diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index f5e164723..25eb41670 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -9,6 +9,8 @@ init: onboot: - name: sysctl image: "linuxkit/sysctl:3aa6bc663c2849ef239be7d941d3eaf3e6fcc018" + binds: + - /etc/sysctl.d/01-swarmd.conf:/etc/sysctl.d/01-swarmd.conf - name: dhcpcd image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] @@ -29,27 +31,16 @@ services: - name: ntpd image: "linuxkit/openntpd:45deeb05f736162d941c9bf494983f655ab80aa5" - name: swarmd - image: "linuxkit/swarmd:a2f57f14f07fb6d7cded7832b2dabe878b28554e" + image: "linuxkit/swarmd:1002422b78339a767559058d704b086889e90447" command: ["/usr/bin/swarmd", "--containerd-addr=/run/containerd/containerd.sock", "--log-level=debug", "--state-dir=/var/lib/swarmd"] capabilities: - - CAP_CHOWN - - CAP_DAC_OVERRIDE - - CAP_FSETID - - CAP_FOWNER - - CAP_MKNOD - - CAP_NET_RAW - - CAP_SETGID - - CAP_SETUID - - CAP_SETFCAP - - CAP_SETPCAP - - CAP_NET_BIND_SERVICE - - CAP_SYS_CHROOT - - CAP_KILL - - CAP_AUDIT_WRITE + - all pid: host - net: host binds: - /run/containerd/containerd.sock:/run/containerd/containerd.sock - /var/lib/containerd:/var/lib/containerd - /var/lib/swarmd:/var/lib/swarmd - /etc/resolv.conf:/etc/resolv.conf +files: + - path: /etc/sysctl.d/01-swarmd.conf + contents: 'net.ipv4.ip_forward = 1' diff --git a/projects/swarmd/swarmd/Dockerfile b/projects/swarmd/swarmd/Dockerfile index 94c6d6605..08d060f6a 100644 --- a/projects/swarmd/swarmd/Dockerfile +++ b/projects/swarmd/swarmd/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.7-alpine3.5 AS build +FROM linuxkit/alpine:630ee558e4869672fae230c78364e367b8ea67a9 AS build RUN \ apk update && apk upgrade && \ @@ -6,31 +6,42 @@ RUN \ ca-certificates \ gcc \ git \ + go \ libc-dev \ make \ && true -# PR https://github.com/docker/swarmkit/pull/1965 from ijc25/containerd -ENV SWARMKIT_PR=1965 -ENV SWARMKIT_COMMIT=321b9c6600a9422c3245b277a1b3ae599244d4b7 +ENV GOPATH=/root/go + +# https://github.com/ijc25/swarmkit/tree/containerd-wip +ENV SWARMKIT_REPO=https://github.com/ijc25/swarmkit +ENV SWARMKIT_BRANCH=containerd-wip +ENV SWARMKIT_COMMIT=cb429323fa86df0c279a8d629e674f79a20e01e3 RUN mkdir -p $GOPATH/src/github.com/docker && \ cd $GOPATH/src/github.com/docker && \ - git clone https://github.com/docker/swarmkit.git + git clone $SWARMKIT_REPO WORKDIR $GOPATH/src/github.com/docker/swarmkit -RUN [ -z "$SWARMKIT_PR" ] || git fetch origin pull/$SWARMKIT_PR/head +RUN [ -z "$SWARMKIT_BRANCH" ] || git fetch origin $SWARMKIT_BRANCH RUN git checkout $SWARMKIT_COMMIT RUN make binaries GO_GCFLAGS="-buildmode pie --ldflags '-extldflags \"-fno-PIC -static\"'" -RUN mkdir -p /build/dist/usr/bin/ /build/dist/etc -RUN cp bin/swarmd bin/swarmctl /build/dist/usr/bin/ -RUN strip /build/dist/usr/bin/swarmd /build/dist/usr/bin/swarmctl +RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ +RUN apk add --no-cache --initdb -p /out \ + alpine-baselayout \ + busybox \ + ca-certificates \ + iptables \ + musl \ + util-linux -RUN cp -r /etc/ssl /build/dist/etc/ssl +RUN mkdir -p /out/usr/bin/ /out/etc +RUN cp bin/swarmd bin/swarmctl /out/usr/bin/ +RUN strip /out/usr/bin/swarmd /out/usr/bin/swarmctl FROM scratch WORKDIR / ENTRYPOINT [] -COPY --from=build /build/dist / +COPY --from=build /out / CMD ["/usr/bin/swarmd", "--containerd-addr=/run/containerd/containerd.sock", "--log-level=debug", "--state-dir=/var/lib/swarmd"] diff --git a/projects/swarmd/swarmd/Makefile b/projects/swarmd/swarmd/Makefile index 5b4340b17..13ae4dd66 100644 --- a/projects/swarmd/swarmd/Makefile +++ b/projects/swarmd/swarmd/Makefile @@ -1,6 +1,7 @@ .PHONY: tag push all: push +ORG?=linuxkit IMAGE=swarmd HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') @@ -8,7 +9,7 @@ HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') default: push tag: Dockerfile - docker build -t linuxkit/$(IMAGE):$(HASH) . + docker build --no-cache -t $(ORG)/$(IMAGE):$(HASH) . push: tag - docker pull linuxkit/$(IMAGE):$(HASH) || docker push linuxkit/$(IMAGE):$(HASH) + docker pull $(ORG)/$(IMAGE):$(HASH) || docker push $(ORG)/$(IMAGE):$(HASH)