github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-19 17:26:28 +00:00
Code Issues Projects Releases Wiki Activity

move pkg config from Dockerfile to build.yml

Browse Source 
Signed-off-by: Robin Winkelewski <w9ncontact@gmail.com>
This commit is contained in:
Robin Winkelewski 2018-04-24 00:43:50 +02:00
parent 9d2c57564b
commit ffe9ac2319
44 changed files with 162 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/acpid/Dockerfile
View File

@ -17,6 +17,3 @@ COPY --from=mirror /out/ /
COPY --from=mirror2 /out/etc/acpi /etc/acpi COPY --from=mirror2 /out/etc/acpi /etc/acpi
CMD ["/sbin/acpid", "-f", "-d"] CMD ["/sbin/acpid", "-f", "-d"]
LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "pid": "host"}'

4
pkg/acpid/build.yml
View File

@ -1 +1,5 @@
image: acpid image: acpid
config:
binds:
- /dev:/dev
pid: host

1
pkg/binfmt/Dockerfile
View File

@ -22,4 +22,3 @@ COPY --from=mirror /go/bin/binfmt usr/bin/binfmt
COPY --from=mirror /binfmt_misc /binfmt_misc/ COPY --from=mirror /binfmt_misc /binfmt_misc/
COPY etc/binfmt.d/00_linuxkit.conf etc/binfmt.d/00_linuxkit.conf COPY etc/binfmt.d/00_linuxkit.conf etc/binfmt.d/00_linuxkit.conf
CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"] CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"]
LABEL org.mobyproject.config='{"binds": ["/proc/sys/fs/binfmt_misc:/binfmt_misc"], "readonly": true, "net": "new", "ipc": "new"}'

6
pkg/binfmt/build.yml
View File

@ -1,3 +1,9 @@
image: binfmt image: binfmt
arches: arches:
- amd64 - amd64
config:
binds:
- /proc/sys/fs/binfmt_misc:/binfmt_misc
readonly: true
net: new
ipc: new

1
pkg/cadvisor/Dockerfile
View File

@ -37,4 +37,3 @@ COPY --from=build /usr/bin/cadvisor /usr/bin/cadvisor
COPY /waitfordocker.sh /usr/bin/waitfordocker.sh COPY /waitfordocker.sh /usr/bin/waitfordocker.sh
ENTRYPOINT ["/usr/bin/waitfordocker.sh", "/usr/bin/cadvisor", "-logtostderr", "--disable_metrics=disk,tcp,udp"] ENTRYPOINT ["/usr/bin/waitfordocker.sh", "/usr/bin/cadvisor", "-logtostderr", "--disable_metrics=disk,tcp,udp"]
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/var/lib/docker:/var/lib/docker:ro", "/var/run:/var/run", "/sys:/sys:ro", "/etc/resolv.conf:/etc/resolv.conf:ro"], "capabilities": ["all"]}'

9
pkg/cadvisor/build.yml
View File

@ -3,3 +3,12 @@ network: true
arches: arches:
- amd64 - amd64
- arm64 - arm64
config:
pid: host
binds:
- /var/lib/docker:/var/lib/docker:ro
- /var/run:/var/run
- /sys:/sys:ro
- /etc/resolv.conf:/etc/resolv.conf:ro
capabilities:
- all

1
pkg/dhcpcd/Dockerfile
View File

@ -16,4 +16,3 @@ WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
COPY /dhcpcd.conf /usr/ / COPY /dhcpcd.conf /usr/ /
CMD ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf"] CMD ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf"]
LABEL org.mobyproject.config='{"binds": ["/run/resolvconf:/etc"], "capabilities": ["CAP_NET_ADMIN", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SYS_ADMIN"]}'

8
pkg/dhcpcd/build.yml
View File

@ -1 +1,9 @@
image: dhcpcd image: dhcpcd
config:
binds:
- /run/resolvconf:/etc
capabilities:
- CAP_NET_ADMIN
- CAP_NET_BIND_SERVICE
- CAP_NET_RAW
- CAP_SYS_ADMIN

1
pkg/extend/Dockerfile
View File

@ -30,4 +30,3 @@ WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
COPY --from=build /go/bin/extend usr/bin/extend COPY --from=build /go/bin/extend usr/bin/extend
CMD ["/usr/bin/extend"] CMD ["/usr/bin/extend"]
LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}'

8
pkg/extend/build.yml
View File

@ -1 +1,9 @@
image: extend image: extend
config:
binds:
- /dev:/dev
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
net: new
ipc: new

1
pkg/format/Dockerfile
View File

@ -30,4 +30,3 @@ WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
COPY --from=build /go/bin/format usr/bin/format COPY --from=build /go/bin/format usr/bin/format
CMD ["/usr/bin/format"] CMD ["/usr/bin/format"]
LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}'

8
pkg/format/build.yml
View File

@ -1 +1,9 @@
image: format image: format
config:
binds:
- /dev:/dev
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
net: new
ipc: new

1
pkg/getty/Dockerfile
View File

@ -32,4 +32,3 @@ COPY --from=mirror /out/ /
COPY usr/ /usr/ COPY usr/ /usr/
COPY etc/ /etc/ COPY etc/ /etc/
CMD ["/usr/bin/rungetty.sh"] CMD ["/usr/bin/rungetty.sh"]
LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/var/log:/var/log","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'

16
pkg/getty/build.yml
View File

@ -1 +1,17 @@
image: getty image: getty
config:
pid: host
net: host
binds:
- /etc/resolv.conf:/etc/resolv.conf
- /run:/run
- /tmp:/tmp
- /etc:/hostroot/etc
- /usr/bin/ctr:/usr/bin/ctr
- /usr/bin/runc:/usr/bin/runc
- /containers:/containers
- /var/log:/var/log
- /dev:/dev
- /sys:/sys
capabilities:
- all

1
pkg/host-timesync-daemon/Dockerfile
View File

@ -19,4 +19,3 @@ CMD []
WORKDIR / WORKDIR /
COPY --from=mirror /go/bin/host-timesync-daemon /usr/bin/host-timesync-daemon COPY --from=mirror /go/bin/host-timesync-daemon /usr/bin/host-timesync-daemon
CMD ["/usr/bin/host-timesync-daemon", "-port", "0xf3a4"] CMD ["/usr/bin/host-timesync-daemon", "-port", "0xf3a4"]
LABEL org.mobyproject.config='{"binds": [ "/dev/rtc0:/dev/rtc0" ], "capabilities": ["CAP_SYS_TIME"]}'

5
pkg/host-timesync-daemon/build.yml
View File

@ -2,3 +2,8 @@ image: host-timesync-daemon
network: true network: true
arches: arches:
- amd64 - amd64
config:
binds:
- /dev/rtc0:/dev/rtc0
capabilities:
- CAP_SYS_TIME

1
pkg/ip/Dockerfile
View File

@ -24,4 +24,3 @@ ENTRYPOINT []
CMD [] CMD []
WORKDIR / WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
LABEL org.mobyproject.config='{"capabilities": ["CAP_NET_ADMIN", "CAP_NET_RAW"]}'

4
pkg/ip/build.yml
View File

@ -1,2 +1,6 @@
image: ip image: ip
network: true network: true
config:
capabilities:
- CAP_NET_ADMIN
- CAP_NET_RAW

1
pkg/mkimage/Dockerfile
View File

@ -20,4 +20,3 @@ WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
COPY mkimage.sh /usr/bin/ COPY mkimage.sh /usr/bin/
CMD ["mkimage.sh"] CMD ["mkimage.sh"]
LABEL org.mobyproject.config='{"readonly": true, "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "binds": ["/dev:/dev"]}'

7
pkg/mkimage/build.yml
View File

@ -1,3 +1,10 @@
image: mkimage image: mkimage
arches: arches:
- amd64 - amd64
config:
readonly: true
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
binds:
- /dev:/dev

1
pkg/modprobe/Dockerfile
View File

@ -10,4 +10,3 @@ ENTRYPOINT []
CMD [] CMD []
WORKDIR / WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
LABEL org.mobyproject.config='{"binds": ["/lib/modules:/lib/modules", "/sys:/sys"], "capabilities": ["CAP_SYS_MODULE"]}'

6
pkg/modprobe/build.yml
View File

@ -1 +1,7 @@
image: modprobe image: modprobe
config:
binds:
- /lib/modules:/lib/modules
- /sys:/sys
capabilities:
- CAP_SYS_MODULE

1
pkg/mount/Dockerfile
View File

@ -24,4 +24,3 @@ WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
COPY --from=build /go/bin/mountie usr/bin/mountie COPY --from=build /go/bin/mountie usr/bin/mountie
CMD ["/usr/bin/mountie"] CMD ["/usr/bin/mountie"]
LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var:rshared,rbind", "/:/hostroot"], "capabilities": ["CAP_SYS_ADMIN"], "rootfsPropagation": "shared", "net": "new", "ipc": "new"}'

10
pkg/mount/build.yml
View File

@ -1 +1,11 @@
image: mount image: mount
config:
binds:
- /dev:/dev
- /var:/var:rshared,rbind
- /:/hostroot
capabilities:
- CAP_SYS_ADMIN
rootfsPropagation: shared
net: new
ipc: new

2
pkg/node_exporter/Dockerfile
View File

@ -23,5 +23,3 @@ ENTRYPOINT ["/bin/node_exporter", "--path.procfs", "/host/proc", \
"--path.sysfs", "/host/sys", \ "--path.sysfs", "/host/sys", \
"--collector.filesystem.ignored-mount-points", \ "--collector.filesystem.ignored-mount-points", \
"^/(sys|proc|dev|host|etc)($|/)"] "^/(sys|proc|dev|host|etc)($|/)"]
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/proc:/host/proc", "/sys:/host/sys", "/:/rootfs"], "capabilities": ["all"]}'

8
pkg/node_exporter/build.yml
View File

@ -1,2 +1,10 @@
image: node_exporter image: node_exporter
network: true network: true
config:
pid: host
binds:
- /proc:/host/proc
- /sys:/host/sys
- /:/rootfs
capabilities:
- all

2
pkg/open-vm-tools/Dockerfile
View File

@ -15,5 +15,3 @@ WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
COPY scripts /etc/vmware-tools/scripts COPY scripts /etc/vmware-tools/scripts
CMD ["/usr/bin/vmtoolsd"] CMD ["/usr/bin/vmtoolsd"]
LABEL org.mobyproject.config='{"pid": "host", "capabilities": ["CAP_SYS_BOOT"]}'

4
pkg/open-vm-tools/build.yml
View File

@ -1,3 +1,7 @@
image: open-vm-tools image: open-vm-tools
arches: arches:
- amd64 - amd64
config:
pid: host
capabilities:
- CAP_SYS_BOOT

1
pkg/openntpd/Dockerfile
View File

@ -16,4 +16,3 @@ WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
COPY etc/ /etc/ COPY etc/ /etc/
CMD ["/usr/sbin/ntpd", "-d", "-s"] CMD ["/usr/sbin/ntpd", "-d", "-s"]
LABEL org.mobyproject.config='{"binds": ["/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_SYS_TIME", "CAP_SYS_NICE", "CAP_SYS_CHROOT", "CAP_SETUID", "CAP_SETGID"]}'

9
pkg/openntpd/build.yml
View File

@ -1 +1,10 @@
image: openntpd image: openntpd
config:
binds:
- /etc/resolv.conf:/etc/resolv.conf
capabilities:
- CAP_SYS_TIME
- CAP_SYS_NICE
- CAP_SYS_CHROOT
- CAP_SETUID
- CAP_SETGID

1
pkg/qemu-ga/Dockerfile
View File

@ -10,4 +10,3 @@ WORKDIR /
ENTRYPOINT [] ENTRYPOINT []
COPY --from=build /out / COPY --from=build /out /
CMD ["/usr/bin/qemu-ga", "-p", "/dev/vport0p1"] CMD ["/usr/bin/qemu-ga", "-p", "/dev/vport0p1"]
LABEL org.mobyproject.config='{"net": "host"}'

2
pkg/qemu-ga/build.yml
View File

@ -1 +1,3 @@
image: qemu-ga image: qemu-ga
config:
net: host

1
pkg/rngd/Dockerfile
View File

@ -15,4 +15,3 @@ CMD []
WORKDIR / WORKDIR /
COPY --from=mirror /go/bin/rngd /sbin/rngd COPY --from=mirror /go/bin/rngd /sbin/rngd
CMD ["/sbin/rngd"] CMD ["/sbin/rngd"]
LABEL org.mobyproject.config='{"capabilities": ["CAP_SYS_ADMIN"], "oomScoreAdj": -800, "readonly": true, "net": "new", "ipc": "new"}'

7
pkg/rngd/build.yml
View File

@ -1 +1,8 @@
image: rngd image: rngd
config:
capabilities:
- CAP_SYS_ADMIN
oomScoreAdj: -800
readonly: true
net: new
ipc: new

1
pkg/sshd/Dockerfile
View File

@ -22,4 +22,3 @@ COPY etc/ /etc/
COPY usr/ /usr/ COPY usr/ /usr/
RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh
CMD ["/sbin/tini", "/usr/bin/ssh.sh"] CMD ["/sbin/tini", "/usr/bin/ssh.sh"]
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/var/log:/var/log","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'

16
pkg/sshd/build.yml
View File

@ -1 +1,17 @@
image: sshd image: sshd
config:
pid: host
binds:
- /root/.ssh:/root/.ssh
- /etc/resolv.conf:/etc/resolv.conf
- /run:/run
- /tmp:/tmp
- /etc:/hostroot/etc
- /usr/bin/ctr:/usr/bin/ctr
- /usr/bin/runc:/usr/bin/runc
- /containers:/containers
- /var/log:/var/log
- /dev:/dev
- /sys:/sys
capabilities:
- all

1
pkg/swap/Dockerfile
View File

@ -16,4 +16,3 @@ WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
COPY /swap.sh . COPY /swap.sh .
ENTRYPOINT ["swap.sh"] ENTRYPOINT ["swap.sh"]
LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}'

9
pkg/swap/build.yml
View File

@ -1 +1,10 @@
image: swap image: swap
config:
binds:
- /dev:/dev
- /var:/var
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
net: new
ipc: new

1
pkg/sysfs/Dockerfile
View File

@ -13,4 +13,3 @@ WORKDIR /
COPY --from=mirror /go/bin/sysfs /usr/bin/sysfs COPY --from=mirror /go/bin/sysfs /usr/bin/sysfs
COPY etc/ /etc/ COPY etc/ /etc/
CMD ["/usr/bin/sysfs"] CMD ["/usr/bin/sysfs"]
LABEL org.mobyproject.config='{"net": "new", "ipc": "new"}'

3
pkg/sysfs/build.yml
View File

@ -1 +1,4 @@
image: sysfs image: sysfs
config:
net: new
ipc: new

1
pkg/trim-after-delete/Dockerfile
View File

@ -23,4 +23,3 @@ WORKDIR /
COPY --from=mirror /out/ / COPY --from=mirror /out/ /
COPY --from=mirror /go/bin/trim-after-delete /usr/bin/trim-after-delete COPY --from=mirror /go/bin/trim-after-delete /usr/bin/trim-after-delete
CMD ["/usr/bin/trim-after-delete", "--", "/sbin/fstrim", "/var/lib/docker"] CMD ["/usr/bin/trim-after-delete", "--", "/sbin/fstrim", "/var/lib/docker"]
LABEL org.mobyproject.config='{"binds": ["/var/run:/var/run", "/var/lib/docker:/var/lib/docker"], "capabilities": ["CAP_SYS_ADMIN"]}'

6
pkg/trim-after-delete/build.yml
View File

@ -1 +1,7 @@
image: trim-after-delete image: trim-after-delete
config:
binds:
- /var/run:/var/run
- /var/lib/docker:/var/lib/docker
capabilities:
- CAP_SYS_ADMIN

1
pkg/tss/Dockerfile
View File

@ -61,4 +61,3 @@ RUN busybox chmod 0644 /etc/passwd /etc/group && \
busybox rm /bin/busybox /bin/sh busybox rm /bin/busybox /bin/sh
CMD ["/sbin/tcsd","-f"] CMD ["/sbin/tcsd","-f"]
LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/dev:/dev"], "capabilities": ["all"]}'

7
pkg/tss/build.yml
View File

@ -2,3 +2,10 @@ image: tss
network: true network: true
arches: arches:
- amd64 - amd64
config:
pid: host
net: host
binds:
- /dev:/dev
capabilities:
- all