From 8b76509514dd2b11eca9e3e8a3cb05b85b7ec04d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Dulko?= Date: Fri, 14 Dec 2018 17:44:34 +0100 Subject: [PATCH] Clean up Dockerfiles and how we build them This commit does several cleanups to the Dockerfiles that we have: * git is removed from the images after Kuryr packages installation * jq and wget is removed from kuryr-cni image as those ar no longer used * explicit setuptools installation is no longer required * raw Kuryr code is removed from images after it's `pip install`ed * unnecessary VOLUME line is removed from kuryr-cni Dockerfile * CNI_CONFIG_DIR and CNI_BIN_DIR build arguments are removed from kuryr-cni Dockerfile as they are not used anywhere. Initially we've kept them to allow deployer to tell where host's /etc/cni/net.d and /opt/cni/bin will be mounted, but one of the refactorings of cni_ds_init must have stopped depending on them and we simply started to expect the mounts to be in the same paths as on host. We can continue to do that. The build_cni_daemonset_image script was created back in the time when we have had multi-stage build of the kuryr-cni image. This is no longer the case and building the image is as easy as: `docker build -f cni.Dockerfile .` Given that this commit removes the script and updates documentation to recommend using `docker build` directly. Change-Id: Ib1807344ede11ec6845e5f09c5a87c29a779af03 --- cni.Dockerfile | 20 +++---- cni_ds_init | 2 +- cni_py3.Dockerfile | 17 +++--- controller.Dockerfile | 11 ++-- controller_py3.Dockerfile | 10 ++-- devstack/lib/kuryr_kubernetes | 29 ++++------ devstack/plugin.sh | 4 +- doc/source/installation/containerized.rst | 8 +-- tools/build_cni_daemonset_image | 64 ----------------------- 9 files changed, 36 insertions(+), 129 deletions(-) delete mode 100755 tools/build_cni_daemonset_image diff --git a/cni.Dockerfile b/cni.Dockerfile index ea21f7d69..f3f4bfb6f 100644 --- a/cni.Dockerfile +++ b/cni.Dockerfile @@ -5,27 +5,21 @@ ARG UPPER_CONSTRAINTS_FILE="https://git.openstack.org/cgit/openstack/requirement ARG OSLO_LOCK_PATH=/var/kuryr-lock RUN yum install -y epel-release https://rdoproject.org/repos/rdo-release.rpm \ - && yum install -y --setopt=tsflags=nodocs python-pip iproute bridge-utils openvswitch sudo jq \ - && yum install -y --setopt=tsflags=nodocs gcc python-devel git \ - && pip install -U setuptools + && yum install -y --setopt=tsflags=nodocs python-pip iproute bridge-utils openvswitch sudo \ + && yum install -y --setopt=tsflags=nodocs gcc python-devel git COPY . /opt/kuryr-kubernetes -RUN cd /opt/kuryr-kubernetes \ - && pip install -c $UPPER_CONSTRAINTS_FILE . \ - && rm -fr .git \ +RUN pip install -c $UPPER_CONSTRAINTS_FILE /opt/kuryr-kubernetes \ + && cp /opt/kuryr-kubernetes/cni_ds_init /usr/bin/cni_ds_init \ + && mkdir -p /etc/kuryr-cni \ + && cp /opt/kuryr-kubernetes/etc/cni/net.d/* /etc/kuryr-cni \ && yum -y history undo last \ + && rm -rf /opt/kuryr-kubernetes \ && mkdir ${OSLO_LOCK_PATH} -COPY ./cni_ds_init /usr/bin/cni_ds_init - -ARG CNI_CONFIG_DIR_PATH=/etc/cni/net.d -ENV CNI_CONFIG_DIR_PATH ${CNI_CONFIG_DIR_PATH} -ARG CNI_BIN_DIR_PATH=/opt/cni/bin -ENV CNI_BIN_DIR_PATH ${CNI_BIN_DIR_PATH} ARG CNI_DAEMON=True ENV CNI_DAEMON ${CNI_DAEMON} ENV OSLO_LOCK_PATH=${OSLO_LOCK_PATH} -VOLUME [ "/sys/fs/cgroup" ] ENTRYPOINT [ "cni_ds_init" ] diff --git a/cni_ds_init b/cni_ds_init index a6d50dfd5..3f9c37c22 100755 --- a/cni_ds_init +++ b/cni_ds_init @@ -55,7 +55,7 @@ EOF # Copy the script into the designated location cp /kuryr-cni "/opt/cni/bin/kuryr-cni" chmod +x /opt/cni/bin/kuryr-cni - cp /opt/kuryr-kubernetes/etc/cni/net.d/* /etc/cni/net.d + cp /etc/kuryr-cni/* /etc/cni/net.d } cleanup diff --git a/cni_py3.Dockerfile b/cni_py3.Dockerfile index 7fb7e56e1..0fe31ea49 100644 --- a/cni_py3.Dockerfile +++ b/cni_py3.Dockerfile @@ -5,26 +5,21 @@ ARG UPPER_CONSTRAINTS_FILE="https://git.openstack.org/cgit/openstack/requirement ARG OSLO_LOCK_PATH=/var/kuryr-lock RUN dnf update -y \ - && dnf install -y --setopt=tsflags=nodocs python3-pip iproute bridge-utils openvswitch sudo jq \ + && dnf install -y --setopt=tsflags=nodocs python3-pip iproute bridge-utils openvswitch sudo \ && dnf install -y --setopt=tsflags=nodocs gcc python3-devel git COPY . /opt/kuryr-kubernetes -RUN cd /opt/kuryr-kubernetes \ - && pip3 install -c $UPPER_CONSTRAINTS_FILE . \ - && rm -fr .git \ +RUN pip3 install -c $UPPER_CONSTRAINTS_FILE /opt/kuryr-kubernetes \ + && cp /opt/kuryr-kubernetes/cni_ds_init /usr/bin/cni_ds_init \ + && mkdir -p /etc/kuryr-cni \ + && cp /opt/kuryr-kubernetes/etc/cni/net.d/* /etc/kuryr-cni \ && dnf -y history undo last \ + && rm -rf /opt/kuryr-kubernetes \ && mkdir ${OSLO_LOCK_PATH} -COPY ./cni_ds_init /usr/bin/cni_ds_init - -ARG CNI_CONFIG_DIR_PATH=/etc/cni/net.d -ENV CNI_CONFIG_DIR_PATH ${CNI_CONFIG_DIR_PATH} -ARG CNI_BIN_DIR_PATH=/opt/cni/bin -ENV CNI_BIN_DIR_PATH ${CNI_BIN_DIR_PATH} ARG CNI_DAEMON=True ENV CNI_DAEMON ${CNI_DAEMON} ENV OSLO_LOCK_PATH=${OSLO_LOCK_PATH} -VOLUME [ "/sys/fs/cgroup" ] ENTRYPOINT [ "cni_ds_init" ] diff --git a/controller.Dockerfile b/controller.Dockerfile index 14f188b28..04a5803e2 100644 --- a/controller.Dockerfile +++ b/controller.Dockerfile @@ -5,22 +5,19 @@ ARG UPPER_CONSTRAINTS_FILE="https://git.openstack.org/cgit/openstack/requirement RUN yum install -y epel-release \ && yum install -y --setopt=tsflags=nodocs python-pip \ - && yum install --setopt=tsflags=nodocs --assumeyes inet-tools gcc python-devel wget git \ - && pip install -U setuptools + && yum install -y --setopt=tsflags=nodocs gcc python-devel git COPY . /opt/kuryr-kubernetes -RUN cd /opt/kuryr-kubernetes \ - && pip install -c $UPPER_CONSTRAINTS_FILE --no-cache-dir . \ - && rm -fr .git \ +RUN pip install -c $UPPER_CONSTRAINTS_FILE --no-cache-dir /opt/kuryr-kubernetes \ && yum -y history undo last \ + && rm -rf /opt/kuryr-kubernetes \ && groupadd -r kuryr -g 711 \ && useradd -u 711 -g kuryr \ -d /opt/kuryr-kubernetes \ -s /sbin/nologin \ -c "Kuryr controller user" \ - kuryr \ - && chown kuryr:kuryr /opt/kuryr-kubernetes + kuryr USER kuryr CMD ["--config-dir", "/etc/kuryr"] diff --git a/controller_py3.Dockerfile b/controller_py3.Dockerfile index 7e9ce6c46..4025194ea 100644 --- a/controller_py3.Dockerfile +++ b/controller_py3.Dockerfile @@ -5,21 +5,19 @@ ARG UPPER_CONSTRAINTS_FILE="https://git.openstack.org/cgit/openstack/requirement RUN dnf update -y \ && dnf install -y --setopt=tsflags=nodocs python3-pip \ - && dnf install -y --setopt=tsflags=nodocs gcc python3-devel wget git + && dnf install -y --setopt=tsflags=nodocs gcc python3-devel git COPY . /opt/kuryr-kubernetes -RUN cd /opt/kuryr-kubernetes \ - && pip3 install -c $UPPER_CONSTRAINTS_FILE --no-cache-dir . \ - && rm -fr .git \ +RUN pip3 install -c $UPPER_CONSTRAINTS_FILE --no-cache-dir /opt/kuryr-kubernetes \ && dnf -y history undo last \ + && rm -rf /opt/kuryr-kubernetes \ && groupadd -r kuryr -g 711 \ && useradd -u 711 -g kuryr \ -d /opt/kuryr-kubernetes \ -s /sbin/nologin \ -c "Kuryr controller user" \ - kuryr \ - && chown kuryr:kuryr /opt/kuryr-kubernetes + kuryr USER kuryr CMD ["--config-dir", "/etc/kuryr"] diff --git a/devstack/lib/kuryr_kubernetes b/devstack/lib/kuryr_kubernetes index 17395b479..c514b349b 100644 --- a/devstack/lib/kuryr_kubernetes +++ b/devstack/lib/kuryr_kubernetes @@ -344,45 +344,36 @@ EOF # the local docker registry as kuryr/controller:latest and # kuryr/cni:latest respectively function build_kuryr_containers() { - local cni_buildtool_args + local cni_build_args local cni_daemon local build_dir local use_py3 - local controller_dockerfile + local py_suffix - cni_buildtool_args="--bin-dir ${1} --conf-dir ${2}" - cni_daemon=$3 + cni_daemon=$1 build_dir="${DEST}/kuryr-kubernetes" pushd "$build_dir" use_py3=$(trueorfalse False KURYR_CONTAINERS_USE_PY3) if [[ "$use_py3" == "True" ]]; then - cni_buildtool_args="${cni_buildtool_args} --dockerfile cni_py3.Dockerfile" - controller_dockerfile="controller_py3.Dockerfile" - else - controller_dockerfile="controller.Dockerfile" + py_suffix="_py3" fi if [[ "$cni_daemon" == "False" ]]; then - cni_buildtool_args="${cni_buildtool_args} --no-daemon" + cni_build_args="--build-arg CNI_DAEMON=False" fi - if [[ "$CONTAINER_ENGINE" == "crio" ]]; then - cni_buildtool_args="${cni_buildtool_args} --podman" - fi - - # Build controller image + # Build images # FIXME(dulek): Until https://github.com/containers/buildah/issues/1206 is # resolved instead of podman we need to use buildah directly, # hence this awful if clause. if [[ ${CONTAINER_ENGINE} == 'crio' ]]; then - sudo buildah bud -t docker.io/kuryr/controller -f "$controller_dockerfile" . + sudo buildah bud -t docker.io/kuryr/controller -f controller${py_suffix}.Dockerfile . + sudo buildah bud -t docker.io/kuryr/cni -f cni${py_suffix}.Dockerfile . else - container_runtime build -t kuryr/controller -f "$controller_dockerfile" . + container_runtime build -t kuryr/controller -f controller${py_suffix}.Dockerfile . + container_runtime build -t kuryr/cni -f cni${py_suffix}.Dockerfile ${cni_build_args} . fi - - # Build CNI image - "./tools/build_cni_daemonset_image" $cni_buildtool_args popd } diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 47d52381d..b4f9b61ee 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -1032,9 +1032,9 @@ if [[ "$1" == "stack" && "$2" == "extra" ]]; then if is_service_enabled kuryr-kubernetes || [[ ${KURYR_FORCE_IMAGE_BUILD} == "True" ]]; then if [ "$KURYR_K8S_CONTAINERIZED_DEPLOYMENT" == "True" ]; then if is_service_enabled kuryr-daemon; then - build_kuryr_containers $CNI_BIN_DIR $CNI_CONF_DIR True + build_kuryr_containers True else - build_kuryr_containers $CNI_BIN_DIR $CNI_CONF_DIR False + build_kuryr_containers False fi fi fi diff --git a/doc/source/installation/containerized.rst b/doc/source/installation/containerized.rst index 5de9d85be..fce0c3cf4 100644 --- a/doc/source/installation/containerized.rst +++ b/doc/source/installation/containerized.rst @@ -13,15 +13,11 @@ For creating controller image on local machine: :: For creating cni daemonset image on local machine: :: - $ ./tools/build_cni_daemonset_image - -You can customize the build by setting some options. In order to list them run: :: - - $ ./tools/build_cni_daemonset_image -h + $ docker build -t kuryr/cni -f cni.Dockerfile . If you want to run kuryr CNI without the daemon, build theimage with: :: - $ ./tools/build_cni_daemonset_image --no-daemon + $ docker build -t kuryr/cni -f cni.Dockerfile --build-arg CNI_DAEMON=False . Alternatively, you can remove ``imagePullPolicy: Never`` from kuryr-controller Deployment and kuryr-cni DaemonSet definitions to use pre-built diff --git a/tools/build_cni_daemonset_image b/tools/build_cni_daemonset_image deleted file mode 100755 index f07df3f34..000000000 --- a/tools/build_cni_daemonset_image +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash -ex - -function print_usage() { - set +ex - echo "$0" "[options]" - if [[ -n "$1" ]]; then - echo "Option $1 not found" - fi - echo "Options -----------------------------" - echo "-h/--help Displays this help message" - echo "-f/--dockerfile Specify the Dockerfile to use for building the CNI container" - echo "-b/--bin-dir Specify the path where to place the CNI executable" - echo "-c/--conf-dir Specify the path where to place the CNI configuration" - echo "-t/--tag Specify string to use as the tag part of the container image name, i.e., kuryr/cni:tag" - echo "-D/--no-daemon Do not run CNI as a daemon" - echo "-p/--podman Use podman instead of docker to build image" -} - -for arg in "$@"; do - shift - case "$arg" in - "--help") set -- "$@" "-h" ;; - "--bin-dir") set -- "$@" "-b" ;; - "--conf-dir") set -- "$@" "-c" ;; - "--dockerfile") set -- "$@" "-f" ;; - "--tag") set -- "$@" "-t" ;; - "--no-daemon") set -- "$@" "-D" ;; - "--podman") set -- "$@" "-p" ;; - "--"*) print_usage "$arg" >&2; exit 1 ;; - *) set -- "$@" "$arg" - esac -done - -#Default value -dockerfile="cni.Dockerfile" -image_name="kuryr/cni" -daemonized="True" -build_args=() -build_cmd="docker build" - -OPTIND=1 - -while getopts "hf:b:c:t:Dp" opt; do - case "$opt" in - "h") print_usage; exit 0 ;; - "D") daemonized=False ;; - "f") dockerfile=${OPTARG} ;; - "b") build_args+=('--build-arg' "CNI_BIN_DIR_PATH=${OPTARG}") ;; - "c") build_args+=('--build-arg' "CNI_CONFIG_DIR_PATH=${OPTARG}") ;; - # Until https://github.com/containers/buildah/issues/1206 is resolved - # we need to use buildah directly. - "p") build_cmd="sudo buildah bud" && image_name="docker.io/kuryr/cni" ;; - "t") image_name=${image_name}:${OPTARG} ;; - "?") print_usage >&2; exit 1 ;; - esac -done - -shift $((OPTIND - 1)) - -# create cni daemonset image -${build_cmd} -t "$image_name" \ - --build-arg "CNI_DAEMON=$daemonized" \ - "${build_args[@]}" \ - -f "$dockerfile" .