kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use distroless image as base for protokube

This commit is contained in:
Ciprian Hacman 2020-06-19 10:40:35 +03:00
parent 6cdf9d5001
commit 3a057aa27c
3 changed files with 7 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
images/BUILD.bazel
View File

@ -2,50 +2,19 @@ package(default_visibility = ["//visibility:public"])
load( load(
"@io_bazel_rules_docker//container:container.bzl", "@io_bazel_rules_docker//container:container.bzl",
"container_bundle",
"container_image", "container_image",
"container_bundle",
) )
load("@package_bundle//file:packages.bzl", "packages")
container_image( container_image(
name = "protokube-image", name = "protokube-image",
base = "@debian_hyperkube_base_amd64//image", base = "@distroless_base//image",
cmd = ["/usr/bin/protokube"], cmd = ["/protokube"],
# Packages needed:
# ca-certificates: Needed to talk to EC2 API (in base)
# e2fsprogs: Needed to mount / format ext4 filesytems (in base)
# systemd: needed to start kubelet
# TODO: Replace systemd with direct calls, or chroot into rootfs
debs = [
packages["cgmanager"],
packages["dbus"],
packages["libapparmor1"],
packages["libcgmanager0"],
packages["libcryptsetup4"],
packages["libdbus-1-3"],
packages["libnih-dbus1"],
packages["libnih1"],
packages["libpam-systemd"],
packages["libprocps6"],
packages["libseccomp2"],
packages["procps"],
packages["systemd-shim"],
packages["systemd"],
],
files = [ files = [
"//channels/cmd/channels", "//channels/cmd/channels",
"//protokube/cmd/protokube", "//protokube/cmd/protokube",
], ],
# Cannot use directory with packages or they get installed with stamp = True,
# directory as the root.
# directory = "/usr/bin/",
# TODO: figure out if there's a way to add files
# to actual /usr/bin while using debs above.
symlinks = {
"/usr/bin/channels": "/channels",
"/usr/bin/protokube": "/protokube",
},
tags = ["local"], # TODO(fejta): make xz toolchain hermetic
) )
container_bundle( container_bundle(

4
nodeup/pkg/model/protokube.go
View File

@ -269,7 +269,7 @@ func (t *ProtokubeBuilder) ProtokubeContainerRunCommand() (string, error) {
containerRunArgs = append(containerRunArgs, []string{ containerRunArgs = append(containerRunArgs, []string{
"--name", "protokube", "--name", "protokube",
t.ProtokubeImageName(), t.ProtokubeImageName(),
"/usr/bin/protokube", "/protokube",
}...) }...)
} else if t.Cluster.Spec.ContainerRuntime == "containerd" { } else if t.Cluster.Spec.ContainerRuntime == "containerd" {
@ -307,7 +307,7 @@ func (t *ProtokubeBuilder) ProtokubeContainerRunCommand() (string, error) {
containerRunArgs = append(containerRunArgs, []string{ containerRunArgs = append(containerRunArgs, []string{
"docker.io/library/" + t.ProtokubeImageName(), "docker.io/library/" + t.ProtokubeImageName(),
"protokube", "protokube",
"/usr/bin/protokube", "/protokube",
}...) }...)
} else { } else {
return "", fmt.Errorf("unable to create protokube run command for unsupported runtime %q", t.Cluster.Spec.ContainerRuntime) return "", fmt.Errorf("unable to create protokube run command for unsupported runtime %q", t.Cluster.Spec.ContainerRuntime)

2
protokube/pkg/protokube/channels.go
View File

@ -36,7 +36,7 @@ func applyChannel(channel string) error {
} }
func execChannels(args ...string) (string, error) { func execChannels(args ...string) (string, error) {
kubectlPath := "channels" // Assume in PATH kubectlPath := "/channels"
cmd := exec.Command(kubectlPath, args...) cmd := exec.Command(kubectlPath, args...)
env := os.Environ() env := os.Environ()
cmd.Env = env cmd.Env = env