Skip to content

Commit

Permalink
Provide Dockerfile target for pre-cached vm & vm-rootless (#122)
Browse files Browse the repository at this point in the history
  • Loading branch information
elpdt852 authored Feb 18, 2024
1 parent 65aaafe commit 5ee3dc3
Show file tree
Hide file tree
Showing 3 changed files with 112 additions and 87 deletions.
106 changes: 21 additions & 85 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,85 +1,21 @@
# Copyright The containerd Authors.

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

# http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

ARG CONTAINERD_VERSION=feature/mount-subdirectory
ARG CRI_TOOLS_VERSION=1.26.0
ARG NIX_VERSION=2.12.0

# Legacy builder that doesn't support TARGETARCH should set this explicitly using --build-arg.
# If TARGETARCH isn't supported by the builder, the default value is "amd64".

FROM golang:1.19.4-bullseye AS golang-base

# Build containerd
FROM golang-base AS containerd-dev
ARG CONTAINERD_VERSION
RUN apt-get update -y && apt-get install -y libbtrfs-dev libseccomp-dev && \
git clone -b ${CONTAINERD_VERSION} --depth 1 \
https://github.com/hinshun/containerd $GOPATH/src/github.com/containerd/containerd && \
cd $GOPATH/src/github.com/containerd/containerd && \
make && DESTDIR=/out/ PREFIX= make install

# Build cri-tools
FROM golang-base AS cri-tools-dev
ARG CRI_TOOLS_VERSION
RUN git clone -b v${CRI_TOOLS_VERSION} --depth 1 \
https://github.com/kubernetes-sigs/cri-tools $GOPATH/src/github.com/kubernetes-sigs/cri-tools && \
cd $GOPATH/src/github.com/kubernetes-sigs/cri-tools && \
make && DESTDIR=/out/ BINDIR= make install

# Build nix snapshotter
FROM golang-base AS snapshotter-dev
ARG TARGETARCH
ARG GOARM
ARG SNAPSHOTTER_BUILD_FLAGS
ARG CTR_REMOTE_BUILD_FLAGS
COPY . $GOPATH/src/github.com/pdtpartners/nix-snapshotter
RUN cd $GOPATH/src/github.com/pdtpartners/nix-snapshotter && \
PREFIX=/out/ GOARCH=${TARGETARCH:-amd64} GO_BUILD_FLAGS=${SNAPSHOTTER_BUILD_FLAGS} make nix-snapshotter

# Build kind node with nix
FROM kindest/node:v1.26.0 AS kind-nix
ARG NIX_VERSION
RUN apt-get update -y && apt-get install -y xz-utils \
&& curl -fLO https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-$(uname -m)-linux.tar.xz \
&& tar xf nix-${NIX_VERSION}-$(uname -m)-linux.tar.xz \
&& addgroup --system --gid 30000 nixbld \
&& for i in $(seq 1 10); do useradd -c "Nix build user $i" \
-d /var/empty -u $((30000 + i)) -g nixbld -G nixbld \
-M -N -r -s "$(which nologin)" \
nixbld$i; done \
&& mkdir -m 0755 /etc/nix \
&& echo 'experimental-features = nix-command flakes' > /etc/nix/nix.conf \
&& mkdir -m 0755 /nix && USER=root sh nix-${NIX_VERSION}-$(uname -m)-linux/install \
&& ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \
&& rm -r /nix-${NIX_VERSION}-$(uname -m)-linux* \
&& /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \
&& /nix/var/nix/profiles/default/bin/nix-store --optimise \
&& /nix/var/nix/profiles/default/bin/nix-store --verify --check-contents
ENV \
ENV=/etc/profile \
USER=root \
PATH=/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
NIX_PATH=/nix/var/nix/profiles/per-user/root/channels

# Image which can be used as a node image for KinD
FROM kind-nix
COPY --from=containerd-dev /out/bin/containerd /out/bin/containerd-shim-runc-v2 /usr/local/bin/
COPY --from=cri-tools-dev /out/* /usr/local/bin/
COPY --from=snapshotter-dev /out/* /usr/local/bin/
COPY ./script/kind/ /
RUN systemctl enable nix-snapshotter
ENTRYPOINT [ "/usr/local/bin/kind-entrypoint.sh", "/usr/local/bin/entrypoint", "/sbin/init" ]
ARG FLAKE_REF=github:pdtpartners/nix-snapshotter
FROM nixpkgs/nix-flakes AS nix

FROM nix AS base
RUN nix build "$FLAKE_REF#k3s"
RUN nix build "$FLAKE_REF#containerd"
RUN nix build "$FLAKE_REF#nix-snapshotter"

FROM base AS vm
RUN nix build \
--out-link /vm \
"#nixosConfigurations.vm.config.system.build.vm"
RUN nix build \
--out-link /vm-rootless \
"$FLAKE_REF#nixosConfigurations.vm-rootless.config.system.build.vm"

FROM vm AS rootful
ENTRYPOINT [ "/vm/bin/run-nixos-vm" ]

FROM vm AS rootless
ENTRYPOINT [ "/vm-rootless/bin/run-nixos-vm" ]
85 changes: 85 additions & 0 deletions Dockerfile.kind
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

ARG CONTAINERD_VERSION=feature/mount-subdirectory
ARG CRI_TOOLS_VERSION=1.26.0
ARG NIX_VERSION=2.12.0

# Legacy builder that doesn't support TARGETARCH should set this explicitly using --build-arg.
# If TARGETARCH isn't supported by the builder, the default value is "amd64".

FROM golang:1.19.4-bullseye AS golang-base

# Build containerd
FROM golang-base AS containerd-dev
ARG CONTAINERD_VERSION
RUN apt-get update -y && apt-get install -y libbtrfs-dev libseccomp-dev && \
git clone -b ${CONTAINERD_VERSION} --depth 1 \
https://github.com/hinshun/containerd $GOPATH/src/github.com/containerd/containerd && \
cd $GOPATH/src/github.com/containerd/containerd && \
make && DESTDIR=/out/ PREFIX= make install

# Build cri-tools
FROM golang-base AS cri-tools-dev
ARG CRI_TOOLS_VERSION
RUN git clone -b v${CRI_TOOLS_VERSION} --depth 1 \
https://github.com/kubernetes-sigs/cri-tools $GOPATH/src/github.com/kubernetes-sigs/cri-tools && \
cd $GOPATH/src/github.com/kubernetes-sigs/cri-tools && \
make && DESTDIR=/out/ BINDIR= make install

# Build nix snapshotter
FROM golang-base AS snapshotter-dev
ARG TARGETARCH
ARG GOARM
ARG SNAPSHOTTER_BUILD_FLAGS
ARG CTR_REMOTE_BUILD_FLAGS
COPY . $GOPATH/src/github.com/pdtpartners/nix-snapshotter
RUN cd $GOPATH/src/github.com/pdtpartners/nix-snapshotter && \
PREFIX=/out/ GOARCH=${TARGETARCH:-amd64} GO_BUILD_FLAGS=${SNAPSHOTTER_BUILD_FLAGS} make nix-snapshotter

# Build kind node with nix
FROM kindest/node:v1.26.0 AS kind-nix
ARG NIX_VERSION
RUN apt-get update -y && apt-get install -y xz-utils \
&& curl -fLO https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-$(uname -m)-linux.tar.xz \
&& tar xf nix-${NIX_VERSION}-$(uname -m)-linux.tar.xz \
&& addgroup --system --gid 30000 nixbld \
&& for i in $(seq 1 10); do useradd -c "Nix build user $i" \
-d /var/empty -u $((30000 + i)) -g nixbld -G nixbld \
-M -N -r -s "$(which nologin)" \
nixbld$i; done \
&& mkdir -m 0755 /etc/nix \
&& echo 'experimental-features = nix-command flakes' > /etc/nix/nix.conf \
&& mkdir -m 0755 /nix && USER=root sh nix-${NIX_VERSION}-$(uname -m)-linux/install \
&& ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \
&& rm -r /nix-${NIX_VERSION}-$(uname -m)-linux* \
&& /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \
&& /nix/var/nix/profiles/default/bin/nix-store --optimise \
&& /nix/var/nix/profiles/default/bin/nix-store --verify --check-contents
ENV \
ENV=/etc/profile \
USER=root \
PATH=/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
NIX_PATH=/nix/var/nix/profiles/per-user/root/channels

# Image which can be used as a node image for KinD
FROM kind-nix
COPY --from=containerd-dev /out/bin/containerd /out/bin/containerd-shim-runc-v2 /usr/local/bin/
COPY --from=cri-tools-dev /out/* /usr/local/bin/
COPY --from=snapshotter-dev /out/* /usr/local/bin/
COPY ./script/kind/ /
RUN systemctl enable nix-snapshotter
ENTRYPOINT [ "/usr/local/bin/kind-entrypoint.sh", "/usr/local/bin/entrypoint", "/sbin/init" ]
8 changes: 6 additions & 2 deletions modules/flake/packages.nix
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
{ lib, ... }:
{
perSystem = { pkgs, ... }: {
packages = rec {
inherit (pkgs) nix-snapshotter;
inherit (pkgs)
containerd
k3s
nix-snapshotter
;

default = nix-snapshotter;
};

Expand Down

0 comments on commit 5ee3dc3

Please sign in to comment.