rke/dind/dind.go

package dind

import (
	"context"
	"fmt"

	"github.com/docker/docker/api/types"
	"github.com/docker/docker/api/types/container"
	"github.com/docker/docker/client"
	"github.com/rancher/rke/docker"
	"github.com/rancher/rke/util"
	"github.com/sirupsen/logrus"
)

const (
	DINDImage           = "docker:19.03.12-dind"
	DINDContainerPrefix = "rke-dind"
	DINDPlane           = "dind"
	DINDNetwork         = "dind-network"
	DINDSubnet          = "172.18.0.0/16"
)

func StartUpDindContainer(ctx context.Context, dindAddress, dindNetwork, dindStorageDriver, dindDNS string) (string, error) {
	cli, err := client.NewEnvClient()
	if err != nil {
		return "", err
	}
	// its recommended to use host's storage driver
	dockerInfo, err := cli.Info(ctx)
	if err != nil {
		return "", err
	}
	storageDriver := dindStorageDriver
	if len(storageDriver) == 0 {
		storageDriver = dockerInfo.Driver
	}

	// Get dind container name
	containerName := fmt.Sprintf("%s-%s", DINDContainerPrefix, dindAddress)
	_, err = cli.ContainerInspect(ctx, containerName)
	if err != nil {
		if !client.IsErrNotFound(err) {
			return "", err
		}
		if err := docker.UseLocalOrPull(ctx, cli, cli.DaemonHost(), DINDImage, DINDPlane, nil); err != nil {
			return "", err
		}
		binds := []string{
			fmt.Sprintf("/var/lib/kubelet-%s:/var/lib/kubelet:shared", containerName),
			"/etc/machine-id:/etc/machine-id:ro",
		}
		isLink, err := util.IsSymlink("/etc/resolv.conf")
		if err != nil {
			return "", err
		}
		if isLink {
			logrus.Infof("[%s] symlinked [/etc/resolv.conf] file detected. Using [%s] as DNS server.", DINDPlane, dindDNS)
		} else {
			binds = append(binds, "/etc/resolv.conf:/etc/resolv.conf")
		}
		imageCfg := &container.Config{
			Image: DINDImage,
			Entrypoint: []string{
				"sh",
				"-c",
				"mount --make-shared / && " +
					"mount --make-shared /sys && " +
					"mount --make-shared /var/lib/docker && " +
					"dockerd-entrypoint.sh --storage-driver=" + storageDriver,
			},
			Hostname: dindAddress,
			Env:      []string{"DOCKER_TLS_CERTDIR="},
		}
		hostCfg := &container.HostConfig{
			Privileged: true,
			Binds:      binds,
			// this gets ignored if resolv.conf is bind mounted. So it's ok to have it anyway.
			DNS: []string{dindDNS},
			// Calico needs this
			Sysctls: map[string]string{
				"net.ipv4.conf.all.rp_filter": "1",
			},
		}
		resp, err := cli.ContainerCreate(ctx, imageCfg, hostCfg, nil, nil, containerName)
		if err != nil {
			return "", fmt.Errorf("Failed to create [%s] container on host [%s]: %v", containerName, cli.DaemonHost(), err)
		}

		if err := cli.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{}); err != nil {
			return "", fmt.Errorf("Failed to start [%s] container on host [%s]: %v", containerName, cli.DaemonHost(), err)
		}
		logrus.Infof("[%s] Successfully started [%s] container on host [%s]", DINDPlane, containerName, cli.DaemonHost())
		dindContainer, err := cli.ContainerInspect(ctx, containerName)
		if err != nil {
			return "", fmt.Errorf("Failed to get the address of container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)
		}
		dindIPAddress := dindContainer.NetworkSettings.IPAddress

		return dindIPAddress, nil
	}
	dindContainer, err := cli.ContainerInspect(ctx, containerName)
	if err != nil {
		return "", fmt.Errorf("Failed to get the address of container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)
	}
	dindIPAddress := dindContainer.NetworkSettings.IPAddress
	logrus.Infof("[%s] container [%s] is already running on host[%s]", DINDPlane, containerName, cli.DaemonHost())
	return dindIPAddress, nil
}

func RmoveDindContainer(ctx context.Context, dindAddress string) error {
	cli, err := client.NewEnvClient()
	if err != nil {
		return err
	}
	containerName := fmt.Sprintf("%s-%s", DINDContainerPrefix, dindAddress)
	logrus.Infof("[%s] Removing dind container [%s] on host [%s]", DINDPlane, containerName, cli.DaemonHost())
	_, err = cli.ContainerInspect(ctx, containerName)
	if err != nil {
		if !client.IsErrNotFound(err) {
			return nil
		}
	}
	if err := cli.ContainerRemove(ctx, containerName, types.ContainerRemoveOptions{
		Force:         true,
		RemoveVolumes: true}); err != nil {
		if client.IsErrNotFound(err) {
			logrus.Debugf("[remove/%s] Container doesn't exist on host [%s]", containerName, cli.DaemonHost())
			return nil
		}
		return fmt.Errorf("Failed to remove dind container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)
	}
	logrus.Infof("[%s] Successfully Removed dind container [%s] on host [%s]", DINDPlane, containerName, cli.DaemonHost())
	return nil
}
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`package dind`

			`import (`
			`"context"`
			`"fmt"`

			`"github.com/docker/docker/api/types"`
			`"github.com/docker/docker/api/types/container"`
			`"github.com/docker/docker/client"`
			`"github.com/rancher/rke/docker"`
Work around systemd-resolved for dind Add dind-dns-server option Set sysctl configration for calico 2019-01-22 00:46:08 +00:00			`"github.com/rancher/rke/util"`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`"github.com/sirupsen/logrus"`
			`)`

			`const (`
Update dind Docker to 19.03 2020-07-07 14:33:34 +00:00			`DINDImage = "docker:19.03.12-dind"`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`DINDContainerPrefix = "rke-dind"`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`DINDPlane = "dind"`
			`DINDNetwork = "dind-network"`
			`DINDSubnet = "172.18.0.0/16"`
			`)`

Work around systemd-resolved for dind Add dind-dns-server option Set sysctl configration for calico 2019-01-22 00:46:08 +00:00			`func StartUpDindContainer(ctx context.Context, dindAddress, dindNetwork, dindStorageDriver, dindDNS string) (string, error) {`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`cli, err := client.NewEnvClient()`
			`if err != nil {`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`return "", err`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`
			`// its recommended to use host's storage driver`
			`dockerInfo, err := cli.Info(ctx)`
			`if err != nil {`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`return "", err`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`
Add option for dind storage driver 2018-09-10 23:17:45 +00:00			`storageDriver := dindStorageDriver`
			`if len(storageDriver) == 0 {`
			`storageDriver = dockerInfo.Driver`
			`}`

Add dind mode to rke 2018-07-10 19:21:27 +00:00			`// Get dind container name`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`containerName := fmt.Sprintf("%s-%s", DINDContainerPrefix, dindAddress)`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`_, err = cli.ContainerInspect(ctx, containerName)`
			`if err != nil {`
			`if !client.IsErrNotFound(err) {`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`return "", err`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`
			`if err := docker.UseLocalOrPull(ctx, cli, cli.DaemonHost(), DINDImage, DINDPlane, nil); err != nil {`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`return "", err`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`
			`binds := []string{`
			`fmt.Sprintf("/var/lib/kubelet-%s:/var/lib/kubelet:shared", containerName),`
Test all CNI in CI 2021-06-23 11:15:03 +00:00			`"/etc/machine-id:/etc/machine-id:ro",`
Work around systemd-resolved for dind Add dind-dns-server option Set sysctl configration for calico 2019-01-22 00:46:08 +00:00			`}`
			`isLink, err := util.IsSymlink("/etc/resolv.conf")`
			`if err != nil {`
			`return "", err`
			`}`
			`if isLink {`
			`logrus.Infof("[%s] symlinked [/etc/resolv.conf] file detected. Using [%s] as DNS server.", DINDPlane, dindDNS)`
			`} else {`
			`binds = append(binds, "/etc/resolv.conf:/etc/resolv.conf")`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`
			`imageCfg := &container.Config{`
			`Image: DINDImage,`
			`Entrypoint: []string{`
			`"sh",`
			`"-c",`
			`"mount --make-shared / && " +`
Check rollout status in integration test 2020-05-29 12:43:24 +00:00			`"mount --make-shared /sys && " +`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`"mount --make-shared /var/lib/docker && " +`
			`"dockerd-entrypoint.sh --storage-driver=" + storageDriver,`
			`},`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`Hostname: dindAddress,`
Update dind Docker to 19.03 2020-07-07 14:33:34 +00:00			`Env: []string{"DOCKER_TLS_CERTDIR="},`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`
			`hostCfg := &container.HostConfig{`
			`Privileged: true,`
			`Binds: binds,`
Work around systemd-resolved for dind Add dind-dns-server option Set sysctl configration for calico 2019-01-22 00:46:08 +00:00			`// this gets ignored if resolv.conf is bind mounted. So it's ok to have it anyway.`
			`DNS: []string{dindDNS},`
			`// Calico needs this`
			`Sysctls: map[string]string{`
			`"net.ipv4.conf.all.rp_filter": "1",`
			`},`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`
update to k8s v1.21 and go 1.16 2021-04-29 21:07:38 +00:00			`resp, err := cli.ContainerCreate(ctx, imageCfg, hostCfg, nil, nil, containerName)`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`if err != nil {`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`return "", fmt.Errorf("Failed to create [%s] container on host [%s]: %v", containerName, cli.DaemonHost(), err)`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`

			`if err := cli.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{}); err != nil {`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`return "", fmt.Errorf("Failed to start [%s] container on host [%s]: %v", containerName, cli.DaemonHost(), err)`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`
			`logrus.Infof("[%s] Successfully started [%s] container on host [%s]", DINDPlane, containerName, cli.DaemonHost())`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`dindContainer, err := cli.ContainerInspect(ctx, containerName)`
			`if err != nil {`
			`return "", fmt.Errorf("Failed to get the address of container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)`
			`}`
			`dindIPAddress := dindContainer.NetworkSettings.IPAddress`

			`return dindIPAddress, nil`
			`}`
			`dindContainer, err := cli.ContainerInspect(ctx, containerName)`
			`if err != nil {`
			`return "", fmt.Errorf("Failed to get the address of container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`dindIPAddress := dindContainer.NetworkSettings.IPAddress`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`logrus.Infof("[%s] container [%s] is already running on host[%s]", DINDPlane, containerName, cli.DaemonHost())`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`return dindIPAddress, nil`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`}`

			`func RmoveDindContainer(ctx context.Context, dindAddress string) error {`
			`cli, err := client.NewEnvClient()`
			`if err != nil {`
			`return err`
			`}`
Use default docker bridge network instead of creating new network 2018-08-14 22:04:56 +00:00			`containerName := fmt.Sprintf("%s-%s", DINDContainerPrefix, dindAddress)`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`logrus.Infof("[%s] Removing dind container [%s] on host [%s]", DINDPlane, containerName, cli.DaemonHost())`
			`_, err = cli.ContainerInspect(ctx, containerName)`
			`if err != nil {`
			`if !client.IsErrNotFound(err) {`
			`return nil`
			`}`
			`}`
			`if err := cli.ContainerRemove(ctx, containerName, types.ContainerRemoveOptions{`
			`Force: true,`
			`RemoveVolumes: true}); err != nil {`
Remove statefile for dind remove 2020-07-15 08:53:05 +00:00			`if client.IsErrNotFound(err) {`
			`logrus.Debugf("[remove/%s] Container doesn't exist on host [%s]", containerName, cli.DaemonHost())`
			`return nil`
			`}`
Add dind mode to rke 2018-07-10 19:21:27 +00:00			`return fmt.Errorf("Failed to remove dind container [%s] on host [%s]: %v", containerName, cli.DaemonHost(), err)`
			`}`
			`logrus.Infof("[%s] Successfully Removed dind container [%s] on host [%s]", DINDPlane, containerName, cli.DaemonHost())`
			`return nil`
			`}`