Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rebase hyperkube image on debian-hyperkube-base, based on debian-base. #48365

Merged
merged 1 commit into from
Aug 3, 2017
+135 −84
Merged

Rebase hyperkube image on debian-hyperkube-base, based on debian-base. #48365

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions build/debian-hyperkube-base/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
/cni-tars
37 changes: 37 additions & 0 deletions build/debian-hyperkube-base/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

FROM BASEIMAGE

# The samba-common, cifs-utils, and nfs-common packages depend on
# ucf, which itself depends on /bin/bash existing.
# It doesn't seem to actually need bash, however.
RUN ln -s /bin/sh /bin/bash

RUN echo CACHEBUST>/dev/null && clean-install \
iptables \
ebtables \
ethtool \
ca-certificates \
conntrack \
util-linux \
socat \
git \
jq \
nfs-common \
glusterfs-client \
cifs-utils \
ceph-common

COPY cni-bin/bin /opt/cni/bin
58 changes: 58 additions & 0 deletions build/debian-hyperkube-base/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Build the hyperkube base image. This image is used to build the hyperkube image.
#
# Usage:
# [ARCH=amd64] [REGISTRY="gcr.io/google-containers"] make (build|push)

REGISTRY?=gcr.io/google-containers
IMAGE?=debian-hyperkube-base
TAG=0.1
ARCH?=amd64
CACHEBUST?=1

BASEIMAGE=gcr.io/google-containers/debian-base-$(ARCH):0.1
CNI_RELEASE=0799f5732f2a11b329d9e3d51b9c8f2e3759f2ff

TEMP_DIR:=$(shell mktemp -d)
CNI_TARBALL=cni-$(ARCH)-$(CNI_RELEASE).tar.gz

.PHONY: all build push clean

all: push

cni-tars/$(CNI_TARBALL):
mkdir -p cni-tars/
cd cni-tars/ && curl -sSLO --retry 5 https://storage.googleapis.com/kubernetes-release/network-plugins/${CNI_TARBALL}

clean:
rm -rf cni-tars/

build: cni-tars/$(CNI_TARBALL)
cp Dockerfile $(TEMP_DIR)
cd $(TEMP_DIR) && sed -i "s|BASEIMAGE|$(BASEIMAGE)|g" Dockerfile

ifeq ($(CACHEBUST),1)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm guessing you want CACHEBUST to also redownload the cni-bins?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since the cni tars are tagged with a git sha, there's really no reason to ever re-download them at the same sha; OTOH, we probably do want to force apt-get to not be cached.

cd ${TEMP_DIR} && sed -i.back "s|CACHEBUST|$(shell uuidgen)|g" Dockerfile
endif

mkdir -p ${TEMP_DIR}/cni-bin
tar -xz -C ${TEMP_DIR}/cni-bin -f "cni-tars/${CNI_TARBALL}"

docker build --pull -t $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG) $(TEMP_DIR)
rm -rf $(TEMP_DIR)

push: build
gcloud docker -- push $(REGISTRY)/$(IMAGE)-$(ARCH):$(TAG)
33 changes: 33 additions & 0 deletions build/debian-hyperkube-base/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
### debian-hyperkube-base

Serves as the base image for `gcr.io/google-containers/hyperkube-${ARCH}`
images.

This image is compiled for multiple architectures.

#### How to release

If you're editing the Dockerfile or some other thing, please bump the `TAG` in the Makefile.

```console
# Build for linux/amd64 (default)
$ make push ARCH=amd64
# ---> gcr.io/google-containers/debian-hyperkube-base-amd64:TAG

$ make push ARCH=arm
# ---> gcr.io/google-containers/debian-hyperkube-base-arm:TAG

$ make push ARCH=arm64
# ---> gcr.io/google-containers/debian-hyperkube-base-arm64:TAG

$ make push ARCH=ppc64le
# ---> gcr.io/google-containers/debian-hyperkube-base-ppc64le:TAG

$ make push ARCH=s390x
# ---> gcr.io/google-containers/debian-hyperkube-base-s390x:TAG
```

If you don't want to push the images, run `make build` instead


[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/build/debian-hyperkube-base/README.md?pixel)]()
28 changes: 0 additions & 28 deletions cluster/images/hyperkube/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,34 +14,6 @@

FROM BASEIMAGE

# If we're building for another architecture than amd64, the CROSS_BUILD_ placeholder is removed so e.g. CROSS_BUILD_COPY turns into COPY
# If we're building normally, for amd64, CROSS_BUILD lines are removed
CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/

RUN DEBIAN_FRONTEND=noninteractive apt-get update -y \
&& DEBIAN_FRONTEND=noninteractive apt-get -yy -q install \
iptables \
ebtables \
ethtool \
ca-certificates \
conntrack \
util-linux \
socat \
git \
jq \
nfs-common \
glusterfs-client \
cifs-utils \
ceph-common \
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \
&& DEBIAN_FRONTEND=noninteractive apt-get autoremove -y \
&& DEBIAN_FRONTEND=noninteractive apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # CACHEBUST

RUN cp /usr/bin/nsenter /nsenter

# Copy the the cni-bin folder into /opt/cni/bin
COPY cni-bin/bin /opt/cni/bin

# Create symlinks for each hyperkube server
# Also create symlinks to /usr/local/bin/ where the server image binaries live, so the hyperkube image may be
# used instead of gcr.io/google_containers/kube-* without any modifications.
Expand Down
62 changes: 6 additions & 56 deletions cluster/images/hyperkube/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,44 +15,14 @@
# Build the hyperkube image.
#
# Usage:
# [ARCH=amd64] [REGISTRY="gcr.io/google_containers"] make (build|push) VERSION={some_released_version_of_kubernetes}
# [ARCH=amd64] [REGISTRY="gcr.io/google-containers"] make (build|push) VERSION={some_released_version_of_kubernetes}

REGISTRY?=gcr.io/google_containers
REGISTRY?=gcr.io/google-containers
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, is this the same repository?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in older versions of docker (pre-1.5 I think) dashes weren't allowed in the registry, so we had to use google_containers, which was an alias of the real registry, which comes from the GCP project name, google-containers.

I'm slowly trying to standardize everything on google-containers. In most places they are interchangeable, though sideloading might cause issues if we are inconsistent, and some gcloud commands don't handle the underscored alias properly.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My worry is the inconsistency...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that ship has already sailed...

$ sift --no-group "gcr\\.io/google-containers" | wc -l
95
$ sift --no-group "gcr\\.io/google_containers" | wc -l
526

I've considering doing a s/google_containers/google-containers/, though I'm not sure what I might break. :P

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#48956

ARCH?=amd64
TEMP_DIR:=$(shell mktemp -d -t hyperkubeXXXXXX)
CNI_RELEASE=0799f5732f2a11b329d9e3d51b9c8f2e3759f2ff
CACHEBUST?=1
QEMUVERSION=v2.7.0
HYPERKUBE_BIN?=_output/dockerized/bin/linux/${ARCH}/hyperkube
HOSTARCH?=amd64

UNAME_S:=$(shell uname -s)
ifeq ($(UNAME_S),Darwin)
SED_CMD?=sed -i ""
endif
ifeq ($(UNAME_S),Linux)
SED_CMD?=sed -i
endif
HYPERKUBE_BIN?=_output/dockerized/bin/linux/$(ARCH)/hyperkube

ifeq ($(ARCH),amd64)
BASEIMAGE?=debian:jessie
endif
ifeq ($(ARCH),arm)
BASEIMAGE?=armhf/debian:jessie
QEMUARCH=arm
endif
ifeq ($(ARCH),arm64)
BASEIMAGE?=aarch64/debian:jessie
QEMUARCH=aarch64
endif
ifeq ($(ARCH),ppc64le)
BASEIMAGE?=ppc64le/debian:jessie
QEMUARCH=ppc64le
endif
ifeq ($(ARCH),s390x)
BASEIMAGE?=s390x/debian:jessie
QEMUARCH=s390x
endif
BASEIMAGE=gcr.io/google-containers/debian-hyperkube-base-$(ARCH):0.1
TEMP_DIR:=$(shell mktemp -d -t hyperkubeXXXXXX)

all: build

Expand All @@ -62,31 +32,11 @@ ifndef VERSION
$(error VERSION is undefined)
endif
cp -r ./* ${TEMP_DIR}
mkdir -p ${TEMP_DIR}/cni-bin

cp ../../../${HYPERKUBE_BIN} ${TEMP_DIR}

chmod a+rx ${TEMP_DIR}/hyperkube

cd ${TEMP_DIR} && sed -i.back "s|ARCH|${QEMUARCH}|g" Dockerfile
cd ${TEMP_DIR} && sed -i.back "s|BASEIMAGE|${BASEIMAGE}|g" Dockerfile
ifeq ($(CACHEBUST),1)
cd ${TEMP_DIR} && sed -i.back "s|CACHEBUST|$(shell uuidgen)|g" Dockerfile
endif

ifeq ($(ARCH),$(HOSTARCH))
# When building "normally", remove the whole line, it has no part in the image
cd ${TEMP_DIR} && ${SED_CMD} "/CROSS_BUILD_/d" Dockerfile
else
cd ${TEMP_DIR} && ${SED_CMD} "s/CROSS_BUILD_//g" Dockerfile

# When cross-building, only the placeholder "CROSS_BUILD_" should be removed
# Register /usr/bin/qemu-ARCH-static as the handler for ARM binaries in the kernel
docker run --rm --privileged multiarch/qemu-user-static:register --reset
curl -sSL --retry 5 https://github.com/multiarch/qemu-user-static/releases/download/$(QEMUVERSION)/x86_64_qemu-${QEMUARCH}-static.tar.gz | tar -xz -C ${TEMP_DIR}
endif
# Download CNI
curl -sSL --retry 5 https://storage.googleapis.com/kubernetes-release/network-plugins/cni-${ARCH}-${CNI_RELEASE}.tar.gz | tar -xz -C ${TEMP_DIR}/cni-bin

docker build --pull -t ${REGISTRY}/hyperkube-${ARCH}:${VERSION} ${TEMP_DIR}
rm -rf "${TEMP_DIR}"
Expand All @@ -99,4 +49,4 @@ ifeq ($(ARCH),amd64)
gcloud docker -- push ${REGISTRY}/hyperkube:${VERSION}
endif

.PHONY: all
.PHONY: build push all