Use distroless image as base for protokube

2020-06-19 10:40:35 +03:00 · 2020-06-19 10:40:35 +03:00 · 3a057aa27c
parent 6cdf9d5001
commit 3a057aa27c
3 changed files with 7 additions and 38 deletions
--- a/images/BUILD.bazel
+++ b/images/BUILD.bazel
@ -2,50 +2,19 @@ package(default_visibility = ["//visibility:public"])

 load(
    "@io_bazel_rules_docker//container:container.bzl",
-    "container_bundle",
    "container_image",
+    "container_bundle",
 )
-load("@package_bundle//file:packages.bzl", "packages")

 container_image(
    name = "protokube-image",
-    base = "@debian_hyperkube_base_amd64//image",
-    cmd = ["/usr/bin/protokube"],
-    # Packages needed:
-    # ca-certificates: Needed to talk to EC2 API (in base)
-    # e2fsprogs: Needed to mount / format ext4 filesytems (in base)
-    # systemd: needed to start kubelet
-    # TODO: Replace systemd with direct calls, or chroot into rootfs
-    debs = [
-        packages["cgmanager"],
-        packages["dbus"],
-        packages["libapparmor1"],
-        packages["libcgmanager0"],
-        packages["libcryptsetup4"],
-        packages["libdbus-1-3"],
-        packages["libnih-dbus1"],
-        packages["libnih1"],
-        packages["libpam-systemd"],
-        packages["libprocps6"],
-        packages["libseccomp2"],
-        packages["procps"],
-        packages["systemd-shim"],
-        packages["systemd"],
-    ],
+    base = "@distroless_base//image",
+    cmd = ["/protokube"],
    files = [
        "//channels/cmd/channels",
        "//protokube/cmd/protokube",
    ],
-    # Cannot use directory with packages or they get installed with
-    # directory as the root.
-    # directory = "/usr/bin/",
-    # TODO: figure out if there's a way to add files
-    # to actual /usr/bin while using debs above.
-    symlinks = {
-        "/usr/bin/channels": "/channels",
-        "/usr/bin/protokube": "/protokube",
-    },
-    tags = ["local"],  # TODO(fejta): make xz toolchain hermetic
+    stamp = True,
 )

 container_bundle(
--- a/nodeup/pkg/model/protokube.go
+++ b/nodeup/pkg/model/protokube.go
@ -269,7 +269,7 @@ func (t *ProtokubeBuilder) ProtokubeContainerRunCommand() (string, error) {
 		containerRunArgs = append(containerRunArgs, []string{
 			"--name", "protokube",
 			t.ProtokubeImageName(),
-			"/usr/bin/protokube",
+			"/protokube",
 		}...)

 	} else if t.Cluster.Spec.ContainerRuntime == "containerd" {
@ -307,7 +307,7 @@ func (t *ProtokubeBuilder) ProtokubeContainerRunCommand() (string, error) {
 		containerRunArgs = append(containerRunArgs, []string{
 			"docker.io/library/" + t.ProtokubeImageName(),
 			"protokube",
-			"/usr/bin/protokube",
+			"/protokube",
 		}...)
 	} else {
 		return "", fmt.Errorf("unable to create protokube run command for unsupported runtime %q", t.Cluster.Spec.ContainerRuntime)
--- a/protokube/pkg/protokube/channels.go
+++ b/protokube/pkg/protokube/channels.go
@ -36,7 +36,7 @@ func applyChannel(channel string) error {
 }

 func execChannels(args ...string) (string, error) {
-	kubectlPath := "channels" // Assume in PATH
+	kubectlPath := "/channels"
 	cmd := exec.Command(kubectlPath, args...)
 	env := os.Environ()
 	cmd.Env = env