openstack
/
magnum
Code Issues Proposed changes

Build images in the ci 

Use docker.io/openstackmagnumtest initially.

Change-Id: Idfb5ba636df2928e2e3e5248fdcaabd63160a4a4
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
changes/20/585420/30
Spyros Trigazis 2018-10-29 11:26:38 +01:00
parent 844e4db2a9
commit 20d965c864
57 changed files with 1998 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
.zuul.yaml
View File

@ -1,3 +1,29 @@
- secret:
name: magnum_docker_login
data:
user: !encrypted/pkcs1-oaep
- rxOFTiiWYyvD5fzSRM3uMXoLKAF9rUzgY3AhyLbIkQ5dUfKO8cJ5zasJG+3qVOyT6hjOO
sCkWC7Cta74cxDr7cMjH4m80R8hD5o6/Q7m3xMnwRz/6s12vpd1LXOMp6R7ahXCmH/Cxe
2O7UeFUN7vX0JKIWw47ioitqqQ1GywFzBgiCN9f8Qg7sIdaner5MmQD+3x8XmqKMEqr88
/j2Nxc4UHvhK+zkjDMM21+7RH33vC2KVteA8hbnKLd621D+8ocPQRihdQ221xiXtij38C
hTSHvYYgphEbZK2G/iwbG+Ol+orc215UE+ZnDXrxI6f20rit2KVboaWrUkuKgwHqJJ8mx
SQ/QFFhe4gW2b3WkB18eDb1APob+sGFCxd6gjWO9DjOK2LTpioUQPfgMNDU1JJ4p0HlIl
mHI7PK4LrX5jZzguA+NRj+vg7+7R78wWD0U6kM/nhouIK19VMEfL1DslJ+nqvLoniod6u
sztgHJ7EEqrrUAsOE2PssGt5wRZpqx5w8+KiFFFrsVcOtHmGBh3DwUNTGMtMpcq5XTICx
+7/irRonpxElqsdCZNKtzv/zmAioiwHLaZZPyDrzk80QyIUc9ljCEuQgCLbDM0jVZjntY
c+S6EYqYuAUPymMZ9p/ctRIDIU1dzvwnlddOc4IF34iqUCmTrI527pRBStjqdU=
password: !encrypted/pkcs1-oaep
- Vcw08awGz2D3UAr2ceufpOJHAP9kkUqenjlChN2gSd1GIUpsehJY0fmAYQNZ4y6CH97Cu
7Z4lGRf+UV0Ql/QlJXkdlEHhrmdzAE391y1bpzzP583R5zSJHlLqEFL12Wf4mM62LGGTw
HaJzWvwUzKxmHuJQddLNN+NvXsdU2he4gGViG5gmOmr9wKrxjp/T9hVhYcR8eLxGg9/Bo
JzGabDgl/PdtXVzCS9Xhg6RP1Vdq/JeVPNuERFYvZWM7YvxbTXMRp7/V83tLy7UtCXusi
ge8LaYgTMuBMioBaD7snmI08HZilo34hKg5fRHkf4ZRvbC+baJxEumSX5zfWoO10Jw8Dc
4FK8d0O2+2erAwvyZIWSdj/EGlwUqPJ0qHIMbOl3ahMEHujQ42UHhtUpYS4kMEdBcdOOU
C3eruiqligGbClK3Mpf1MVlJC8jmkeRofseQmSt7arQ6RAlMn64k8kr1/biMs0saaGKbw
Nw7PhUQTf67yemJvB1zHOI4i9SEkApRNoBmtOe9UxeJxlsDnvOUUteOja3EnIrdIt8Qnk
N+yvPc0MhDVNU0SHJp+AiHJ6jk/tXDkKNnoZJH0BHGPDNp+/pC2ckLxzOrXLPGJkVglwA
4gTl0N/3dRouxVITTmeVwGfffCo/jrdrr1gIr5FAzbiz2jQxF0OOXqRA1YRHn8=
- job:
name: magnum-functional-base
parent: legacy-dsvm-base
@ -25,6 +51,7 @@
- ^specs/.*$
- ^install-guide/.*$
- ^releasenotes/.*$
- ^dockerfiles/.*$
vars:
ironic: 0
ceilometer: 0
@ -61,6 +88,7 @@
- ^specs/.*$
- ^install-guide/.*$
- ^releasenotes/.*$
- ^dockerfiles/.*$
vars:
ironic: 0
ceilometer: 0
@ -269,6 +297,29 @@
vars:
image_name: centos-dcos
- job:
name: container-build
pre-run: playbooks/container-builder-setup-gate.yaml
run: playbooks/container-builder.yaml
post-run: playbooks/container-builder-copy-logs.yaml
timeout: 1200
irrelevant-files:
- ^.*\.rst$
- ^api-ref/.*$
- ^doc/.*$
- ^specs/.*$
- ^install-guide/.*$
- ^releasenotes/.*$
- ^magnum/.*$
- job:
name: container-publish
parent: container-build
post-run: playbooks/container-publish.yaml
secrets:
- magnum_docker_login
timeout: 1200
- project:
templates:
- openstack-cover-jobs
@ -286,6 +337,7 @@
- magnum-functional-swarm-mode
- openstack-tox-cover:
voting: false
- container-build
gate:
queue: magnum
jobs:
@ -304,3 +356,6 @@
- magnum-dib-buildimage-fedora-atomic-25
- magnum-dib-buildimage-ubuntu-mesos
- magnum-dib-buildimage-centos-dcos
post:
jobs:
- container-publish

0
magnum/drivers/common/image/heat-container-agent/Dockerfile → dockerfiles/heat-container-agent/Dockerfile
View File

0
magnum/drivers/common/image/heat-container-agent/config.json.template → dockerfiles/heat-container-agent/config.json.template
View File

0
magnum/drivers/common/image/heat-container-agent/launch → dockerfiles/heat-container-agent/launch
View File

0
magnum/drivers/common/image/heat-container-agent/manifest.json → dockerfiles/heat-container-agent/manifest.json
View File

0
magnum/drivers/common/image/heat-container-agent/scripts/50-heat-config-docker-compose → dockerfiles/heat-container-agent/scripts/50-heat-config-docker-compose
View File

0
magnum/drivers/common/image/heat-container-agent/scripts/55-heat-config → dockerfiles/heat-container-agent/scripts/55-heat-config
View File

0
magnum/drivers/common/image/heat-container-agent/scripts/configure_container_agent.sh → dockerfiles/heat-container-agent/scripts/configure_container_agent.sh
View File

0
magnum/drivers/common/image/heat-container-agent/scripts/heat-config-notify → dockerfiles/heat-container-agent/scripts/heat-config-notify
View File

0
magnum/drivers/common/image/heat-container-agent/scripts/hooks/atomic → dockerfiles/heat-container-agent/scripts/hooks/atomic
View File

0
magnum/drivers/common/image/heat-container-agent/scripts/hooks/docker-compose → dockerfiles/heat-container-agent/scripts/hooks/docker-compose
View File

0
magnum/drivers/common/image/heat-container-agent/scripts/hooks/script → dockerfiles/heat-container-agent/scripts/hooks/script
View File

0
magnum/drivers/common/image/heat-container-agent/scripts/write-os-apply-config-templates.sh → dockerfiles/heat-container-agent/scripts/write-os-apply-config-templates.sh
View File

0
magnum/drivers/common/image/heat-container-agent/service.template → dockerfiles/heat-container-agent/service.template
View File

0
magnum/drivers/common/image/heat-container-agent/tmpfiles.template → dockerfiles/heat-container-agent/tmpfiles.template
View File

39
dockerfiles/kubernetes-apiserver/Dockerfile Normal file
View File

@ -0,0 +1,39 @@
ARG KUBE_VERSION=v1.13.0
FROM registry.fedoraproject.org/fedora:rawhide
RUN curl -o /root/kubectl -O https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubectl
FROM gcr.io/google-containers/kube-apiserver-amd64:${KUBE_VERSION}
ENV container=docker
ENV NAME=kubernetes-apiserver VERSION=0.1 RELEASE=8 ARCH=x86_64
LABEL bzcomponent="$NAME" \
name="$FGC/$NAME" \
version="$VERSION" \
release="$RELEASE.$DISTTAG" \
architecture="$ARCH" \
atomic.type='system' \
maintainer="Jason Brooks <jbrooks@redhat.com>"
COPY launch.sh /usr/bin/kube-apiserver-docker.sh
COPY service.template config.json.template /exports/
# copy kubectl into the host, another way to do this would be:
#
# echo "runc exec -- kube-apiserver /usr/bin/kubectl \$@" \
# > /exports/hostfs/usr/local/bin/kubectl && chmod +x \
# /exports/hostfs/usr/local/bin/kubectl
#
# however, this would require hard-coding the container name
COPY apiserver config /etc/kubernetes/
RUN mkdir -p /exports/hostfs/usr/local/bin/
COPY --from=0 /root/kubectl /exports/hostfs/usr/local/bin/
RUN chmod +x /exports/hostfs/usr/local/bin/kubectl && \
mkdir -p /exports/hostfs/etc/kubernetes && \
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
cp /etc/kubernetes/apiserver /exports/hostfs/etc/kubernetes/
ENTRYPOINT ["/usr/bin/kube-apiserver-docker.sh"]

26
dockerfiles/kubernetes-apiserver/apiserver Normal file
View File

@ -0,0 +1,26 @@
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#
# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
# The port on the local server to listen on.
# KUBE_API_PORT="--port=8080"
# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"
# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379,http://127.0.0.1:4001"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
# Add your own!
KUBE_API_ARGS=""

22
dockerfiles/kubernetes-apiserver/config Normal file
View File

@ -0,0 +1,22 @@
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
# kube-apiserver.service
# kube-controller-manager.service
# kube-scheduler.service
# kubelet.service
# kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"
# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://127.0.0.1:8080"

192
dockerfiles/kubernetes-apiserver/config.json.template Normal file
View File

@ -0,0 +1,192 @@
{
"ociVersion": "1.0.0",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": false,
"user": {
"uid": 996,
"gid": 994
},
"args": [
"/usr/bin/kube-apiserver-docker.sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": "/",
"capabilities": {
"bounding": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_DAC_READ_SEARCH"
],
"permitted": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_DAC_READ_SEARCH"
],
"inheritable": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_DAC_READ_SEARCH"
],
"effective": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_DAC_READ_SEARCH"
],
"ambient": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_DAC_READ_SEARCH"
]
},
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 131072,
"soft": 131072
}
]
},
"root": {
"path": "rootfs",
"readonly": true
},
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"destination": "/dev/mqueue",
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
},
{
"type": "bind",
"source": "/etc/kubernetes",
"destination": "/etc/kubernetes",
"options": [
"rbind",
"ro",
"rprivate"
]
},
{
"destination": "/etc/resolv.conf",
"type": "bind",
"source": "/etc/resolv.conf",
"options": [
"ro",
"rbind",
"rprivate"
]
},
{
"destination": "/var/run/kubernetes",
"type": "bind",
"source": "/var/run/kubernetes",
"options": [
"rw",
"rbind"
]
}
],
"linux": {
"resources": {
"devices": [
{
"allow": false,
"access": "rwm"
}
]
},
"namespaces": [
{
"type": "pid"
},
{
"type": "ipc"
},
{
"type": "mount"
}
],
"devices": null,
"apparmorProfile": ""
}
}

10
dockerfiles/kubernetes-apiserver/launch.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
. /etc/kubernetes/apiserver
. /etc/kubernetes/config
ARGS="$@ $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_ETCD_SERVERS $KUBE_API_ADDRESS $KUBE_API_PORT $KUBELET_PORT $KUBE_ALLOW_PRIV $KUBE_SERVICE_ADDRESSES $KUBE_ADMISSION_CONTROL $KUBE_API_ARGS"
ARGS=$(echo $ARGS | sed s#--tls-ca-file=/etc/kubernetes/certs/ca.crt##)
exec /usr/local/bin/kube-apiserver $ARGS

12
dockerfiles/kubernetes-apiserver/service.template Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=kubernetes-apiserver
[Service]
ExecStart=$EXEC_START
ExecStop=$EXEC_STOP
Restart=on-failure
WorkingDirectory=$DESTDIR
[Install]
WantedBy=multi-user.target

0
dockerfiles/kubernetes-apiserver/sources Normal file
View File

24
dockerfiles/kubernetes-controller-manager/Dockerfile Normal file
View File

@ -0,0 +1,24 @@
ARG KUBE_VERSION=v1.13.0
FROM gcr.io/google-containers/kube-controller-manager-amd64:${KUBE_VERSION}
ENV container=docker
ENV NAME=kubernetes-controller-manager VERSION=0.1 RELEASE=8 ARCH=x86_64
LABEL bzcomponent="$NAME" \
name="$FGC/$NAME" \
version="$VERSION" \
release="$RELEASE.$DISTTAG" \
architecture="$ARCH" \
atomic.type='system' \
maintainer="Jason Brooks <jbrooks@redhat.com>"
COPY launch.sh /usr/bin/kube-controller-manager-docker.sh
COPY service.template config.json.template /exports/
COPY controller-manager config /etc/kubernetes/
RUN mkdir -p /exports/hostfs/etc/kubernetes && \
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
cp /etc/kubernetes/controller-manager /exports/hostfs/etc/kubernetes/
ENTRYPOINT ["/usr/bin/kube-controller-manager-docker.sh"]

22
dockerfiles/kubernetes-controller-manager/config Normal file
View File

@ -0,0 +1,22 @@
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
# kube-apiserver.service
# kube-controller-manager.service
# kube-scheduler.service
# kubelet.service
# kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"
# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://127.0.0.1:8080"

183
dockerfiles/kubernetes-controller-manager/config.json.template Normal file
View File

@ -0,0 +1,183 @@
{
"ociVersion": "1.0.0",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": false,
"user": {
"uid": 996,
"gid": 994
},
"args": [
"/usr/bin/kube-controller-manager-docker.sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": "/",
"capabilities": {
"bounding": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_DAC_READ_SEARCH"
],
"permitted": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_DAC_READ_SEARCH"
],
"inheritable": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_DAC_READ_SEARCH"
],
"effective": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_DAC_READ_SEARCH"
],
"ambient": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_DAC_READ_SEARCH"
]
},
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 131072,
"soft": 131072
}
]
},
"root": {
"path": "rootfs",
"readonly": true
},
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"destination": "/dev/mqueue",
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
},
{
"type": "bind",
"source": "/etc/kubernetes",
"destination": "/etc/kubernetes",
"options": [
"rbind",
"ro",
"rprivate"
]
},
{
"destination": "/etc/resolv.conf",
"type": "bind",
"source": "/etc/resolv.conf",
"options": [
"ro",
"rbind",
"rprivate"
]
}
],
"linux": {
"resources": {
"devices": [
{
"allow": false,
"access": "rwm"
}
]
},
"namespaces": [
{
"type": "pid"
},
{
"type": "ipc"
},
{
"type": "mount"
}
],
"devices": null,
"apparmorProfile": ""
}
}

7
dockerfiles/kubernetes-controller-manager/controller-manager Normal file
View File

@ -0,0 +1,7 @@
###
# The following values are used to configure the kubernetes controller-manager
# defaults from config and apiserver should be adequate
# Add your own!
KUBE_CONTROLLER_MANAGER_ARGS=""

10
dockerfiles/kubernetes-controller-manager/launch.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
. /etc/kubernetes/controller-manager
. /etc/kubernetes/config
ARGS="$@ $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_CONTROLLER_MANAGER_ARGS"
ARGS="${ARGS} --secure-port=0"
exec /usr/local/bin/kube-controller-manager $ARGS

12
dockerfiles/kubernetes-controller-manager/service.template Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=kubernetes-controller-manager
[Service]
ExecStart=$EXEC_START
ExecStop=$EXEC_STOP
Restart=on-failure
WorkingDirectory=$DESTDIR
[Install]
WantedBy=multi-user.target

0
dockerfiles/kubernetes-controller-manager/sources Normal file
View File

24
dockerfiles/kubernetes-kubelet/Dockerfile Normal file
View File

@ -0,0 +1,24 @@
ARG KUBE_VERSION=v1.13.0
FROM gcr.io/google-containers/hyperkube-amd64:${KUBE_VERSION}
ENV container=docker
ENV NAME=kubernetes-kubelet VERSION=0 RELEASE=8 ARCH=x86_64
LABEL bzcomponent="$NAME" \
name="$FGC/$NAME" \
version="$VERSION" \
release="$RELEASE.$DISTTAG" \
architecture="$ARCH" \
atomic.type='system' \
maintainer="Jason Brooks <jbrooks@redhat.com>"
COPY launch.sh /usr/bin/kubelet-docker.sh
COPY kubelet config /etc/kubernetes/
COPY manifest.json tmpfiles.template service.template config.json.template /exports/
RUN mkdir -p /exports/hostfs/etc/cni/net.d && \
mkdir -p /exports/hostfs/etc/kubernetes && \
cp /etc/kubernetes/{config,kubelet} /exports/hostfs/etc/kubernetes
ENTRYPOINT ["/usr/bin/kubelet-docker.sh"]

22
dockerfiles/kubernetes-kubelet/config Normal file
View File

@ -0,0 +1,22 @@
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
# kube-apiserver.service
# kube-controller-manager.service
# kube-scheduler.service
# kubelet.service
# kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"
# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://127.0.0.1:8080"

424
dockerfiles/kubernetes-kubelet/config.json.template Normal file
View File

@ -0,0 +1,424 @@
{
"ociVersion": "1.0.0",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": false,
"user": {},
"args": [
"/usr/bin/kubelet-docker.sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"noNewPrivileges": false,
"cwd": "/",
"capabilities": {
"bounding": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
],
"permitted": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
],
"inheritable": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
],
"effective": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
],
"ambient": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
]
},
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 131072,
"soft": 131072
}
]
},
"root": {
"path": "rootfs",
"readonly": true
},
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"source": "/dev",
"destination": "/dev",
"type": "bind",
"options": [
"rbind",
"rslave"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"type": "bind",
"source": "/sys",
"destination": "/sys",
"options": [
"rbind",
"rw"
]
},
{
"type": "bind",
"source": "/etc/cni/net.d",
"destination": "/etc/cni/net.d",
"options": [
"bind",
"slave",
"rw",
"mode=777"
]
},
{
"type": "bind",
"source": "/etc/kubernetes",
"destination": "/etc/kubernetes",
"options": [
"rbind",
"ro",
"rprivate"
]
},
{
"type": "bind",
"source": "/etc/localtime",
"destination": "/etc/localtime",
"options": [
"rbind",
"ro"
]
},
{
"type": "bind",
"source": "/etc/hosts",
"destination": "/etc/hosts",
"options": [
"rbind",
"ro"
]
},
{
"type": "bind",
"source": "/etc/pki",
"destination": "/etc/pki",
"options": [
"bind",
"ro"
]
},
{
"destination": "/etc/resolv.conf",
"type": "bind",
"source": "/etc/resolv.conf",
"options": [
"ro",
"bind"
]
},
{
"type": "bind",
"source": "/",
"destination": "/rootfs",
"options": [
"rbind",
"rslave",
"ro"
]
},
{
"type": "bind",
"source": "/var/run/secrets",
"destination": "/var/run/secrets",
"options": [
"rbind",
"rw",
"mode=755"
]
},
{
"type": "bind",
"source": "${RUN_DIRECTORY}",
"destination": "/run",
"options": [
"rbind",
"rw",
"mode=755"
]
},
{
"type": "bind",
"source": "${STATE_DIRECTORY}",
"destination": "/var/lib",
"options": [
"bind",
"rw",
"mode=755"
]
},
{
"type": "bind",
"source": "${STATE_DIRECTORY}/kubelet",
"destination": "/var/lib/kubelet",
"options": [
"rbind",
"rshared",
"rw",
"mode=755"
]
},
{
"type": "bind",
"source": "/var/log",
"destination": "/var/log",
"options": [
"bind",
"rw",
"mode=755"
]
},
{
"destination": "/tmp",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"mode=755",
"size=65536k"
]
}
$ADDTL_MOUNTS
],
"linux": {
"rootfsPropagation": "rslave",
"resources": {
"devices": [
{
"allow": true,
"access": "rwm"
}
]
},
"namespaces": [
{
"type": "mount"
}
],
"devices": null,
"apparmorProfile": ""
}
}

17
dockerfiles/kubernetes-kubelet/kubelet Normal file
View File

@ -0,0 +1,17 @@
###
# kubernetes kubelet (minion) config
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=127.0.0.1"
# The port for the info server to serve on
# KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname-override=127.0.0.1"
# Edit the kubelet.kubeconfig to have correct cluster server address
KUBELET_KUBECONFIG=/etc/kubernetes/kubelet.kubeconfig
# Add your own!
KUBELET_ARGS="--cgroup-driver=systemd --fail-swap-on=false"

12
dockerfiles/kubernetes-kubelet/launch.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
. /etc/kubernetes/kubelet
. /etc/kubernetes/config
TEMP_KUBELET_ARGS='--cgroups-per-qos=false --enforce-node-allocatable='
ARGS="$@ $TEMP_KUBELET_ARGS $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBELET_API_SERVER $KUBELET_ADDRESS $KUBELET_PORT $KUBELET_HOSTNAME $KUBE_ALLOW_PRIV $KUBELET_ARGS"
ARGS=$(echo $ARGS | sed s/--cadvisor-port=0//)
exec /hyperkube kubelet $ARGS --containerized

6
dockerfiles/kubernetes-kubelet/manifest.json Normal file
View File

@ -0,0 +1,6 @@
{
"version": "1.0",
"defaultValues": {
"ADDTL_MOUNTS": ""
}
}

13
dockerfiles/kubernetes-kubelet/service.template Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=kubernetes-kubelet
After=docker.service
[Service]
ExecStart=$EXEC_START
ExecStop=$EXEC_STOP
Restart=on-failure
WorkingDirectory=$DESTDIR
[Install]
WantedBy=multi-user.target

0
dockerfiles/kubernetes-kubelet/sources Normal file
View File

3
dockerfiles/kubernetes-kubelet/tmpfiles.template Normal file
View File

@ -0,0 +1,3 @@
d ${STATE_DIRECTORY}/kubelet - - - - -
d /var/lib/cni - - - - -
d /var/run/secrets - - - - -

24
dockerfiles/kubernetes-proxy/Dockerfile Normal file
View File

@ -0,0 +1,24 @@
ARG KUBE_VERSION=v1.13.0
FROM gcr.io/google-containers/kube-proxy-amd64:${KUBE_VERSION}
ENV container=docker
ENV NAME=kubernetes-proxy VERSION=0 RELEASE=8 ARCH=x86_64
LABEL bzcomponent="$NAME" \
name="$FGC/$NAME" \
version="$VERSION" \
release="$RELEASE.$DISTTAG" \
architecture="$ARCH" \
atomic.type='system' \
maintainer="Jason Brooks <jbrooks@redhat.com>"
COPY launch.sh /usr/bin/kube-proxy-docker.sh
COPY service.template config.json.template /exports/
COPY proxy config /etc/kubernetes/
RUN mkdir -p /exports/hostfs/etc/kubernetes && \
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
cp /etc/kubernetes/proxy /exports/hostfs/etc/kubernetes/
ENTRYPOINT ["/usr/bin/kube-proxy-docker.sh"]

22
dockerfiles/kubernetes-proxy/config Normal file
View File

@ -0,0 +1,22 @@
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
# kube-apiserver.service
# kube-controller-manager.service
# kube-scheduler.service
# kubelet.service
# kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"
# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://127.0.0.1:8080"

358
dockerfiles/kubernetes-proxy/config.json.template Normal file
View File

@ -0,0 +1,358 @@
{
"ociVersion": "1.0.0",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": false,
"user": {
"uid": 0,
"gid": 0
},
"args": [
"/usr/bin/kube-proxy-docker.sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": "/",
"capabilities": {
"bounding": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
],
"permitted": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
],
"inheritable": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
],
"effective": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
],
"ambient": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND"
]
},
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 131072,
"soft": 131072
}
]
},
"root": {
"path": "rootfs",
"readonly": true
},
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"destination": "/dev/mqueue",
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
},
{
"type": "bind",
"source": "/etc/kubernetes",
"destination": "/etc/kubernetes",
"options": [
"rbind",
"ro",
"rprivate"
]
},
{
"destination": "/etc/resolv.conf",
"type": "bind",
"source": "/etc/resolv.conf",
"options": [
"ro",
"rbind",
"rprivate"
]
},
{
"type": "bind",
"source": "/run",
"destination": "/run",
"options": [
"rbind",
"rw",
"mode=755"
]
}
],
"linux": {
"resources": {
"devices": [
{
"allow": false,
"access": "rwm"
}
]
},
"namespaces": [
{
"type": "pid"
},
{
"type": "ipc"
},
{
"type": "mount"
}
],
"devices": null,
"apparmorProfile": ""
}
}

8
dockerfiles/kubernetes-proxy/launch.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
. /etc/kubernetes/proxy
. /etc/kubernetes/config
ARGS="$