This is a bit gross, but hopefully this script will be written in go sooner
rather than later and in the meantime this avoids the need to install yet
another tool on user's systems (and get it into brew etc).
Checkin the result of `go:generate` for now. Once there are no more users of
push-manifest.sh it can be moved alongside the go code (if it hasn't been
rewritten in go along the way).
Signed-off-by: Ian Campbell <ijc@docker.com>
This implements the proposal in #2564 and converts a handful of representative
or especially interesting (from a build PoV) packages to use it.
For now those pkg/* affected get a stub-`Makefile`, once all packages are
converted then `pkg/Makefile` can be adjusted and those stubs can be removed.
For now only `pkg/package.mk`'s functionality is implemented. In particular:
- `push-manifest.sh` remains a separate script, to enable calling it on systems
with just the LinuxKit tools installed arrange to install it under a less
generic name.
- `kernel` and `tools/alpine` do not use `pkg/package.mk` and those cases are
not yet fully considered/covered.
I have updated the documentation assuming that the existing uses of
`pkg/package.mk` will be removed quite soon in a follow up PR rather than
trying to document the situation which results after just this commit.
Due to `cmd/linuxkit` now gaining a library the build needs adjusting slightly to
allow both `make bin/linuxkit` and `go build` to work.
`go vet` has forced me to write some rather asinine comments for things that
are rather obvious from the name.
Signed-off-by: Ian Campbell <ijc@docker.com>
These packages include the wireguard tools which need to be
updated due to the wireguard kernel bump in:
43db718f14 ("wireguard: version bump").
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
In particular also fix the wireguard test whose kernel
tag hasn't been updated for quite some time...
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
If the YAML file contains:
- path: etc/linuxkit.yml
metadata: yaml
in the fil section, the image was build with content trust,
then the linuxkit.yml file image contains fully qualified
image references (including the sha256).
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
Instead of passing the image name as string use the a reference
to a containerd reference.Spec. This allows us, for example,
to update the reference in place when verifying content trust
with more specific information, such as the sha256
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
When constructing a Moby structure from a YAML also
extract a containerd reference.Spec for each image
and the kernel.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
We want to modify some of the content of the Image structure
and thus have to pass them by reference.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This is a tarball of the kernel, initrd and cmdline files, suitable for
sending to the mkimage images that expect this format.
Note you can't currently stream this output format using `-o` will clean this
up in future commits.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Unfortunately some options (such as enabling dynamic registration of
initializers) can only be enabled by a `--config foo.yaml` argument.
Furthermore some command-line options (such as the kubernetes version)
cannot be used in combination with the config file.
This patch checks for a supplied /etc/kubeadm/kubeadm.yaml and uses
it if it exists, otherwise it falls back to the original command-line.
Note it is safe to use the `--skip-*` options in combination with the
`--config` option.
Signed-off-by: David Scott <dave.scott@docker.com>
The next commit will start using some components of containerd
so vendor the latest version.
The latest vndr also removed some un-needed files previously vendored.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
It is possible to get rebooted halfway through the init process, after key
files like `/etc/kubernetes/kubelet.conf` have been created but before full
cluster setup is complete or networking is applied.
Right now the idempotency of kubeadm (or backing out from this half-way state
and resuming the initialisation) is not something I have investigated. By
dropped stamps before and after at least the situation will be somewhat
detectable/diagnosable so the user can e.g. nuke their persistent disk and
start again.
Signed-off-by: Ian Campbell <ijc@docker.com>
If a stamp file is present in the metadata then untaint.
This is useful for dev environments where you only want to start a single vm.
The construction of the metadata becomes a little more complex to produce
correct json syntax now that there are two (independent) possible options.
Likewise the kubelet.sh script now takes the presence of /var/config/kubeadm
(rather than /var/config/kubeadm/init) as the signal to use the more structured
setup, since we may now have /var/config/kubeadm/untaint-master but not
/var/config/kubeadm/init so would otherwise end up passing the contents of
`/var/config/userdata` (something like `{ "kubeadm": { "untaint-master": "" }
}`) to `kubeadm` and confusing it enormously.
Signed-off-by: Ian Campbell <ijc@docker.com>
We are going to phase out the LinuxKit build option, in favour of keeping Docker
or a native Linux build option for CI use cases, as it is faster. So the
hyperkit option that only worked in one very limited use case is not needed.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This is a useful read only filesystem for images that is efficient and
small as it supports compression.
For many use cases, when you are writing to media, it makes more sense than
using an initramfs as it does not require RAM, and it is more suitable for
disk media than ISO.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
/usr/libexec/kubernetes/kubelet-plugins is a new path in Kube 1.8 (related to
flexvolumes) which should be persisted. Like /etc/cni and /opt/cni we also need
to arrange for this path to be valid in the host environment (since various
system containers will try and mount bind mount it).
Signed-off-by: Ian Campbell <ijc@docker.com>
With kube 1.8 kubeadm initially configures worker nodes with a
bootstrap-kubelet.conf. Adjust our start of day scripting to DTRT.
Signed-off-by: Ian Campbell <ijc@docker.com>
