Use the upstream dind package to run docker

It is pretty close to our docker package, if we adjust the command
that is run to avoid the actual dind startup script. We can't use
the normal docker image as it does not have mkfs and so on.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack 2017-07-17 20:37:01 +01:00
parent 5df1dbc23e
commit a4650b242f
10 changed files with 20 additions and 66 deletions

View File

@ -3,7 +3,7 @@ services:
# Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit
# for vpnkit coordination and /var/config/docker for the configuration file.
- name: docker-dfm
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
image: docker:17.06.0-ce-dind
capabilities:
- all
net: host
@ -18,7 +18,7 @@ services:
- /var/config/docker:/var/config/docker
- /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy
- /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper
command: [ "/usr/bin/docker-init", "/usr/bin/dockerd", "--",
command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
"--config-file", "/var/config/docker/daemon.json",
"--swarm-default-advertise-addr=eth0",
"--userland-proxy-path", "/usr/bin/vpnkit-expose-port",
@ -27,3 +27,7 @@ services:
files:
- path: /var/config/docker/daemon.json
contents: '{ "debug": true }'
trust:
org:
- library

View File

@ -30,7 +30,7 @@ services:
- name: ntpd
image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
- name: docker
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
image: docker:17.06.0-ce-dind
capabilities:
- all
net: host
@ -41,9 +41,11 @@ services:
- /var/lib/docker:/var/lib/docker
- /lib/modules:/lib/modules
- /etc/docker/daemon.json:/etc/docker/daemon.json
command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
files:
- path: etc/docker/daemon.json
contents: '{"debug": true}'
trust:
org:
- linuxkit
- library

View File

@ -1,48 +0,0 @@
FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
# removed openssl as I do not think server needs it
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
RUN apk add --no-cache --initdb -p /out \
alpine-baselayout \
btrfs-progs \
busybox \
ca-certificates \
curl \
e2fsprogs \
e2fsprogs-extra \
iptables \
musl \
xfsprogs \
xz
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
FROM scratch
COPY --from=mirror /out/ /
# set up Docker group
# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
RUN set -x \
&& addgroup -S docker \
&& addgroup -S dockremap \
&& adduser -S -G dockremap dockremap \
&& echo 'dockremap:165536:65536' >> /etc/subuid \
&& echo 'dockremap:165536:65536' >> /etc/subgid
# DOCKER_TYPE is stable, edge or test
ENV DOCKER_TYPE stable
ENV DOCKER_VERSION 17.06.0-ce
ENV DOCKER_SHA256 e582486c9db0f4229deba9f8517145f8af6c5fae7a1243e6b07876bd3e706620
# we could avoid installing client here I suppose
RUN set -x \
&& curl -fSL "https://download.docker.com/linux/static/${DOCKER_TYPE}/$(uname -m)/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \
&& echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
&& tar -xzvf docker.tgz \
&& mv docker/* /usr/bin/ \
&& rmdir docker \
&& rm docker.tgz \
&& docker -v
# use the Docker copy of tini as our init for zombie reaping
ENTRYPOINT ["/usr/bin/docker-init", "/usr/bin/dockerd"]

View File

@ -1,4 +0,0 @@
IMAGE=docker-ce
NETWORK=1
include ../package.mk

View File

@ -27,10 +27,9 @@ services:
- name: ntpd
image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
- name: docker
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
image: docker:17.06.0-ce-dind
capabilities:
- all
net: host
mounts:
- type: cgroup
options: ["rw","nosuid","noexec","nodev","relatime"]
@ -39,6 +38,7 @@ services:
- /lib/modules:/lib/modules
- /var/run:/var/run
- /var/html:/var/html
command: ["/usr/bin/docker-init", "/usr/bin/dockerd"]
- name: compose
image: linuxkitprojects/compose:0535e78608f57702745dfd56fbe78d28d237e469
binds:

View File

@ -27,10 +27,9 @@ services:
- name: ntpd
image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
- name: docker
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
image: docker:17.06.0-ce-dind
capabilities:
- all
net: host
mounts:
- type: cgroup
options: ["rw","nosuid","noexec","nodev","relatime"]
@ -39,6 +38,7 @@ services:
- /lib/modules:/lib/modules
- /var/run:/var/run
- /var/html:/var/html
command: ["/usr/bin/docker-init", "/usr/bin/dockerd"]
- name: compose
image: linuxkitprojects/compose:0535e78608f57702745dfd56fbe78d28d237e469
binds:

View File

@ -1,4 +1,4 @@
FROM linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
FROM docker:17.06.0-ce-dind
ADD . /images
ENTRYPOINT [ "/bin/sh", "-c" ]
CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]

View File

@ -38,10 +38,9 @@ services:
- name: sshd
image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
- name: docker
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
image: docker:17.06.0-ce-dind
capabilities:
- all
net: host
pid: host
mounts:
- type: cgroup
@ -54,6 +53,7 @@ services:
- /etc/cni:/etc/cni:rshared,rbind
- /opt/cni:/opt/cni:rshared,rbind
rootfsPropagation: shared
command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
- name: kubernetes-image-cache-common
image: linuxkit/kubernetes:latest-image-cache-common
binds:

View File

@ -38,10 +38,9 @@ services:
- name: sshd
image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
- name: docker
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
image: docker:17.06.0-ce-dind
capabilities:
- all
net: host
pid: host
mounts:
- type: cgroup
@ -54,6 +53,7 @@ services:
- /etc/cni:/etc/cni:rshared,rbind
- /opt/cni:/opt/cni:rshared,rbind
rootfsPropagation: shared
command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
- name: kubernetes-image-cache-common
image: linuxkit/kubernetes:latest-image-cache-common
binds:

View File

@ -24,10 +24,9 @@ services:
- name: dhcpcd
image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
- name: docker
image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
image: docker:17.06.0-ce-dind
capabilities:
- all
net: host
mounts:
- type: cgroup
options: ["rw","nosuid","noexec","nodev","relatime"]
@ -35,6 +34,7 @@ services:
- /var/lib/docker:/var/lib/docker
- /lib/modules:/lib/modules
- /run:/var/run
command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
- name: test-docker-bench
image: linuxkit/test-docker-bench:4999d3484771e8466580c0dc2e479595e49faa85
ipc: host