<artifactId>docker</artifactId>
<packaging>pom</packaging>
<name>${project.artifactId}</name>
+
+ <properties>
+ <skip-kind-cluster>true</skip-kind-cluster>
+ <version-fabric8>0.28.0</version-fabric8>
+ <version-apiVersion>1.23</version-apiVersion>
+ </properties>
<build>
<finalName>${project.artifactId}-${project.version}</finalName>
<plugins>
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
- <version>0.28.0</version>
+ <version>${version-fabric8}</version>
<configuration>
<verbose>true</verbose>
- <apiVersion>1.23</apiVersion>
+ <apiVersion>${version-apiVersion}</apiVersion>
<pullRegistry>${docker.pull.registry}</pullRegistry>
<pushRegistry>${docker.push.registry}</pushRegistry>
<images>
</assembly>
</build>
</image>
+ <image>
+ <name>kind-cluster</name>
+ <build>
+ <cleanup>try</cleanup>
+ <dockerFileDir>docker-files/kind-cluster</dockerFileDir>
+ <dockerFile>Dockerfile.kind-cluster</dockerFile>
+ <skip>${skip-kind-cluster}</skip>
+ </build>
+ </image>
</images>
</configuration>
<executions>
--- /dev/null
+FROM library/alpine:3.8
+
+RUN apk -U upgrade && apk add ca-certificates util-linux gnupg curl make kmod procps bash && gpg --keyserver https://download.docker.com/linux/debian/gpg --recv-keys && apk update && apk add docker openrc && rm -rf /var/lib/apt/lists/*
+RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true && update-alternatives --set arptables /usr/sbin/arptables-legacy || true
+RUN addgroup --system dockremap && adduser --system --ingroup dockremap dockremap && echo 'dockremap:165536:65536' >> /etc/subuid && echo 'dockremap:165536:65536' >> /etc/subgid
+
+VOLUME /var/lib/docker
+VOLUME /var/log/docker
+ENV container=docker
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 777 /entrypoint.sh
+
+ARG KUBECTL_VERSION=v1.21.2
+ARG KIND_VERSION=v0.11.1
+
+RUN curl -Lso /usr/bin/kubectl "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && chmod +x /usr/bin/kubectl && curl -Lso /usr/bin/kind "https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64" && chmod +x /usr/bin/kind # buildkit
+
+COPY kind-config.yaml /kind-config.yaml
+RUN chmod 777 /kind-config.yaml
+
+EXPOSE 30001
+
+COPY entrypoint-original.sh /entrypoint-original.sh
+RUN chmod 777 /entrypoint-original.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["tail", "-f", "/dev/null"]
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# Script copied from https://hub.docker.com/r/devopps/kind-cluster-buster
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# This is copied from official dind script:
+# https://raw.githubusercontent.com/docker/docker/master/hack/dind
+if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
+ mount -t securityfs none /sys/kernel/security || {
+ echo >&2 'Could not mount /sys/kernel/security.'
+ echo >&2 'AppArmor detection and --privileged mode might break.'
+ }
+fi
+
+# Mount /tmp (conditionally)
+if ! mountpoint -q /tmp; then
+ mount -t tmpfs none /tmp
+fi
+
+# Check cgroupfs.
+# Verify the filesystem.
+if [ ! -d /sys/fs/cgroup/ ]; then
+ echo >&2 'Cgroupfs is not mounted'
+ exit 1
+fi
+
+# Determine cgroup parent for docker daemon.
+# We need to make sure cgroups created by the docker daemon do not
+# interfere with other cgroups on the host, and do not leak after this
+# container is terminated.
+if [ -f /sys/fs/cgroup/systemd/release_agent ]; then
+ # This means the user has bind mounted host /sys/fs/cgroup to the
+ # same location in the container (e.g., using the following docker
+ # run flags: `-v /sys/fs/cgroup:/sys/fs/cgroup`). In this case, we
+ # need to make sure the docker daemon in the container does not
+ # pollute the host cgroups hierarchy.
+ # Note that `release_agent` file is only created at the root of a
+ # cgroup hierarchy.
+ CGROUP_PARENT="$(grep systemd /proc/self/cgroup | cut -d: -f3)/docker"
+else
+ CGROUP_PARENT="/docker"
+ # For each cgroup subsystem, Docker does a bind mount from the
+ # current cgroup to the root of the cgroup subsystem. For instance:
+ # /sys/fs/cgroup/memory/docker/<cid> -> /sys/fs/cgroup/memory
+ #
+ # This will confuse some system software that manipulate cgroups
+ # (e.g., kubelet/cadvisor, etc.) sometimes because
+ # `/proc/<pid>/cgroup` is not affected by the bind mount. The
+ # following is a workaround to recreate the original cgroup
+ # environment by doing another bind mount for each subsystem.
+ CURRENT_CGROUP=$(grep systemd /proc/self/cgroup | cut -d: -f3)
+ CGROUP_SUBSYSTEMS=$(findmnt -lun -o source,target -t cgroup | grep "${CURRENT_CGROUP}" | awk '{print $2}')
+
+ echo "${CGROUP_SUBSYSTEMS}" |
+ while IFS= read -r SUBSYSTEM; do
+ mkdir -p "${SUBSYSTEM}${CURRENT_CGROUP}"
+ mount --bind "${SUBSYSTEM}" "${SUBSYSTEM}${CURRENT_CGROUP}"
+ done
+fi
+
+setsid dockerd \
+ --cgroup-parent="${CGROUP_PARENT}" \
+ --bip="${DOCKERD_BIP:-172.17.1.1/24}" \
+ --mtu="${DOCKERD_MTU:-1400}" \
+ --raw-logs \
+ ${DOCKER_ARGS:-} >/var/log/docker/dockerd.log 2>&1 &
+
+# Wait until dockerd is ready.
+until docker ps >/dev/null 2>&1
+do
+ echo "Waiting for dockerd..."
+ sleep 1
+done
+
+exec "$@"
--- /dev/null
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+# Script copied from https://hub.docker.com/r/devopps/kind-cluster-buster
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# Startup Docker daemon and wait for it to be ready.
+echo "Running entrypoint-original.sh .."
+/entrypoint-original.sh bash -c "touch /dockerd-ready && sleep infinity" &
+while [ ! -f /dockerd-ready ]; do sleep 10; done
+
+echo "Setting up KIND cluster"
+
+# Startup a KIND cluster.
+API_SERVER_ADDRESS=${API_SERVER_ADDRESS:-$(hostname -i)}
+echo "hostname: ${API_SERVER_ADDRESS}"
+sed -ri "s/^(\s*)(apiServerAddress\s*:\s*apiServerAddress\s*$)/\1apiServerAddress: ${API_SERVER_ADDRESS}/" kind-config.yaml
+
+CERT_SANS=(${CERT_SANS:-""})
+CERT_SANS+=(${API_SERVER_ADDRESS})
+CERT_SANS+=($(hostname -i))
+CERT_SANS+=(localhost)
+CERT_SANS+=(127.0.0.1)
+
+for node in $(kubectl get nodes -o wide --no-headers | awk '{print $6}'); do
+echo "node: $node"
+CERT_SANS+=(node)
+done
+
+UNIQUE_CERT_SANS=($(echo "${CERT_SANS[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
+
+for hostname in "${UNIQUE_CERT_SANS[@]}"; do
+cat <<EOF >> kind-config.yaml
+- group: kubeadm.k8s.io
+ version: v1beta2
+ kind: ClusterConfiguration
+ patch: |
+ - op: add
+ path: /apiServer/certSANs/-
+ value: ${hostname}
+EOF
+done
+
+kind create cluster --config=kind-config.yaml --image=${KIND_NODE_IMAGE-"devopps/kind-node:v1.21.1"} --wait=900s
+
+while read -r line;
+do
+ echo "$line";
+done < "$HOME/.kube/config"
+
+CONFIG_ADDRESS=$HOME/.kube/config
+
+exec "$@"
--- /dev/null
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+networking:
+ apiServerPort: 30001
+ apiServerAddress: apiServerAddress
+ podSubnet: "10.245.0.0/16"
+ serviceSubnet: "10.246.0.0/16"
+kubeadmConfigPatches:
+- |
+ apiVersion: kubeadm.k8s.io/v1beta2
+ kind: JoinConfiguration
+ metadata:
+ name: config
+ nodeRegistration:
+ kubeletExtraArgs:
+ cgroup-root: "/kubelet"
+- |
+ apiVersion: kubeadm.k8s.io/v1beta2
+ kind: InitConfiguration
+ metadata:
+ name: config
+ nodeRegistration:
+ kubeletExtraArgs:
+ cgroup-root: "/kubelet"
+kubeadmConfigPatchesJSON6902:
+- group: kubeadm.k8s.io
+ version: v1beta2
+ kind: ClusterConfiguration
+ patch: |
+ - op: add
+ path: /apiServer/certSANs/-
+ value: 127.0.0.1
+- group: kubeadm.k8s.io
+ version: v1beta2
+ kind: ClusterConfiguration
+ patch: |
+ - op: add
+ path: /apiServer/certSANs/-
+ value: 172.17.0.2
+- group: kubeadm.k8s.io
+ version: v1beta2
+ kind: ClusterConfiguration
+ patch: |
+ - op: add
+ path: /apiServer/certSANs/-
+ value: localhost
+
Code Review / integration / csit.git / commitdiff