
||||
- type: cgroup
|
||||
options: ["rw","nosuid","noexec","nodev","relatime"]
|
||||
@ -39,6 +38,7 @@ services:
|
||||
- /lib/modules:/lib/modules
|
||||
- /var/run:/var/run
|
||||
- /var/html:/var/html
|
||||
command: ["/usr/bin/docker-init", "/usr/bin/dockerd"]
|
||||
- name: compose
|
||||
image: linuxkitprojects/compose:0535e78608f57702745dfd56fbe78d28d237e469
|
||||
binds:
|
||||
|
@ -1,4 +1,4 @@
|
||||
FROM linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
|
||||
FROM docker:17.06.0-ce-dind
|
||||
ADD . /images
|
||||
ENTRYPOINT [ "/bin/sh", "-c" ]
|
||||
CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
|
||||
|
@ -38,10 +38,9 @@ services:
|
||||
- name: sshd
|
||||
image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
|
||||
- name: docker
|
||||
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
|
||||
image: docker:17.06.0-ce-dind
|
||||
capabilities:
|
||||
- all
|
||||
net: host
|
||||
pid: host
|
||||
mounts:
|
||||
- type: cgroup
|
||||
@ -54,6 +53,7 @@ services:
|
||||
- /etc/cni:/etc/cni:rshared,rbind
|
||||
- /opt/cni:/opt/cni:rshared,rbind
|
||||
rootfsPropagation: shared
|
||||
command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
|
||||
- name: kubernetes-image-cache-common
|
||||
image: linuxkit/kubernetes:latest-image-cache-common
|
||||
binds:
|
||||
|
@ -38,10 +38,9 @@ services:
|
||||
- name: sshd
|
||||
image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
|
||||
- name: docker
|
||||
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
|
||||
image: docker:17.06.0-ce-dind
|
||||
capabilities:
|
||||
- all
|
||||
net: host
|
||||
pid: host
|
||||
mounts:
|
||||
- type: cgroup
|
||||
@ -54,6 +53,7 @@ services:
|
||||
- /etc/cni:/etc/cni:rshared,rbind
|
||||
- /opt/cni:/opt/cni:rshared,rbind
|
||||
rootfsPropagation: shared
|
||||
command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
|
||||
- name: kubernetes-image-cache-common
|
||||
image: linuxkit/kubernetes:latest-image-cache-common
|
||||
binds:
|
||||
|
@ -24,10 +24,9 @@ services:
|
||||
- name: dhcpcd
|
||||
image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
|
||||
- name: docker
|
||||
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
|
||||
image: docker:17.06.0-ce-dind
|
||||
capabilities:
|
||||
- all
|
||||
net: host
|
||||
mounts:
|
||||
- type: cgroup
|
||||
options: ["rw","nosuid","noexec","nodev","relatime"]
|
||||
@ -35,6 +34,7 @@ services:
|
||||
- /var/lib/docker:/var/lib/docker
|
||||
- /lib/modules:/lib/modules
|
||||
- /run:/var/run
|
||||
command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
|
||||
- name: test-docker-bench
|
||||
image: linuxkit/test-docker-bench:4999d3484771e8466580c0dc2e479595e49faa85
|
||||
ipc: host
|
||||
|
Loading…
Reference in New Issue
Block a user