Merge "Add build-arg for --allow-privileged"
This commit is contained in:
commit
764cfe041d
|
@ -1,4 +1,5 @@
|
||||||
ARG KUBE_VERSION=v1.13.0
|
ARG KUBE_VERSION=v1.13.0
|
||||||
|
ARG ADD_KUBE_ALLOW_PRIV=false
|
||||||
|
|
||||||
FROM fedora:rawhide
|
FROM fedora:rawhide
|
||||||
ARG KUBE_VERSION
|
ARG KUBE_VERSION
|
||||||
|
@ -30,6 +31,7 @@ COPY service.template config.json.template /exports/
|
||||||
# however, this would require hard-coding the container name
|
# however, this would require hard-coding the container name
|
||||||
|
|
||||||
COPY apiserver config /etc/kubernetes/
|
COPY apiserver config /etc/kubernetes/
|
||||||
|
RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
|
||||||
RUN mkdir -p /exports/hostfs/usr/local/bin/
|
RUN mkdir -p /exports/hostfs/usr/local/bin/
|
||||||
COPY --from=0 /root/kubectl /exports/hostfs/usr/local/bin/
|
COPY --from=0 /root/kubectl /exports/hostfs/usr/local/bin/
|
||||||
RUN chmod +x /exports/hostfs/usr/local/bin/kubectl && \
|
RUN chmod +x /exports/hostfs/usr/local/bin/kubectl && \
|
||||||
|
|
|
@ -15,8 +15,5 @@ KUBE_LOGTOSTDERR="--logtostderr=true"
|
||||||
# journal message level, 0 is debug
|
# journal message level, 0 is debug
|
||||||
KUBE_LOG_LEVEL="--v=0"
|
KUBE_LOG_LEVEL="--v=0"
|
||||||
|
|
||||||
# Should this cluster be allowed to run privileged docker containers
|
|
||||||
KUBE_ALLOW_PRIV="--allow-privileged=false"
|
|
||||||
|
|
||||||
# How the controller-manager, scheduler, and proxy find the apiserver
|
# How the controller-manager, scheduler, and proxy find the apiserver
|
||||||
KUBE_MASTER="--master=http://127.0.0.1:8080"
|
KUBE_MASTER="--master=http://127.0.0.1:8080"
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
ARG KUBE_VERSION=v1.13.0
|
ARG KUBE_VERSION=v1.13.0
|
||||||
|
ARG ADD_KUBE_ALLOW_PRIV=false
|
||||||
FROM gcr.io/google-containers/kube-controller-manager-amd64:${KUBE_VERSION}
|
FROM gcr.io/google-containers/kube-controller-manager-amd64:${KUBE_VERSION}
|
||||||
|
|
||||||
ENV container=docker
|
ENV container=docker
|
||||||
|
@ -17,6 +18,7 @@ COPY launch.sh /usr/bin/kube-controller-manager-docker.sh
|
||||||
COPY service.template config.json.template /exports/
|
COPY service.template config.json.template /exports/
|
||||||
|
|
||||||
COPY controller-manager config /etc/kubernetes/
|
COPY controller-manager config /etc/kubernetes/
|
||||||
|
RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
|
||||||
RUN mkdir -p /exports/hostfs/etc/kubernetes && \
|
RUN mkdir -p /exports/hostfs/etc/kubernetes && \
|
||||||
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
|
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
|
||||||
cp /etc/kubernetes/controller-manager /exports/hostfs/etc/kubernetes/
|
cp /etc/kubernetes/controller-manager /exports/hostfs/etc/kubernetes/
|
||||||
|
|
|
@ -15,8 +15,5 @@ KUBE_LOGTOSTDERR="--logtostderr=true"
|
||||||
# journal message level, 0 is debug
|
# journal message level, 0 is debug
|
||||||
KUBE_LOG_LEVEL="--v=0"
|
KUBE_LOG_LEVEL="--v=0"
|
||||||
|
|
||||||
# Should this cluster be allowed to run privileged docker containers
|
|
||||||
KUBE_ALLOW_PRIV="--allow-privileged=false"
|
|
||||||
|
|
||||||
# How the controller-manager, scheduler, and proxy find the apiserver
|
# How the controller-manager, scheduler, and proxy find the apiserver
|
||||||
KUBE_MASTER="--master=http://127.0.0.1:8080"
|
KUBE_MASTER="--master=http://127.0.0.1:8080"
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
ARG KUBE_VERSION=v1.13.0
|
ARG KUBE_VERSION=v1.13.0
|
||||||
|
ARG ADD_KUBE_ALLOW_PRIV=false
|
||||||
FROM gcr.io/google-containers/hyperkube-amd64:${KUBE_VERSION}
|
FROM gcr.io/google-containers/hyperkube-amd64:${KUBE_VERSION}
|
||||||
|
|
||||||
ENV container=docker
|
ENV container=docker
|
||||||
|
@ -14,6 +15,7 @@ LABEL bzcomponent="$NAME" \
|
||||||
|
|
||||||
COPY launch.sh /usr/bin/kubelet-docker.sh
|
COPY launch.sh /usr/bin/kubelet-docker.sh
|
||||||
COPY kubelet config /etc/kubernetes/
|
COPY kubelet config /etc/kubernetes/
|
||||||
|
RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
|
||||||
|
|
||||||
COPY manifest.json tmpfiles.template service.template config.json.template /exports/
|
COPY manifest.json tmpfiles.template service.template config.json.template /exports/
|
||||||
|
|
||||||
|
|
|
@ -15,8 +15,5 @@ KUBE_LOGTOSTDERR="--logtostderr=true"
|
||||||
# journal message level, 0 is debug
|
# journal message level, 0 is debug
|
||||||
KUBE_LOG_LEVEL="--v=0"
|
KUBE_LOG_LEVEL="--v=0"
|
||||||
|
|
||||||
# Should this cluster be allowed to run privileged docker containers
|
|
||||||
KUBE_ALLOW_PRIV="--allow-privileged=false"
|
|
||||||
|
|
||||||
# How the controller-manager, scheduler, and proxy find the apiserver
|
# How the controller-manager, scheduler, and proxy find the apiserver
|
||||||
KUBE_MASTER="--master=http://127.0.0.1:8080"
|
KUBE_MASTER="--master=http://127.0.0.1:8080"
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
ARG KUBE_VERSION=v1.13.0
|
ARG KUBE_VERSION=v1.13.0
|
||||||
|
ARG ADD_KUBE_ALLOW_PRIV=false
|
||||||
FROM gcr.io/google-containers/kube-proxy-amd64:${KUBE_VERSION}
|
FROM gcr.io/google-containers/kube-proxy-amd64:${KUBE_VERSION}
|
||||||
ENV container=docker
|
ENV container=docker
|
||||||
|
|
||||||
|
@ -16,6 +17,8 @@ COPY launch.sh /usr/bin/kube-proxy-docker.sh
|
||||||
COPY service.template config.json.template /exports/
|
COPY service.template config.json.template /exports/
|
||||||
|
|
||||||
COPY proxy config /etc/kubernetes/
|
COPY proxy config /etc/kubernetes/
|
||||||
|
RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
|
||||||
|
|
||||||
RUN mkdir -p /exports/hostfs/etc/kubernetes && \
|
RUN mkdir -p /exports/hostfs/etc/kubernetes && \
|
||||||
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
|
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
|
||||||
cp /etc/kubernetes/proxy /exports/hostfs/etc/kubernetes/
|
cp /etc/kubernetes/proxy /exports/hostfs/etc/kubernetes/
|
||||||
|
|
|
@ -15,8 +15,5 @@ KUBE_LOGTOSTDERR="--logtostderr=true"
|
||||||
# journal message level, 0 is debug
|
# journal message level, 0 is debug
|
||||||
KUBE_LOG_LEVEL="--v=0"
|
KUBE_LOG_LEVEL="--v=0"
|
||||||
|
|
||||||
# Should this cluster be allowed to run privileged docker containers
|
|
||||||
KUBE_ALLOW_PRIV="--allow-privileged=false"
|
|
||||||
|
|
||||||
# How the controller-manager, scheduler, and proxy find the apiserver
|
# How the controller-manager, scheduler, and proxy find the apiserver
|
||||||
KUBE_MASTER="--master=http://127.0.0.1:8080"
|
KUBE_MASTER="--master=http://127.0.0.1:8080"
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
ARG KUBE_VERSION=v1.13.0
|
ARG KUBE_VERSION=v1.13.0
|
||||||
|
ARG ADD_KUBE_ALLOW_PRIV=false
|
||||||
FROM gcr.io/google-containers/kube-scheduler-amd64:${KUBE_VERSION}
|
FROM gcr.io/google-containers/kube-scheduler-amd64:${KUBE_VERSION}
|
||||||
ENV container=docker
|
ENV container=docker
|
||||||
|
|
||||||
|
@ -16,6 +17,7 @@ COPY launch.sh /usr/bin/kube-scheduler-docker.sh
|
||||||
COPY service.template config.json.template /exports/
|
COPY service.template config.json.template /exports/
|
||||||
|
|
||||||
COPY scheduler config /etc/kubernetes/
|
COPY scheduler config /etc/kubernetes/
|
||||||
|
RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
|
||||||
RUN mkdir -p /exports/hostfs/etc/kubernetes && \
|
RUN mkdir -p /exports/hostfs/etc/kubernetes && \
|
||||||
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
|
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
|
||||||
cp /etc/kubernetes/scheduler /exports/hostfs/etc/kubernetes/
|
cp /etc/kubernetes/scheduler /exports/hostfs/etc/kubernetes/
|
||||||
|
|
|
@ -15,8 +15,5 @@ KUBE_LOGTOSTDERR="--logtostderr=true"
|
||||||
# journal message level, 0 is debug
|
# journal message level, 0 is debug
|
||||||
KUBE_LOG_LEVEL="--v=0"
|
KUBE_LOG_LEVEL="--v=0"
|
||||||
|
|
||||||
# Should this cluster be allowed to run privileged docker containers
|
|
||||||
KUBE_ALLOW_PRIV="--allow-privileged=false"
|
|
||||||
|
|
||||||
# How the controller-manager, scheduler, and proxy find the apiserver
|
# How the controller-manager, scheduler, and proxy find the apiserver
|
||||||
KUBE_MASTER="--master=http://127.0.0.1:8080"
|
KUBE_MASTER="--master=http://127.0.0.1:8080"
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
tag: "{{kubernetes_version_v1_11}}"
|
tag: "{{kubernetes_version_v1_11}}"
|
||||||
buildargs:
|
buildargs:
|
||||||
KUBE_VERSION: "{{kubernetes_version_v1_11}}"
|
KUBE_VERSION: "{{kubernetes_version_v1_11}}"
|
||||||
|
ADD_KUBE_ALLOW_PRIV: "true"
|
||||||
push: no
|
push: no
|
||||||
with_items: "{{ kubernetes_images }}"
|
with_items: "{{ kubernetes_images }}"
|
||||||
retries: 10
|
retries: 10
|
||||||
|
@ -35,6 +36,7 @@
|
||||||
tag: "{{kubernetes_version_v1_12}}"
|
tag: "{{kubernetes_version_v1_12}}"
|
||||||
buildargs:
|
buildargs:
|
||||||
KUBE_VERSION: "{{kubernetes_version_v1_12}}"
|
KUBE_VERSION: "{{kubernetes_version_v1_12}}"
|
||||||
|
ADD_KUBE_ALLOW_PRIV: "true"
|
||||||
push: no
|
push: no
|
||||||
with_items: "{{ kubernetes_images }}"
|
with_items: "{{ kubernetes_images }}"
|
||||||
retries: 10
|
retries: 10
|
||||||
|
@ -48,6 +50,7 @@
|
||||||
tag: "{{kubernetes_version_v1_13}}"
|
tag: "{{kubernetes_version_v1_13}}"
|
||||||
buildargs:
|
buildargs:
|
||||||
KUBE_VERSION: "{{kubernetes_version_v1_13}}"
|
KUBE_VERSION: "{{kubernetes_version_v1_13}}"
|
||||||
|
ADD_KUBE_ALLOW_PRIV: "true"
|
||||||
push: no
|
push: no
|
||||||
with_items: "{{ kubernetes_images }}"
|
with_items: "{{ kubernetes_images }}"
|
||||||
retries: 10
|
retries: 10
|
||||||
|
@ -61,6 +64,7 @@
|
||||||
tag: "{{kubernetes_version_v1_14}}"
|
tag: "{{kubernetes_version_v1_14}}"
|
||||||
buildargs:
|
buildargs:
|
||||||
KUBE_VERSION: "{{kubernetes_version_v1_14}}"
|
KUBE_VERSION: "{{kubernetes_version_v1_14}}"
|
||||||
|
ADD_KUBE_ALLOW_PRIV: "true"
|
||||||
push: no
|
push: no
|
||||||
with_items: "{{ kubernetes_images }}"
|
with_items: "{{ kubernetes_images }}"
|
||||||
retries: 10
|
retries: 10
|
||||||
|
|
Loading…
Reference in New Issue