diff --git a/build/BUILD b/build/BUILD index 8d848161d7..0420d83346 100644 --- a/build/BUILD +++ b/build/BUILD @@ -1,6 +1,7 @@ package(default_visibility = ["//visibility:public"]) load("@io_bazel_rules_docker//docker:docker.bzl", "docker_build", "docker_bundle") +load("@io_bazel_rules_docker//container:container.bzl", "container_image") load("@io_kubernetes_build//defs:build.bzl", "release_filegroup") filegroup( @@ -21,23 +22,32 @@ filegroup( tags = ["automanaged"], ) +# ensure /etc/nsswitch.conf exists so go's resolver respects /etc/hosts +container_image( + name = "busybox-with-nsswitch", + base = "@official_busybox//image", + directory = "/etc", + files = ["nsswitch.conf"], + mode = "0644", +) + # This list should roughly match kube::build::get_docker_wrapped_binaries() # in build/common.sh. DOCKERIZED_BINARIES = { "cloud-controller-manager": { - "base": "@official_busybox//image", + "base": ":busybox-with-nsswitch", "target": "//cmd/cloud-controller-manager:cloud-controller-manager", }, "kube-apiserver": { - "base": "@official_busybox//image", + "base": ":busybox-with-nsswitch", "target": "//cmd/kube-apiserver:kube-apiserver", }, "kube-controller-manager": { - "base": "@official_busybox//image", + "base": ":busybox-with-nsswitch", "target": "//cmd/kube-controller-manager:kube-controller-manager", }, "kube-scheduler": { - "base": "@official_busybox//image", + "base": ":busybox-with-nsswitch", "target": "//cmd/kube-scheduler:kube-scheduler", }, "kube-proxy": { diff --git a/build/lib/release.sh b/build/lib/release.sh index 1275e6e1d9..3e2d6ae501 100644 --- a/build/lib/release.sh +++ b/build/lib/release.sh @@ -355,8 +355,16 @@ function kube::release::create_docker_images_for_server() { rm -rf "${docker_build_path}" mkdir -p "${docker_build_path}" ln "${binary_dir}/${binary_name}" "${docker_build_path}/${binary_name}" - printf " FROM ${base_image} \n ADD ${binary_name} /usr/local/bin/${binary_name}\n" > "${docker_file_path}" - + ln "${KUBE_ROOT}/build/nsswitch.conf" "${docker_build_path}/nsswitch.conf" + chmod 0644 "${docker_build_path}/nsswitch.conf" + cat < "${docker_file_path}" +FROM ${base_image} +COPY ${binary_name} /usr/local/bin/${binary_name} +EOF + # ensure /etc/nsswitch.conf exists so go's resolver respects /etc/hosts + if [[ "${base_image}" =~ busybox ]]; then + echo "COPY nsswitch.conf /etc/" >> "${docker_file_path}" + fi "${DOCKER[@]}" build --pull -q -t "${docker_image_tag}" "${docker_build_path}" >/dev/null "${DOCKER[@]}" tag "${docker_image_tag}" "${deprecated_image_tag}" >/dev/null "${DOCKER[@]}" save "${docker_image_tag}" "${deprecated_image_tag}" > "${binary_dir}/${binary_name}.tar" diff --git a/build/nsswitch.conf b/build/nsswitch.conf new file mode 100644 index 0000000000..997b2ed005 --- /dev/null +++ b/build/nsswitch.conf @@ -0,0 +1,2 @@ +# ensure go's non-cgo resolver respects /etc/hosts +hosts: files dns