kubernetes: Build image using Dockerfile and standard build system

This is a pretty straight port of the previous box stuff, without much attempt
to clean things up.

Image label is a placeholder, will update once a batch of changes are complete.

Signed-off-by: Ian Campbell <ijc@docker.com>

projects/kubernetes/Makefile

@@ -1,18 +1,10 @@
 all: build-container-images build-vm-images
 
-BOX_PLANS = kubernetes.rb
+build-container-images:
+	make -C kubernetes tag
 
-build-container-images: $(BOX_PLANS)
+push-container-images: cache-images
-	for plan in $(BOX_PLANS) ; do \
+	make -C kubernetes push
-	  docker run --rm -ti \
-	    -v $(PWD):$(PWD) \
-	    -v /var/run/docker.sock:/var/run/docker.sock \
-	    -w $(PWD) \
-	      boxbuilder/box:master $$plan \
-	; done
-
-push-container-images: build-container-images cache-images
-	docker image push linuxkit/kubernetes:latest
 	docker image push linuxkit/kubernetes:latest-image-cache-common
 	docker image push linuxkit/kubernetes:latest-image-cache-control-plane
 

projects/kubernetes/common.rb

@@ -1,24 +0,0 @@
-@image_name = "linuxkit/kubernetes"
-
-@versions = {
-  kubernetes: 'v1.6.1',
-  weave: 'v1.9.4',
-  cni: '0799f5732f2a11b329d9e3d51b9c8f2e3759f2ff',
-}
-
-def install_packages pkgs
-  cmds = [
-    %(apk update),
-    %(apk add #{pkgs.join(' ')}),
-  ]
-
-  cmds.each { |cmd| run cmd }
-end
-
-def create_shell_wrapper script, path
-  run "echo \"#!/bin/sh\n#{script}\n\" > #{path} && chmod 0755 #{path}"
-end
-
-def mount_bind src, dst
-  "mount --bind #{src} #{dst}"
-end

projects/kubernetes/kube-master.yml

@@ -62,7 +62,7 @@ services:
     binds:
       - /var/run:/var/run
   - name: kubelet
-    image: linuxkit/kubernetes:latest
+    image: linuxkitprojects/kubernetes:dev
     capabilities:
      - all
     net: host

projects/kubernetes/kube-node.yml

@@ -58,7 +58,7 @@ services:
     binds:
       - /var/run:/var/run
   - name: kubelet
-    image: linuxkit/kubernetes:latest
+    image: linuxkitprojects/kubernetes:dev
     capabilities:
      - all
     net: host

projects/kubernetes/kubernetes.rb

@@ -1,77 +0,0 @@
-import 'common.rb'
-
-from "alpine:edge"
-
-def install_node_dependencies
-  kube_release_artefacts = "https://dl.k8s.io/#{@versions[:kubernetes]}/bin/linux/amd64"
-  cni_release_artefacts = "https://dl.k8s.io/network-plugins/cni-amd64-#{@versions[:cni]}.tar.gz"
-  weave_launcher = "https://cloud.weave.works/k8s/v1.6/net?v=#{@versions[:weave]}"
-
-  download_files = [
-    '/etc/weave.yaml' => {
-      url: weave_launcher,
-      mode: '0644',
-    },
-    '/tmp/cni.tgz' => {
-      url: cni_release_artefacts,
-      mode: '0644',
-    },
-    '/usr/bin/kubelet' => {
-      url: "#{kube_release_artefacts}/kubelet",
-      mode: '0755',
-    },
-    '/usr/bin/kubeadm' => {
-      url: "#{kube_release_artefacts}/kubeadm",
-      mode: '0755',
-    },
-    '/usr/bin/kubectl' => {
-      url: "#{kube_release_artefacts}/kubectl",
-      mode: '0755',
-    },
-  ]
-
-  download_files.each do |file|
-    file.each do |dest,info|
-      run %(curl --output "#{dest}" --fail --silent --location "#{info[:url]}")
-      run %(chmod "#{info[:mode]}" "#{dest}")
-    end
-  end
-
-  run "mkdir -p /opt/cni/bin /etc/cni/net.d && tar xzf /tmp/cni.tgz -C /opt/cni && rm -f /tmp/cni.tgz"
-end
-
-def kubelet_cmd
-  %w(
-    kubelet
-      --kubeconfig=/var/lib/kubeadm/kubelet.conf --require-kubeconfig=true
-      --pod-manifest-path=/var/lib/kubeadm/manifests --allow-privileged=true
-      --cluster-dns=10.96.0.10 --cluster-domain=cluster.local
-      --cgroups-per-qos=false --enforce-node-allocatable=""
-      --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin
-  )
-end
-
-kubelet_dependencies = %w(libc6-compat util-linux iproute2 iptables ebtables ethtool socat curl)
-install_packages kubelet_dependencies
-install_node_dependencies
-
-# Exploit shared mounts, give CNI paths back to the host
-mount_cni_dirs = [
-  mount_bind("/opt/cni", "/rootfs/opt/cni"),
-  mount_bind("/etc/cni", "/rootfs/etc/cni"),
-]
-
-# At the moment we trigger `kubeadm init` manually on the master, then start nodes which expect `kubeadm join` args in metadata volume
-wait_for_node_metadata_or_sleep_until_master_init = "[ ! -e /dev/sr0 ] && sleep 1 || (mount -o ro /dev/sr0 /mnt && kubeadm join --skip-preflight-checks \\\$(cat /mnt/config))"
-
-create_shell_wrapper "#{mount_cni_dirs.join(' && ')} && until #{kubelet_cmd.join(' ')} ; do #{wait_for_node_metadata_or_sleep_until_master_init} ; done", '/usr/bin/kubelet.sh'
-
-create_shell_wrapper "kubeadm init --skip-preflight-checks --kubernetes-version #{@versions[:kubernetes]} && kubectl create -n kube-system -f /etc/weave.yaml", '/usr/bin/kubeadm-init.sh'
-
-flatten
-
-env KUBECONFIG: "/etc/kubernetes/admin.conf"
-
-set_exec entrypoint: %w(kubelet.sh)
-
-tag "#{@image_name}:latest"

projects/kubernetes/kubernetes/Dockerfile

@@ -0,0 +1,48 @@
+#FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS build
+# XXX needs ebtables ethtool iproute2 libc6-compat socat
+FROM alpine:3.6 AS build
+
+ENV kubernetes_version v1.6.1
+ENV weave_version      v1.9.4
+ENV cni_version        0799f5732f2a11b329d9e3d51b9c8f2e3759f2ff
+
+ENV kube_release_artefacts "https://dl.k8s.io/${kubernetes_version}/bin/linux/amd64"
+
+RUN apk add -U --no-cache \
+  curl \
+  && true
+
+RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
+RUN apk add --no-cache --initdb -p /out \
+    alpine-baselayout \
+    busybox \
+    ca-certificates \
+    curl \
+    ebtables \
+    ethtool \
+    iproute2 \
+    iptables \
+    libc6-compat \
+    musl \
+    socat \
+    util-linux \
+    && true
+# Remove apk residuals. We have a read-only rootfs, so apk is of no use.
+RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
+
+ADD kubelet.sh /out/usr/bin/kubelet.sh
+ADD kubeadm-init.sh /out/usr/bin/kubeadm-init.sh
+
+RUN curl -fSL -o /tmp/cni.tgz https://dl.k8s.io/network-plugins/cni-amd64-${cni_version}.tar.gz && \
+    mkdir -p /out/opt/cni /out/etc/cni/net.d && \
+    tar -xzf /tmp/cni.tgz -C /out/opt/cni
+RUN curl -fSL -o /out/etc/weave.yaml https://cloud.weave.works/k8s/v1.6/net?v=${weave_version} 
+RUN curl -fSL -o /out/usr/bin/kubelet https://dl.k8s.io/${kubernetes_version}/bin/linux/amd64/kubelet && chmod 0755 /out/usr/bin/kubelet
+RUN curl -fSL -o /out/usr/bin/kubeadm https://dl.k8s.io/${kubernetes_version}/bin/linux/amd64/kubeadm && chmod 0755 /out/usr/bin/kubeadm
+RUN curl -fSL -o /out/usr/bin/kubectl https://dl.k8s.io/${kubernetes_version}/bin/linux/amd64/kubectl && chmod 0755 /out/usr/bin/kubectl
+
+FROM scratch
+WORKDIR /
+ENTRYPOINT ["/usr/bin/kubelet.sh"]
+COPY --from=build /out /
+ENV KUBECONFIG "/etc/kubernetes/admin.conf"

projects/kubernetes/kubernetes/Makefile

@@ -0,0 +1,6 @@
+ORG?=linuxkitprojects
+IMAGE=kubernetes
+NETWORK=1
+NOTRUST=1
+
+include ../../../pkg/package.mk

projects/kubernetes/kubernetes/kubeadm-init.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+kubeadm init --skip-preflight-checks --kubernetes-version v1.6.1 && kubectl create -n kube-system -f /etc/weave.yaml

projects/kubernetes/kubernetes/kubelet.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+mount --bind /opt/cni /rootfs/opt/cni && mount --bind /etc/cni /rootfs/etc/cni && until kubelet --kubeconfig=/var/lib/kubeadm/kubelet.conf --require-kubeconfig=true --pod-manifest-path=/var/lib/kubeadm/manifests --allow-privileged=true --cluster-dns=10.96.0.10 --cluster-domain=cluster.local --cgroups-per-qos=false --enforce-node-allocatable= --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin ; do [ ! -e /dev/sr0 ] && sleep 1 || (mount -o ro /dev/sr0 /mnt && kubeadm join --skip-preflight-checks $(cat /mnt/config)) ; done