From 88317efb42db763b9fb97cd1d9ac1465e62009d0 Mon Sep 17 00:00:00 2001 From: Victor Marmol Date: Sat, 19 Jul 2014 00:09:43 -0700 Subject: [PATCH] Add a pause image for the net container. The pause image is a 240KB image that simply pauses waiting on a signal. Use this for the net container which only needs to act as a placeholder. Current net image is ~2.5MB. From my tests, this reduces startup time for the net container from ~14s to ~6s. --- build/pause/Dockerfile | 3 ++ build/pause/pause.go | 8 ++++++ build/pause/prepare.sh | 6 ++++ pkg/kubelet/kubelet.go | 14 +++++---- third_party/pause/LICENSE | 19 +++++++++++++ third_party/pause/Makefile | 13 +++++++++ third_party/pause/pause.asm | 57 +++++++++++++++++++++++++++++++++++++ 7 files changed, 114 insertions(+), 6 deletions(-) create mode 100644 build/pause/Dockerfile create mode 100644 build/pause/pause.go create mode 100755 build/pause/prepare.sh create mode 100644 third_party/pause/LICENSE create mode 100644 third_party/pause/Makefile create mode 100644 third_party/pause/pause.asm diff --git a/build/pause/Dockerfile b/build/pause/Dockerfile new file mode 100644 index 0000000000000..7463c3e9f5a90 --- /dev/null +++ b/build/pause/Dockerfile @@ -0,0 +1,3 @@ +FROM scratch +ADD pause / +ENTRYPOINT ["/pause"] diff --git a/build/pause/pause.go b/build/pause/pause.go new file mode 100644 index 0000000000000..3af8097af449a --- /dev/null +++ b/build/pause/pause.go @@ -0,0 +1,8 @@ +package main + +import "syscall" + +func main() { + // Halts execution, waiting on signal. + syscall.Pause() +} diff --git a/build/pause/prepare.sh b/build/pause/prepare.sh new file mode 100755 index 0000000000000..64e85fdc2ae63 --- /dev/null +++ b/build/pause/prepare.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +set -e +set -x + +go build --ldflags '-extldflags "-static" -s' pause.go diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index 3f7850b92aa1f..ecfc7cc3ecbd2 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -541,7 +541,10 @@ func (kl *Kubelet) WatchEtcd(watchChannel <-chan *etcd.Response, updateChannel c } } -const networkContainerName = "net" +const ( + networkContainerName = "net" + networkContainerImage = "kubernetes/pause:latest" +) // Create a network container for a manifest. Returns the docker container ID of the newly created container. func (kl *Kubelet) createNetworkContainer(manifest *api.ContainerManifest) (DockerID, error) { @@ -552,12 +555,11 @@ func (kl *Kubelet) createNetworkContainer(manifest *api.ContainerManifest) (Dock ports = append(ports, container.Ports...) } container := &api.Container{ - Name: networkContainerName, - Image: "busybox", - Command: []string{"sh", "-c", "rm -f nap && mkfifo nap && exec cat nap"}, - Ports: ports, + Name: networkContainerName, + Image: networkContainerImage, + Ports: ports, } - kl.DockerPuller.Pull("busybox") + kl.DockerPuller.Pull(networkContainerImage) return kl.runContainer(manifest, container, nil, "") } diff --git a/third_party/pause/LICENSE b/third_party/pause/LICENSE new file mode 100644 index 0000000000000..2b5e5ff1ab5e3 --- /dev/null +++ b/third_party/pause/LICENSE @@ -0,0 +1,19 @@ +The Expat/MIT License + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/third_party/pause/Makefile b/third_party/pause/Makefile new file mode 100644 index 0000000000000..723b8a9c4c229 --- /dev/null +++ b/third_party/pause/Makefile @@ -0,0 +1,13 @@ +pause: pause.asm +ifneq ($(shell uname), Linux) + echo "Must build on Linux" + exit 1 +else + nasm -o $@ $< + chmod +x pause +endif + +all: pause + +clean: + rm -f pause diff --git a/third_party/pause/pause.asm b/third_party/pause/pause.asm new file mode 100644 index 0000000000000..90576d4ce1be7 --- /dev/null +++ b/third_party/pause/pause.asm @@ -0,0 +1,57 @@ +; This is heavily based on https://github.com/tianon/dockerfiles/tree/master/true +; which is in turn especially thanks to: +; http://blog.markloiseau.com/2012/05/tiny-64-bit-elf-executables/ + +BITS 64 + org 0x00400000 ; Program load offset + +; 64-bit ELF header +ehdr: + ; 1), 0 (ABI ver.) + db 0x7F, "ELF", 2, 1, 1, 0 ; e_ident + times 8 db 0 ; reserved (zeroes) + + dw 2 ; e_type: Executable file + dw 0x3e ; e_machine: AMD64 + dd 1 ; e_version: current version + dq _start ; e_entry: program entry address (0x78) + dq phdr - $$ ; e_phoff program header offset (0x40) + dq 0 ; e_shoff no section headers + dd 0 ; e_flags no flags + dw ehdrsize ; e_ehsize: ELF header size (0x40) + dw phdrsize ; e_phentsize: program header size (0x38) + dw 1 ; e_phnum: one program header + dw 0 ; e_shentsize + dw 0 ; e_shnum + dw 0 ; e_shstrndx + +ehdrsize equ $ - ehdr + +; 64-bit ELF program header +phdr: + dd 1 ; p_type: loadable segment + dd 5 ; p_flags read and execute + dq 0 ; p_offset + dq $$ ; p_vaddr: start of the current section + dq $$ ; p_paddr: " " + dq filesize ; p_filesz + dq filesize ; p_memsz + dq 0x200000 ; p_align: 2^11=200000 = section alignment + +; program header size +phdrsize equ $ - phdr + +_start: + ; pause() + + mov al, 34 ; pause syscall number + syscall + + ; sys_exit(return_code) + + mov al, 60 ; sys_exit syscall number + cdq ; Sign-extend eax into edi to return 0 (success) + syscall + +; File size calculation +filesize equ $ - $$