github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-10-31 00:45:22 +00:00
Code Issues Projects Releases Wiki Activity

move pkg config from Dockerfile to build.yml

Browse Source 
Signed-off-by: Robin Winkelewski <w9ncontact@gmail.com>
This commit is contained in:
Robin Winkelewski
2018-04-24 00:43:50 +02:00
parent 9d2c57564b
commit ffe9ac2319
44 changed files with 162 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/acpid/Dockerfile
View File

@@ -17,6 +17,3 @@ COPY --from=mirror /out/ /
COPY --from=mirror2 /out/etc/acpi /etc/acpi
CMD ["/sbin/acpid", "-f", "-d"]
LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "pid": "host"}'

4
pkg/acpid/build.yml
View File

@@ -1 +1,5 @@
image: acpid
config:
binds:
- /dev:/dev
pid: host

1
pkg/binfmt/Dockerfile
View File

@@ -22,4 +22,3 @@ COPY --from=mirror /go/bin/binfmt usr/bin/binfmt
COPY --from=mirror /binfmt_misc /binfmt_misc/
COPY etc/binfmt.d/00_linuxkit.conf etc/binfmt.d/00_linuxkit.conf
CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"]
LABEL org.mobyproject.config='{"binds": ["/proc/sys/fs/binfmt_misc:/binfmt_misc"], "readonly": true, "net": "new", "ipc": "new"}'

6
pkg/binfmt/build.yml
View File

@@ -1,3 +1,9 @@
image: binfmt
arches:
- amd64
config:
binds:
- /proc/sys/fs/binfmt_misc:/binfmt_misc
readonly: true
net: new
ipc: new

1
pkg/cadvisor/Dockerfile
View File

@@ -37,4 +37,3 @@ COPY --from=build /usr/bin/cadvisor /usr/bin/cadvisor
COPY /waitfordocker.sh /usr/bin/waitfordocker.sh
ENTRYPOINT ["/usr/bin/waitfordocker.sh", "/usr/bin/cadvisor", "-logtostderr", "--disable_metrics=disk,tcp,udp"]
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/var/lib/docker:/var/lib/docker:ro", "/var/run:/var/run", "/sys:/sys:ro", "/etc/resolv.conf:/etc/resolv.conf:ro"], "capabilities": ["all"]}'

9
pkg/cadvisor/build.yml
View File

@@ -3,3 +3,12 @@ network: true
arches:
- amd64
- arm64
config:
pid: host
binds:
- /var/lib/docker:/var/lib/docker:ro
- /var/run:/var/run
- /sys:/sys:ro
- /etc/resolv.conf:/etc/resolv.conf:ro
capabilities:
- all

1
pkg/dhcpcd/Dockerfile
View File

@@ -16,4 +16,3 @@ WORKDIR /
COPY --from=mirror /out/ /
COPY /dhcpcd.conf /usr/ /
CMD ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf"]
LABEL org.mobyproject.config='{"binds": ["/run/resolvconf:/etc"], "capabilities": ["CAP_NET_ADMIN", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SYS_ADMIN"]}'

8
pkg/dhcpcd/build.yml
View File

@@ -1 +1,9 @@
image: dhcpcd
config:
binds:
- /run/resolvconf:/etc
capabilities:
- CAP_NET_ADMIN
- CAP_NET_BIND_SERVICE
- CAP_NET_RAW
- CAP_SYS_ADMIN

1
pkg/extend/Dockerfile
View File

@@ -30,4 +30,3 @@ WORKDIR /
COPY --from=mirror /out/ /
COPY --from=build /go/bin/extend usr/bin/extend
CMD ["/usr/bin/extend"]
LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}'

8
pkg/extend/build.yml
View File

@@ -1 +1,9 @@
image: extend
config:
binds:
- /dev:/dev
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
net: new
ipc: new

1
pkg/format/Dockerfile
View File

@@ -30,4 +30,3 @@ WORKDIR /
COPY --from=mirror /out/ /
COPY --from=build /go/bin/format usr/bin/format
CMD ["/usr/bin/format"]
LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}'

8
pkg/format/build.yml
View File

@@ -1 +1,9 @@
image: format
config:
binds:
- /dev:/dev
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
net: new
ipc: new

1
pkg/getty/Dockerfile
View File

@@ -32,4 +32,3 @@ COPY --from=mirror /out/ /
COPY usr/ /usr/
COPY etc/ /etc/
CMD ["/usr/bin/rungetty.sh"]
LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/var/log:/var/log","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'

16
pkg/getty/build.yml
View File

@@ -1 +1,17 @@
image: getty
config:
pid: host
net: host
binds:
- /etc/resolv.conf:/etc/resolv.conf
- /run:/run
- /tmp:/tmp
- /etc:/hostroot/etc
- /usr/bin/ctr:/usr/bin/ctr
- /usr/bin/runc:/usr/bin/runc
- /containers:/containers
- /var/log:/var/log
- /dev:/dev
- /sys:/sys
capabilities:
- all

1
pkg/host-timesync-daemon/Dockerfile
View File

@@ -19,4 +19,3 @@ CMD []
WORKDIR /
COPY --from=mirror /go/bin/host-timesync-daemon /usr/bin/host-timesync-daemon
CMD ["/usr/bin/host-timesync-daemon", "-port", "0xf3a4"]
LABEL org.mobyproject.config='{"binds": [ "/dev/rtc0:/dev/rtc0" ], "capabilities": ["CAP_SYS_TIME"]}'

5
pkg/host-timesync-daemon/build.yml
View File

@@ -2,3 +2,8 @@ image: host-timesync-daemon
network: true
arches:
- amd64
config:
binds:
- /dev/rtc0:/dev/rtc0
capabilities:
- CAP_SYS_TIME

1
pkg/ip/Dockerfile
View File

@@ -24,4 +24,3 @@ ENTRYPOINT []
CMD []
WORKDIR /
COPY --from=mirror /out/ /
LABEL org.mobyproject.config='{"capabilities": ["CAP_NET_ADMIN", "CAP_NET_RAW"]}'

4
pkg/ip/build.yml
View File

@@ -1,2 +1,6 @@
image: ip
network: true
config:
capabilities:
- CAP_NET_ADMIN
- CAP_NET_RAW

1
pkg/mkimage/Dockerfile
View File

@@ -20,4 +20,3 @@ WORKDIR /
COPY --from=mirror /out/ /
COPY mkimage.sh /usr/bin/
CMD ["mkimage.sh"]
LABEL org.mobyproject.config='{"readonly": true, "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "binds": ["/dev:/dev"]}'

7
pkg/mkimage/build.yml
View File

@@ -1,3 +1,10 @@
image: mkimage
arches:
- amd64
config:
readonly: true
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
binds:
- /dev:/dev

1
pkg/modprobe/Dockerfile
View File

@@ -10,4 +10,3 @@ ENTRYPOINT []
CMD []
WORKDIR /
COPY --from=mirror /out/ /
LABEL org.mobyproject.config='{"binds": ["/lib/modules:/lib/modules", "/sys:/sys"], "capabilities": ["CAP_SYS_MODULE"]}'

6
pkg/modprobe/build.yml
View File

@@ -1 +1,7 @@
image: modprobe
config:
binds:
- /lib/modules:/lib/modules
- /sys:/sys
capabilities:
- CAP_SYS_MODULE

1
pkg/mount/Dockerfile
View File

@@ -24,4 +24,3 @@ WORKDIR /
COPY --from=mirror /out/ /
COPY --from=build /go/bin/mountie usr/bin/mountie
CMD ["/usr/bin/mountie"]
LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var:rshared,rbind", "/:/hostroot"], "capabilities": ["CAP_SYS_ADMIN"], "rootfsPropagation": "shared", "net": "new", "ipc": "new"}'

10
pkg/mount/build.yml
View File

@@ -1 +1,11 @@
image: mount
config:
binds:
- /dev:/dev
- /var:/var:rshared,rbind
- /:/hostroot
capabilities:
- CAP_SYS_ADMIN
rootfsPropagation: shared
net: new
ipc: new

2
pkg/node_exporter/Dockerfile
View File

@@ -23,5 +23,3 @@ ENTRYPOINT ["/bin/node_exporter", "--path.procfs", "/host/proc", \
"--path.sysfs", "/host/sys", \
"--collector.filesystem.ignored-mount-points", \
"^/(sys|proc|dev|host|etc)($|/)"]
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/proc:/host/proc", "/sys:/host/sys", "/:/rootfs"], "capabilities": ["all"]}'

8
pkg/node_exporter/build.yml
View File

@@ -1,2 +1,10 @@
image: node_exporter
network: true
config:
pid: host
binds:
- /proc:/host/proc
- /sys:/host/sys
- /:/rootfs
capabilities:
- all

2
pkg/open-vm-tools/Dockerfile
View File

@@ -15,5 +15,3 @@ WORKDIR /
COPY --from=mirror /out/ /
COPY scripts /etc/vmware-tools/scripts
CMD ["/usr/bin/vmtoolsd"]
LABEL org.mobyproject.config='{"pid": "host", "capabilities": ["CAP_SYS_BOOT"]}'

4
pkg/open-vm-tools/build.yml
View File

@@ -1,3 +1,7 @@
image: open-vm-tools
arches:
- amd64
config:
pid: host
capabilities:
- CAP_SYS_BOOT

1
pkg/openntpd/Dockerfile
View File

@@ -16,4 +16,3 @@ WORKDIR /
COPY --from=mirror /out/ /
COPY etc/ /etc/
CMD ["/usr/sbin/ntpd", "-d", "-s"]
LABEL org.mobyproject.config='{"binds": ["/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_SYS_TIME", "CAP_SYS_NICE", "CAP_SYS_CHROOT", "CAP_SETUID", "CAP_SETGID"]}'

9
pkg/openntpd/build.yml
View File

@@ -1 +1,10 @@
image: openntpd
config:
binds:
- /etc/resolv.conf:/etc/resolv.conf
capabilities:
- CAP_SYS_TIME
- CAP_SYS_NICE
- CAP_SYS_CHROOT
- CAP_SETUID
- CAP_SETGID

1
pkg/qemu-ga/Dockerfile
View File

@@ -10,4 +10,3 @@ WORKDIR /
ENTRYPOINT []
COPY --from=build /out /
CMD ["/usr/bin/qemu-ga", "-p", "/dev/vport0p1"]
LABEL org.mobyproject.config='{"net": "host"}'

2
pkg/qemu-ga/build.yml
View File

@@ -1 +1,3 @@
image: qemu-ga
config:
net: host

1
pkg/rngd/Dockerfile
View File

@@ -15,4 +15,3 @@ CMD []
WORKDIR /
COPY --from=mirror /go/bin/rngd /sbin/rngd
CMD ["/sbin/rngd"]
LABEL org.mobyproject.config='{"capabilities": ["CAP_SYS_ADMIN"], "oomScoreAdj": -800, "readonly": true, "net": "new", "ipc": "new"}'

7
pkg/rngd/build.yml
View File

@@ -1 +1,8 @@
image: rngd
config:
capabilities:
- CAP_SYS_ADMIN
oomScoreAdj: -800
readonly: true
net: new
ipc: new

1
pkg/sshd/Dockerfile
View File

@@ -22,4 +22,3 @@ COPY etc/ /etc/
COPY usr/ /usr/
RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh
CMD ["/sbin/tini", "/usr/bin/ssh.sh"]
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/var/log:/var/log","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'

16
pkg/sshd/build.yml
View File

@@ -1 +1,17 @@
image: sshd
config:
pid: host
binds:
- /root/.ssh:/root/.ssh
- /etc/resolv.conf:/etc/resolv.conf
- /run:/run
- /tmp:/tmp
- /etc:/hostroot/etc
- /usr/bin/ctr:/usr/bin/ctr
- /usr/bin/runc:/usr/bin/runc
- /containers:/containers
- /var/log:/var/log
- /dev:/dev
- /sys:/sys
capabilities:
- all

1
pkg/swap/Dockerfile
View File

@@ -16,4 +16,3 @@ WORKDIR /
COPY --from=mirror /out/ /
COPY /swap.sh .
ENTRYPOINT ["swap.sh"]
LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}'

9
pkg/swap/build.yml
View File

@@ -1 +1,10 @@
image: swap
config:
binds:
- /dev:/dev
- /var:/var
capabilities:
- CAP_SYS_ADMIN
- CAP_MKNOD
net: new
ipc: new

1
pkg/sysfs/Dockerfile
View File

@@ -13,4 +13,3 @@ WORKDIR /
COPY --from=mirror /go/bin/sysfs /usr/bin/sysfs
COPY etc/ /etc/
CMD ["/usr/bin/sysfs"]
LABEL org.mobyproject.config='{"net": "new", "ipc": "new"}'

3
pkg/sysfs/build.yml
View File

@@ -1 +1,4 @@
image: sysfs
config:
net: new
ipc: new

1
pkg/trim-after-delete/Dockerfile
View File

@@ -23,4 +23,3 @@ WORKDIR /
COPY --from=mirror /out/ /
COPY --from=mirror /go/bin/trim-after-delete /usr/bin/trim-after-delete
CMD ["/usr/bin/trim-after-delete", "--", "/sbin/fstrim", "/var/lib/docker"]
LABEL org.mobyproject.config='{"binds": ["/var/run:/var/run", "/var/lib/docker:/var/lib/docker"], "capabilities": ["CAP_SYS_ADMIN"]}'

6
pkg/trim-after-delete/build.yml
View File

@@ -1 +1,7 @@
image: trim-after-delete
config:
binds:
- /var/run:/var/run
- /var/lib/docker:/var/lib/docker
capabilities:
- CAP_SYS_ADMIN

1
pkg/tss/Dockerfile
View File

@@ -61,4 +61,3 @@ RUN busybox chmod 0644 /etc/passwd /etc/group && \
busybox rm /bin/busybox /bin/sh
CMD ["/sbin/tcsd","-f"]
LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/dev:/dev"], "capabilities": ["all"]}'

7
pkg/tss/build.yml
View File

@@ -2,3 +2,10 @@ image: tss
network: true
arches:
- amd64
config:
pid: host
net: host
binds:
- /dev:/dev
capabilities:
- all