-
Notifications
You must be signed in to change notification settings - Fork 64
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pre-install-payload: Rework Dockerfile
Let's start using a multi-step build Dockerfile in order to make things a little bit more contained for each parts we'll build. Together with this change, we're also moving to using alpine as the base image, as it's way smaller than the Ubuntu one, and is also multi-arch. I know, I know, it seems that having a multi-stage build here makes no sense, as we'll end up using an alpine image in the end, but it'll pay off by the moment we'll start building the artefacts, which for sure will happen with the nydus snapshotter. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
- Loading branch information
Showing
2 changed files
with
43 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,25 +1,49 @@ | ||
| FROM ubuntu:22.04 | ||
| FROM alpine:3.18 as base | ||
|
|
||
| #### Confidential Containers forked containerd | ||
|
|
||
| FROM base as coco-containerd-binary-downloader | ||
|
|
||
| ARG ARCH | ||
| ARG VERSION | ||
| ARG SYSTEMD_ARTIFACTS=./containerd/containerd-for-cc-override.conf | ||
| ARG CONTAINER_ENGINE_ARTIFACTS=./scripts | ||
| ARG COCO_CONTAINERD_VERSION | ||
|
|
||
| ARG DESTINATION=/opt/confidential-containers-pre-install-artifacts | ||
| ARG KUBECTL_VERSION=v1.26.0 | ||
| ARG COCO_DESTINATION=${DESTINATION}/opt/confidential-containers | ||
|
|
||
| COPY ${CONTAINERD_ARTIFACTS} ${DESTINATION}/opt/confidential-containers/ | ||
| COPY ${SYSTEMD_ARTIFACTS} ${DESTINATION}/etc/systemd/system/containerd.service.d/ | ||
| COPY ${CONTAINER_ENGINE_ARTIFACTS}/* ${DESTINATION}/scripts/ | ||
| RUN \ | ||
| mkdir -p ${COCO_DESTINATION} && \ | ||
| apk --no-cache add curl && \ | ||
| curl -fOL --progress-bar https://github.com/confidential-containers/containerd/releases/download/v${COCO_CONTAINERD_VERSION}/containerd-${COCO_CONTAINERD_VERSION}-linux-${ARCH}.tar.gz && \ | ||
| tar xvzpf containerd-${COCO_CONTAINERD_VERSION}-linux-${ARCH}.tar.gz -C ${COCO_DESTINATION} && \ | ||
| rm containerd-${COCO_CONTAINERD_VERSION}-linux-${ARCH}.tar.gz | ||
|
|
||
| #### kubectl | ||
|
|
||
| FROM base as kubectl-binary-downloader | ||
|
|
||
| ENV DEBIAN_FRONTEND=noninteractive | ||
| SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
| ARG ARCH | ||
| ARG KUBECTL_VERSION=v1.26.0 | ||
|
|
||
| RUN \ | ||
| apt-get update && \ | ||
| apt-get install -y --no-install-recommends apt-transport-https ca-certificates curl xz-utils && \ | ||
| apt-get clean && rm -rf /var/lib/apt/lists/ && \ | ||
| curl -fL --progress-bar -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl && \ | ||
| chmod +x /usr/bin/kubectl && \ | ||
| curl -fOL --progress-bar https://github.com/confidential-containers/containerd/releases/download/v${VERSION}/containerd-${VERSION}-linux-${ARCH}.tar.gz && \ | ||
| tar xvzpf containerd-${VERSION}-linux-${ARCH}.tar.gz -C ${DESTINATION}/opt/confidential-containers && \ | ||
| rm containerd-${VERSION}-linux-${ARCH}.tar.gz | ||
| apk --no-cache add curl && \ | ||
| curl -fL --progress-bar -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl && \ | ||
| chmod +x /usr/bin/kubectl | ||
|
|
||
| #### Final image | ||
|
|
||
| FROM base | ||
|
|
||
| RUN apk --no-cache add bash | ||
|
|
||
| ARG DESTINATION=/opt/confidential-containers-pre-install-artifacts | ||
| ARG COCO_DESTINATION=${DESTINATION}/opt/confidential-containers | ||
| ARG COCO_CONTAINERD_SYSTEMD_DESTINATION=${DESTINATION}/etc/systemd/system/containerd.service.d/ | ||
|
|
||
| ARG CONTAINERD_SYSTEMD_ARTIFACTS=./containerd/containerd-for-cc-override.conf | ||
|
|
||
| COPY --from=coco-containerd-binary-downloader ${COCO_DESTINATION}/bin/ ${COCO_DESTINATION}/bin/ | ||
| COPY --from=kubectl-binary-downloader /usr/bin/kubectl /usr/bin/kubectl | ||
| COPY ${CONTAINERD_SYSTEMD_ARTIFACTS} ${COCO_CONTAINERD_SYSTEMD_DESTINATION} | ||
|
|
||
| ARG CONTAINER_ENGINE_ARTIFACTS=./scripts | ||
| COPY ${CONTAINER_ENGINE_ARTIFACTS}/* ${DESTINATION}/scripts/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters