diff --git a/Makefile b/Makefile index 2cccef0d24..0605610288 100644 --- a/Makefile +++ b/Makefile @@ -702,6 +702,11 @@ KICBASE_IMAGE_GCR ?= $(REGISTRY)/kicbase:$(KIC_VERSION) KICBASE_IMAGE_HUB ?= kicbase/stable:$(KIC_VERSION) KICBASE_IMAGE_REGISTRIES ?= $(KICBASE_IMAGE_GCR) $(KICBASE_IMAGE_HUB) +CRI_DOCKERD_VERSION ?= $(shell egrep "CRI_DOCKERD_VERSION=" deploy/kicbase/Dockerfile | cut -d \" -f2) +.PHONY: update-cri-dockerd +update-cri-dockerd: + hack/update/cri_dockerd/update_cri_dockerd.sh $(CRI_DOCKERD_VERSION) $(KICBASE_ARCH) + .PHONY: local-kicbase local-kicbase: ## Builds the kicbase image and tags it local/kicbase:latest and local/kicbase:$(KIC_VERSION)-$(COMMIT_SHORT) docker build -f ./deploy/kicbase/Dockerfile -t local/kicbase:$(KIC_VERSION) --build-arg COMMIT_SHA=${VERSION}-$(COMMIT) --cache-from $(KICBASE_IMAGE_GCR) . diff --git a/deploy/kicbase/Dockerfile b/deploy/kicbase/Dockerfile index 549f48c985..735b8f4827 100644 --- a/deploy/kicbase/Dockerfile +++ b/deploy/kicbase/Dockerfile @@ -18,27 +18,31 @@ # https://systemd.io/CONTAINER_INTERFACE/ -# multi-tage docker build so we can build auto-pause for arm64 -FROM golang:1.17 +# multi-stage docker build so we can build auto-pause for arm64 +FROM golang:1.17 as auto-pause WORKDIR /src -# becaue auto-pause binary depends on minikube's code we need to pass the whole source code as the context -ADD . . +# auto-pause depends on core minikube code so we need to pass the whole source code as the context +# copy in the minimal amount of source code possible +COPY pkg/ ./pkg +COPY cmd/ ./cmd +COPY deploy/addons ./deploy/addons +COPY translations/ ./translations +COPY third_party/ ./third_party +COPY go.mod go.sum ./ +ARG TARGETARCH +ENV GOARCH=${TARGETARCH} RUN cd ./cmd/auto-pause/ && go build -# cri-dockerd static -FROM golang:1.16 -RUN git clone -n https://github.com/Mirantis/cri-dockerd && \ - cd cri-dockerd && git checkout a4d1895a2659ea9974bd7528a706592ab8b74181 && \ - cd src && env CGO_ENABLED=0 go build -ldflags '-X github.com/Mirantis/cri-dockerd/version.GitCommit=a4d1895' -o cri-dockerd - # start from ubuntu 20.04, this image is reasonably small as a starting point # for a kubernetes node image, it doesn't contain much we don't need -FROM ubuntu:focal-20220316 +FROM ubuntu:focal-20220316 as kicbase ARG BUILDKIT_VERSION="v0.10.3" ARG FUSE_OVERLAYFS_VERSION="v1.7.1" ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="1.0.3" ARG CRIO_VERSION="1.22" +ARG CRI_DOCKERD_VERSION="a4d1895a2659ea9974bd7528a706592ab8b74181" +ARG TARGETARCH # copy in static files (configs, scripts) COPY deploy/kicbase/10-network-security.conf /etc/sysctl.d/10-network-security.conf @@ -46,10 +50,8 @@ COPY deploy/kicbase/11-tcp-mtu-probing.conf /etc/sysctl.d/11-tcp-mtu-probing.con COPY deploy/kicbase/02-crio.conf /etc/crio/crio.conf.d/02-crio.conf COPY deploy/kicbase/clean-install /usr/local/bin/clean-install COPY deploy/kicbase/entrypoint /usr/local/bin/entrypoint -COPY --from=0 /src/cmd/auto-pause/auto-pause /bin/auto-pause -COPY --from=1 /go/cri-dockerd/src/cri-dockerd /usr/bin/cri-dockerd -COPY --from=1 /go/cri-dockerd/packaging/systemd/cri-docker.service /usr/lib/systemd/system/cri-docker.service -COPY --from=1 /go/cri-dockerd/packaging/systemd/cri-docker.socket /usr/lib/systemd/system/cri-docker.socket +COPY --from=auto-pause /src/cmd/auto-pause/auto-pause /bin/auto-pause + # Install dependencies, first from apt, then from release tarballs. # NOTE: we use one RUN to minimize layers. @@ -118,6 +120,12 @@ ARG COMMIT_SHA # could be changed to any debian that can run systemd USER root +# Install cri-dockerd from pre-compiled binaries stored in GCS, this is way faster than building from source in multi-arch +RUN echo "Installing cri-dockerd" && \ + curl -L "https://storage.googleapis.com/kicbase-artifacts/cri-dockerd/${CRI_DOCKERD_VERSION}/${TARGETARCH}/cri-dockerd" -o /usr/bin/cri-dockerd && \ + curl -L "https://storage.googleapis.com/kicbase-artifacts/cri-dockerd/${CRI_DOCKERD_VERSION}/cri-docker.socket" -o /usr/lib/systemd/system/cri-docker.socket && \ + curl -L "https://storage.googleapis.com/kicbase-artifacts/cri-dockerd/${CRI_DOCKERD_VERSION}/cri-docker.service" -o /usr/lib/systemd/system/cri-docker.service + # install system requirements from the regular distro repositories RUN clean-install \ lz4 \ @@ -162,9 +170,9 @@ RUN export ARCH=$(dpkg --print-architecture | sed 's/ppc64el/ppc64le/') && \ curl -LO https://downloadcontent.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_20.04/Release.key && \ apt-key add - < Release.key && \ if [ "$ARCH" != "ppc64le" ]; then \ - clean-install containers-common catatonit conmon containernetworking-plugins cri-tools podman-plugins crun; \ + clean-install containers-common catatonit conmon containernetworking-plugins cri-tools podman-plugins crun; \ else \ - clean-install containers-common conmon containernetworking-plugins crun; \ + clean-install containers-common conmon containernetworking-plugins crun; \ fi # install cri-o based on https://github.com/cri-o/cri-o/blob/release-1.22/README.md#installing-cri-o diff --git a/hack/update/cri_dockerd/update_cri_dockerd.sh b/hack/update/cri_dockerd/update_cri_dockerd.sh new file mode 100755 index 0000000000..f6ea8e841d --- /dev/null +++ b/hack/update/cri_dockerd/update_cri_dockerd.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Copyright 2022 The Kubernetes Authors All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eux -o pipefail + +if [ "$#" -ne 2 ]; then + echo "Usage: update_cri_dockerd.sh " >&2 + exit 1 +fi + +readonly version=$1 +archlist=$2 + +IFS=, read -a archarray <<< "$archlist" + +tmpdir=$(mktemp -d) +pushd $tmpdir +git clone -n https://github.com/Mirantis/cri-dockerd +cd cri-dockerd +git checkout $version +cd src + +for (( i=0; i < ${#archarray[*]}; i++ )) +do + arch=${archarray[i]#"linux/"} + env GOOS=linux GOARCH=$arch CGO_ENABLED=0 go build -ldflags "-X github.com/Mirantis/cri-dockerd/version.GitCommit=${version:0:7}" -o cri-dockerd-$arch + gsutil cp cri-dockerd-$arch gs://kicbase-artifacts/cri-dockerd/$version/$arch/cri-dockerd + +done + +cd .. +gsutil cp ./packaging/systemd/cri-docker.service gs://kicbase-artifacts/cri-dockerd/$version/cri-docker.service +gsutil cp ./packaging/systemd/cri-docker.socket gs://kicbase-artifacts/cri-dockerd/$version/cri-docker.socket + +popd +rm -rf $tmpdir diff --git a/pkg/drivers/kic/types.go b/pkg/drivers/kic/types.go index dad8c54d6e..2de298b003 100644 --- a/pkg/drivers/kic/types.go +++ b/pkg/drivers/kic/types.go @@ -24,13 +24,13 @@ import ( const ( // Version is the current version of kic - Version = "v0.0.31" + Version = "v0.0.31-1653596720-14230" // SHA of the kic base image - baseImageSHA = "c3375f1b260bd936aa532a0c749626e07d94ab129a7f2395e95345aa04ca708c" + baseImageSHA = "e953786303ac8350802546ee187d34e89f0007072a54fdbcc2f86a1fb8575418" // The name of the GCR kicbase repository - gcrRepo = "gcr.io/k8s-minikube/kicbase" + gcrRepo = "gcr.io/k8s-minikube/kicbase-builds" // The name of the Dockerhub kicbase repository - dockerhubRepo = "docker.io/kicbase/stable" + dockerhubRepo = "docker.io/kicbase/build" ) var ( diff --git a/site/content/en/docs/commands/start.md b/site/content/en/docs/commands/start.md index c5c98579c6..7c75a3dc22 100644 --- a/site/content/en/docs/commands/start.md +++ b/site/content/en/docs/commands/start.md @@ -26,7 +26,7 @@ minikube start [flags] --apiserver-names strings A set of apiserver names which are used in the generated certificate for kubernetes. This can be used if you want to make the apiserver available from outside the machine --apiserver-port int The apiserver listening port (default 8443) --auto-update-drivers If set, automatically updates drivers to the latest version. Defaults to true. (default true) - --base-image string The base image to use for docker/podman drivers. Intended for local development. (default "gcr.io/k8s-minikube/kicbase:v0.0.31@sha256:c3375f1b260bd936aa532a0c749626e07d94ab129a7f2395e95345aa04ca708c") + --base-image string The base image to use for docker/podman drivers. Intended for local development. (default "gcr.io/k8s-minikube/kicbase-builds:v0.0.31-1653596720-14230@sha256:e953786303ac8350802546ee187d34e89f0007072a54fdbcc2f86a1fb8575418") --binary-mirror string Location to fetch kubectl, kubelet, & kubeadm binaries from. --cache-images If true, cache docker images for the current bootstrapper and load them into the machine. Always false with --driver=none. (default true) --cert-expiration duration Duration until minikube certificate expiration, defaults to three years (26280h). (default 26280h0m0s)