build/pause: write in C

Builds statically against glibc. References to the old pause image have been updated.
kubernetes · May 5, 2016 · f3690e2 · f3690e2
1 parent cfd7a99
commit f3690e2
Show file tree

Hide file tree

Showing 30 changed files with 137 additions and 91 deletions.
diff --git a/build/pause/.gitignore b/build/pause/.gitignore
@@ -0,0 +1,3 @@
+/.container-*
+/.push-*
+/bin
diff --git a/build/pause/Dockerfile b/build/pause/Dockerfile
@@ -13,5 +13,6 @@
 # limitations under the License.
 
 FROM scratch
-ADD pause /
+ARG ARCH
+ADD bin/pause-${ARCH} /pause
 ENTRYPOINT ["/pause"]
diff --git a/build/pause/Makefile b/build/pause/Makefile
@@ -12,42 +12,85 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-.PHONY:	build push
+.PHONY: all push push-legacy container clean
 
-TAG=2.0
-REGISTRY?="gcr.io/google_containers"
+REGISTRY ?= gcr.io/google_containers
+IMAGE = $(REGISTRY)/pause-$(ARCH)
+LEGACY_AMD64_IMAGE = $(REGISTRY)/pause
+
+TAG = 3.0
 
 # Architectures supported: amd64, arm, arm64 and ppc64le
-ARCH?=amd64
-GOLANG_VERSION=1.6
-TEMP_DIR:=$(shell mktemp -d)
+ARCH ?= amd64
+
+ALL_ARCH = amd64 arm arm64 ppc64le
+
+CFLAGS = -Os -Wall -static
+KUBE_CROSS_IMAGE ?= gcr.io/google_containers/kube-cross
+KUBE_CROSS_VERSION ?= $(shell cat ../build-image/cross/VERSION)
+
+BIN = pause
+SRCS = pause.c
 
-all: push-legacy-too
+ifeq ($(ARCH),amd64)
+	TRIPLE ?= x86_64-linux-gnu
+endif
 
-build:
-	cp pause.go Dockerfile $(TEMP_DIR)
+ifeq ($(ARCH),arm)
+	TRIPLE ?= arm-linux-gnueabi
+endif
 
-	docker run -it -v $(TEMP_DIR):/build golang:$(GOLANG_VERSION) /bin/bash -c \
-		"cd /build && CGO_ENABLED=0 GOARM=6 GOARCH=$(ARCH) go build -a -installsuffix cgo -ldflags '-w' ./pause.go"
+ifeq ($(ARCH),arm64)
+	TRIPLE ?= aarch64-linux-gnu
+endif
 
-ifeq ($(ARCH),$(filter $(ARCH),amd64 arm))
-# Run goupx for amd64 and arm. The condition above is equal to 'if [[ $ARCH == "amd64" || $ARCH == "arm" ]]' in bash
-	docker run -it -v $(TEMP_DIR):/build golang:$(GOLANG_VERSION) /bin/bash -c \
-		"cd /build && apt-get update && apt-get install -y upx \
-		&& go get github.com/pwaller/goupx && goupx pause"
+ifeq ($(ARCH),ppc64le)
+	TRIPLE ?= powerpc64le-linux-gnu
 endif
 
-	# And build the image
-	docker build -t $(REGISTRY)/pause-$(ARCH):$(TAG) $(TEMP_DIR)
+# If you want to build AND push all containers, see the 'all-push' rule.
+all: all-container
 
+sub-container-%:
+	$(MAKE) ARCH=$* container
+
+sub-push-%:
+	$(MAKE) ARCH=$* push
+
+all-container: $(addprefix sub-container-,$(ALL_ARCH))
+
+all-push: $(addprefix sub-push-,$(ALL_ARCH))
+
+build: bin/$(BIN)-$(ARCH)
+
+bin/$(BIN)-$(ARCH): $(SRCS)
+	mkdir -p bin
+	docker run -u $$(id -u):$$(id -g) -v $$(pwd):/build \
+		$(KUBE_CROSS_IMAGE):$(KUBE_CROSS_VERSION) \
+		/bin/bash -c "\
+			cd /build && \
+			$(TRIPLE)-gcc $(CFLAGS) -o $@ $^ && \
+			$(TRIPLE)-strip $@"
+
+container: .container-$(ARCH)
+.container-$(ARCH): bin/$(BIN)-$(ARCH)
+	docker build -t $(IMAGE):$(TAG) --build-arg ARCH=$(ARCH) .
 ifeq ($(ARCH),amd64)
-	docker tag -f $(REGISTRY)/pause-$(ARCH):$(TAG) $(REGISTRY)/pause:$(TAG)
+	docker tag -f $(IMAGE):$(TAG) $(LEGACY_AMD64_IMAGE):$(TAG)
 endif
+	touch $@
 
-push: build
-	gcloud docker --server=gcr.io push $(REGISTRY)/pause-$(ARCH):$(TAG)
+push: .push-$(ARCH)
+.push-$(ARCH): .container-$(ARCH)
+	gcloud docker push $(IMAGE):$(TAG)
+	touch $@
 
-push-legacy-too: push
+push-legacy: .push-legacy-$(ARCH)
+.push-legacy-$(ARCH): .container-$(ARCH)
 ifeq ($(ARCH),amd64)
-	gcloud docker push $(REGISTRY)/pause:$(TAG)
+	gcloud docker push $(LEGACY_AMD64_IMAGE):$(TAG)
 endif
+	touch $@
+
+clean:
+	rm -rf .container-* .push-* bin/
diff --git a/build/pause/pause.go → build/pause/pause.c b/build/pause/pause.go → build/pause/pause.c
@@ -1,7 +1,5 @@
-// +build linux
-
 /*
-Copyright 2014 The Kubernetes Authors All rights reserved.
+Copyright 2016 The Kubernetes Authors All rights reserved.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -16,18 +14,23 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package main
-
-import (
-	"os"
-	"os/signal"
-	"syscall"
-)
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
 
-func main() {
-	c := make(chan os.Signal, 1)
-	signal.Notify(c, os.Interrupt, os.Kill, syscall.SIGTERM)
+static void sigdown(int signo) {
+	psignal(signo, "shutting down, got signal");
+	exit(0);
+}
 
-	// Block until a signal is received.
-	<-c
+int main() {
+	if (signal(SIGINT, sigdown) == SIG_ERR)
+		return 1;
+	if (signal(SIGTERM, sigdown) == SIG_ERR)
+		return 2;
+	signal(SIGKILL, sigdown);
+	for (;;) pause();
+	fprintf(stderr, "error: infinite loop terminated\n");
+	return 42;
 }
diff --git a/cmd/integration/integration.go b/cmd/integration/integration.go
@@ -844,7 +844,7 @@ func runSchedulerNoPhantomPodsTest(client *client.Client) {
 			Containers: []api.Container{
 				{
 					Name:  "c1",
-					Image: "kubernetes/pause",
+					Image: "gcr.io/google_containers/pause-amd64:3.0",
 					Ports: []api.ContainerPort{
 						{ContainerPort: 1234, HostPort: 9999},
 					},

diff --git a/cmd/kubelet/app/options/options.go b/cmd/kubelet/app/options/options.go
@@ -40,16 +40,12 @@ const (
 	experimentalFlannelOverlay = false
 
 	defaultPodInfraContainerImageName    = "gcr.io/google_containers/pause"
-	defaultPodInfraContainerImageVersion = "2.0"
+	defaultPodInfraContainerImageVersion = "3.0"
 )
 
 // Returns the arch-specific pause image that kubelet should use as the default
 func GetDefaultPodInfraContainerImage() string {
-	if runtime.GOARCH == "amd64" {
-		return defaultPodInfraContainerImageName + ":" + defaultPodInfraContainerImageVersion
-	} else {
-		return defaultPodInfraContainerImageName + "-" + runtime.GOARCH + ":" + defaultPodInfraContainerImageVersion
-	}
+	return defaultPodInfraContainerImageName + "-" + runtime.GOARCH + ":" + defaultPodInfraContainerImageVersion
 }
 
 // KubeletServer encapsulates all of the parameters necessary for starting up

diff --git a/docs/admin/kubelet.md b/docs/admin/kubelet.md
@@ -130,7 +130,7 @@ kubelet
       --oom-score-adj=-999: The oom-score-adj value for kubelet process. Values must be within the range [-1000, 1000]
       --outofdisk-transition-frequency=5m0s: Duration for which the kubelet has to wait before transitioning out of out-of-disk node condition status. Default: 5m0s
       --pod-cidr="": The CIDR to use for pod IP addresses, only used in standalone mode.  In cluster mode, this is obtained from the master.
-      --pod-infra-container-image="gcr.io/google_containers/pause:2.0": The image whose network/ipc namespaces containers in each pod will use.
+      --pod-infra-container-image="gcr.io/google_containers/pause-amd64:3.0": The image whose network/ipc namespaces containers in each pod will use.
       --port=10250: The port for the Kubelet to serve on.
       --read-only-port=10255: The read-only port for the Kubelet to serve on with no authentication/authorization (set to 0 to disable)
       --really-crash-for-testing[=false]: If true, when panics occur crash. Intended for testing.
@@ -156,7 +156,7 @@ kubelet
       --volume-stats-agg-period=1m0s: Specifies interval for kubelet to calculate and cache the volume disk usage for all pods and volumes.  To disable volume calculations, set to 0.  Default: '1m'
 ```
 
-###### Auto generated by spf13/cobra on 21-Apr-2016
+###### Auto generated by spf13/cobra on 3-May-2016
 
 
 <!-- BEGIN MUNGE: GENERATED_ANALYTICS -->

diff --git a/hack/test-cmd.sh b/hack/test-cmd.sh
@@ -597,9 +597,9 @@ runTests() {
   kube::test::get_object_assert pods "{{range.items}}{{$image_field}}:{{end}}" 'changed-with-yaml:'
   ## Patch pod from JSON can change image
   # Command
-  kubectl patch "${kube_flags[@]}" -f docs/admin/limitrange/valid-pod.yaml -p='{"spec":{"containers":[{"name": "kubernetes-serve-hostname", "image": "kubernetes/pause"}]}}'
-  # Post-condition: valid-pod POD has image kubernetes/pause
-  kube::test::get_object_assert pods "{{range.items}}{{$image_field}}:{{end}}" 'kubernetes/pause:'
+  kubectl patch "${kube_flags[@]}" -f docs/admin/limitrange/valid-pod.yaml -p='{"spec":{"containers":[{"name": "kubernetes-serve-hostname", "image": "gcr.io/google_containers/pause-amd64:3.0"}]}}'
+  # Post-condition: valid-pod POD has image gcr.io/google_containers/pause-amd64:3.0
+  kube::test::get_object_assert pods "{{range.items}}{{$image_field}}:{{end}}" 'gcr.io/google_containers/pause-amd64:3.0:'
 
   ## If resourceVersion is specified in the patch, it will be treated as a precondition, i.e., if the resourceVersion is different from that is stored in the server, the Patch should be rejected
   ERROR_FILE="${KUBE_TEMP}/conflict-error"

diff --git a/hack/testdata/pod-with-precision.json b/hack/testdata/pod-with-precision.json
@@ -9,7 +9,7 @@
       "containers": [
         {
           "name": "kubernetes-pause",
-          "image": "kubernetes/pause"
+          "image": "gcr.io/google_containers/pause-amd64:3.0"
         }
       ],
       "restartPolicy": "Never",

diff --git a/test/e2e/cluster_size_autoscaling.go b/test/e2e/cluster_size_autoscaling.go
@@ -150,7 +150,7 @@ func ReserveCpu(f *framework.Framework, id string, millicores int) {
 		Name:       id,
 		Namespace:  f.Namespace.Name,
 		Timeout:    10 * time.Minute,
-		Image:      "gcr.io/google_containers/pause:2.0",
+		Image:      "gcr.io/google_containers/pause-amd64:3.0",
 		Replicas:   millicores / 100,
 		CpuRequest: 100,
 	}
@@ -164,7 +164,7 @@ func ReserveMemory(f *framework.Framework, id string, megabytes int) {
 		Name:       id,
 		Namespace:  f.Namespace.Name,
 		Timeout:    10 * time.Minute,
-		Image:      "gcr.io/google_containers/pause:2.0",
+		Image:      "gcr.io/google_containers/pause-amd64:3.0",
 		Replicas:   megabytes / 500,
 		MemRequest: 500 * 1024 * 1024,
 	}

diff --git a/test/e2e/daemon_restart.go b/test/e2e/daemon_restart.go
@@ -209,7 +209,7 @@ var _ = framework.KubeDescribe("DaemonRestart [Disruptive]", func() {
 			Client:      f.Client,
 			Name:        rcName,
 			Namespace:   ns,
-			Image:       "gcr.io/google_containers/pause:2.0",
+			Image:       "gcr.io/google_containers/pause-amd64:3.0",
 			Replicas:    numPods,
 			CreatedPods: &[]*api.Pod{},
 		}

diff --git a/test/e2e/density.go b/test/e2e/density.go
@@ -232,7 +232,7 @@ var _ = framework.KubeDescribe("Density", func() {
 			for i := 0; i < numberOrRCs; i++ {
 				RCName = "density" + strconv.Itoa(totalPods) + "-" + strconv.Itoa(i) + "-" + uuid
 				RCConfigs[i] = framework.RCConfig{Client: c,
-					Image:                "gcr.io/google_containers/pause:2.0",
+					Image:                "gcr.io/google_containers/pause-amd64:3.0",
 					Name:                 RCName,
 					Namespace:            ns,
 					Labels:               map[string]string{"type": "densityPod"},
@@ -460,7 +460,7 @@ var _ = framework.KubeDescribe("Density", func() {
 				}
 				for i := 1; i <= nodeCount; i++ {
 					name := additionalPodsPrefix + "-" + strconv.Itoa(i)
-					go createRunningPodFromRC(&wg, c, name, ns, "gcr.io/google_containers/pause:2.0", additionalPodsPrefix, cpuRequest, memRequest)
+					go createRunningPodFromRC(&wg, c, name, ns, "gcr.io/google_containers/pause-amd64:3.0", additionalPodsPrefix, cpuRequest, memRequest)
 					time.Sleep(200 * time.Millisecond)
 				}
 				wg.Wait()

diff --git a/test/e2e/etcd_failure.go b/test/e2e/etcd_failure.go
@@ -44,7 +44,7 @@ var _ = framework.KubeDescribe("Etcd failure [Disruptive]", func() {
 			Client:    f.Client,
 			Name:      "baz",
 			Namespace: f.Namespace.Name,
-			Image:     "gcr.io/google_containers/pause:2.0",
+			Image:     "gcr.io/google_containers/pause-amd64:3.0",
 			Replicas:  1,
 		})).NotTo(HaveOccurred())
 	})

diff --git a/test/e2e/kubelet.go b/test/e2e/kubelet.go
@@ -128,7 +128,7 @@ var _ = framework.KubeDescribe("kubelet", func() {
 					Client:    f.Client,
 					Name:      rcName,
 					Namespace: f.Namespace.Name,
-					Image:     "gcr.io/google_containers/pause:2.0",
+					Image:     "gcr.io/google_containers/pause-amd64:3.0",
 					Replicas:  totalPods,
 				})).NotTo(HaveOccurred())
 				// Perform a sanity check so that we know all desired pods are

diff --git a/test/e2e/kubelet_perf.go b/test/e2e/kubelet_perf.go
@@ -69,7 +69,7 @@ func runResourceTrackingTest(f *framework.Framework, podsPerNode int, nodeNames
 		Client:    f.Client,
 		Name:      rcName,
 		Namespace: f.Namespace.Name,
-		Image:     "gcr.io/google_containers/pause:2.0",
+		Image:     "gcr.io/google_containers/pause-amd64:3.0",
 		Replicas:  totalPods,
 	})).NotTo(HaveOccurred())
 

diff --git a/test/e2e/limit_range.go b/test/e2e/limit_range.go
@@ -176,7 +176,7 @@ func newTestPod(name string, requests api.ResourceList, limits api.ResourceList)
 			Containers: []api.Container{
 				{
 					Name:  "nginx",
-					Image: "gcr.io/google_containers/pause:2.0",
+					Image: "gcr.io/google_containers/pause-amd64:3.0",
 					Resources: api.ResourceRequirements{
 						Requests: requests,
 						Limits:   limits,

diff --git a/test/e2e/mesos.go b/test/e2e/mesos.go
@@ -94,7 +94,7 @@ var _ = framework.KubeDescribe("Mesos", func() {
 				Containers: []api.Container{
 					{
 						Name:  podName,
-						Image: "beta.gcr.io/google_containers/pause:2.0",
+						Image: "beta.gcr.io/google_containers/pause-amd64:3.0",
 					},
 				},
 			},

diff --git a/test/e2e/namespace.go b/test/e2e/namespace.go
@@ -97,7 +97,7 @@ func ensurePodsAreRemovedWhenNamespaceIsDeleted(f *framework.Framework) {
 			Containers: []api.Container{
 				{
 					Name:  "nginx",
-					Image: "gcr.io/google_containers/pause:2.0",
+					Image: "gcr.io/google_containers/pause-amd64:3.0",
 				},
 			},
 		},

diff --git a/test/e2e/nodeoutofdisk.go b/test/e2e/nodeoutofdisk.go
@@ -179,7 +179,7 @@ func createOutOfDiskPod(c *client.Client, ns, name string, milliCPU int64) {
 			Containers: []api.Container{
 				{
 					Name:  "pause",
-					Image: "beta.gcr.io/google_containers/pause:2.0",
+					Image: "beta.gcr.io/google_containers/pause-amd64:3.0",
 					Resources: api.ResourceRequirements{
 						Requests: api.ResourceList{
 							// Request enough CPU to fit only two pods on a given node.

diff --git a/test/e2e/pods.go b/test/e2e/pods.go
@@ -219,7 +219,7 @@ var _ = framework.KubeDescribe("Pods", func() {
 				Containers: []api.Container{
 					{
 						Name:  "test",
-						Image: "gcr.io/google_containers/pause:2.0",
+						Image: "gcr.io/google_containers/pause-amd64:3.0",
 					},
 				},
 			},
@@ -244,7 +244,7 @@ var _ = framework.KubeDescribe("Pods", func() {
 				Containers: []api.Container{
 					{
 						Name:  "nginx",
-						Image: "gcr.io/google_containers/pause:2.0",
+						Image: "gcr.io/google_containers/pause-amd64:3.0",
 						Resources: api.ResourceRequirements{
 							Limits: api.ResourceList{
 								api.ResourceCPU:    *resource.NewMilliQuantity(100, resource.DecimalSI),

diff --git a/test/e2e/resource_quota.go b/test/e2e/resource_quota.go
@@ -706,7 +706,7 @@ func newTestPodForQuota(name string, requests api.ResourceList, limits api.Resou
 			Containers: []api.Container{
 				{
 					Name:  "nginx",
-					Image: "gcr.io/google_containers/pause:2.0",
+					Image: "gcr.io/google_containers/pause-amd64:3.0",
 					Resources: api.ResourceRequirements{
 						Requests: requests,
 						Limits:   limits,