This vendors containerd v1.0.0-beta.1
Enable seccomp support at build time.
Requires /dev bind mount so it can use /dev/disk/by-uuid to resolve devices to
uuids.
Signed-off-by: Ian Campbell <ijc@docker.com>
Some software (such as cri-containerd and kubelet) rely on the presence of
these links, which are usually created by udev.
Inspired by 74b145b5c7/sourceroot/functions.sh (L93...L124)
but rewritten in go.
Signed-off-by: Ian Campbell <ijc@docker.com>
golint on pkg/init now complains:
golint...
./init.go:199:2: redundant if ...; err != nil check, just return error instead.
Resulting in a change which doesn't seem like an improvement to me.
Signed-off-by: Ian Campbell <ijc@docker.com>
Currently projects/kubernetes pulls in the binaries, adding these dependencies
will allow us to build them as part of our packaging process.
Signed-off-by: Ian Campbell <ijc@docker.com>
Notie, the instructions added in: https://github.com/Microsoft/opengcs/pull/147
add a commit to revert another patch in this series. Instead of applying
c15d7f606f8 ("Revert "vmbus: destroy a hv_sock device only after the RESCIND_OFFER
is received"") we simply drop the orginal commit e37da6e7a52ea6 ("vmbus: destroy a
hv_sock device only after the RESCIND_OFFER is received") from our list.
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This patch uses coreos grub2 instead of the built-in gummiboot
tool with Alpine distribution.
Coreos grub2 has the security feature such as TPM and kernel
verification, so we can setup a trust chain when loading
modules with grub2.
GNU grub2[1] also has the plan to add those security related
features, they have a 'verifiers' branch to do that, but
there're some build issue need to fix,so this patch use
coreos as an alternative.
This patch is used to address the #2359#2375.
Thanks Avi Deitcher <avi@deitcher.net> for the contribution
to build the GRUB2 from ubuntu 16.04 to alpine base image.
Change Log:
1.Address the comments raised by @rn
2.Change the '/dev/vda' as the device name point by kernel command
line 'root=' on arm64, '/dev/sr0' on amd64. As next plan, we can adapt
a more flexible method to get the dev name of the CDROM.
3.Switch the base image to build grub2 from ubuntu 16.04 to alpine.
4.'linux' as the grub2 menu entry on arm64, while 'linuxefi' on amd64.
[1] https://git.savannah.gnu.org/git/grub.git
Signed-off-by: Dennis Chen <dennis.chen@arm.com>
We always had 1G swap to work better with small memory setups, but this
was omitted in the update to LinuxKit.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This makes it easier to add the containerd testing tools like
`containerd-stress` to test packages, for example, and also at
some point move `ctr` out of the base image as it can be installed
from the alpine image.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Set KUBE_MASTER_AUTOINIT when using boot.sh to enable. User will need to pick
up the token for other nodes using `kubeadm token list`.
Signed-off-by: Ian Campbell <ijc@docker.com>
Rework the kubelet.sh script by adding an explicit step which waits for the
configuration to be valid, either by finding appropriate metadata or by waiting
explicitly for kubelet.conf to be created (e.g. by kubeadm) before launching
kubelet. The previous construct was implicitly waiting for kubelet.conf to be
created since kubelet fails if that file is not present.
Pull the set of start of day yaml files to be applied (currently just weave)
out of the kubelet image and into the LinuxKit yaml by providing a directory
which is searched for *.yaml after init.
Signed-off-by: Ian Campbell <ijc@docker.com>
