github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #42090 from timstclair/kube-proxy 

Automatic merge from submit-queue (batch tested with PRs 41921, 41695, 42139, 42090, 41949)

Rebase kube-proxy and debian-iptables on debian-base

**What this PR does / why we need it**:

Slimmer images are generally preferred, but it's a minor optimization. The larger advantage to this change is the reduced attack surface from removing unnecessary packages, and easier maintenance from sharing a common base image.

Size comparison:
```
gcr.io/google-containers/debian-iptables-amd64:v6         127.9 MB
gcr.io/google-containers/debian-iptables-amd64:v7          45.1 MB
```

**Which issue this PR fixes** https://github.com/kubernetes/kubernetes/issues/40248

**Special notes for your reviewer**:
Tested by deploying to a private test cluster and running the e2es. This will fail the jenkins builds until I push the `gcr.io/google-containers/debian-iptables-amd64:v7` image, which I will do once I have an LGTM.

**Release note**:
```release-note
Clean up the kube-proxy container image by removing unnecessary packages and files.
```

/cc @luxas @ixdy
pull/6/head
Kubernetes Submit Queue 2017-03-01 04:10:06 -08:00 committed by GitHub
parent f68c824f95 8a5314fb6d
commit d1f9921449
3 changed files with 13 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
build/common.sh
View File

@ -85,7 +85,7 @@ readonly KUBE_CONTAINER_RSYNC_PORT=8730
# #
# $1 - server architecture # $1 - server architecture
kube::build::get_docker_wrapped_binaries() { kube::build::get_docker_wrapped_binaries() {
debian_iptables_version=v6 debian_iptables_version=v7
case $1 in case $1 in
"amd64") "amd64")
local targets=( local targets=(
@ -93,7 +93,7 @@ kube::build::get_docker_wrapped_binaries() {
kube-controller-manager,busybox kube-controller-manager,busybox
kube-scheduler,busybox kube-scheduler,busybox
kube-aggregator,busybox kube-aggregator,busybox
kube-proxy,gcr.io/google_containers/debian-iptables-amd64:${debian_iptables_version} kube-proxy,gcr.io/google-containers/debian-iptables-amd64:${debian_iptables_version}
);; );;
"arm") "arm")
local targets=( local targets=(
@ -101,7 +101,7 @@ kube::build::get_docker_wrapped_binaries() {
kube-controller-manager,armel/busybox kube-controller-manager,armel/busybox
kube-scheduler,armel/busybox kube-scheduler,armel/busybox
kube-aggregator,armel/busybox kube-aggregator,armel/busybox
kube-proxy,gcr.io/google_containers/debian-iptables-arm:${debian_iptables_version} kube-proxy,gcr.io/google-containers/debian-iptables-arm:${debian_iptables_version}
);; );;
"arm64") "arm64")
local targets=( local targets=(
@ -109,7 +109,7 @@ kube::build::get_docker_wrapped_binaries() {
kube-controller-manager,aarch64/busybox kube-controller-manager,aarch64/busybox
kube-scheduler,aarch64/busybox kube-scheduler,aarch64/busybox
kube-aggregator,aarch64/busybox kube-aggregator,aarch64/busybox
kube-proxy,gcr.io/google_containers/debian-iptables-arm64:${debian_iptables_version} kube-proxy,gcr.io/google-containers/debian-iptables-arm64:${debian_iptables_version}
);; );;
"ppc64le") "ppc64le")
local targets=( local targets=(
@ -117,7 +117,7 @@ kube::build::get_docker_wrapped_binaries() {
kube-controller-manager,ppc64le/busybox kube-controller-manager,ppc64le/busybox
kube-scheduler,ppc64le/busybox kube-scheduler,ppc64le/busybox
kube-aggregator,ppc64le/busybox kube-aggregator,ppc64le/busybox
kube-proxy,gcr.io/google_containers/debian-iptables-ppc64le:${debian_iptables_version} kube-proxy,gcr.io/google-containers/debian-iptables-ppc64le:${debian_iptables_version}
);; );;
"s390x") "s390x")
local targets=( local targets=(
@ -125,7 +125,7 @@ kube::build::get_docker_wrapped_binaries() {
kube-controller-manager,s390x/busybox kube-controller-manager,s390x/busybox
kube-scheduler,s390x/busybox kube-scheduler,s390x/busybox
kube-aggregator,s390x/busybox kube-aggregator,s390x/busybox
kube-proxy,gcr.io/google_containers/debian-iptables-s390x:${debian_iptables_version} kube-proxy,gcr.io/google-containers/debian-iptables-s390x:${debian_iptables_version}
);; );;
esac esac

8
build/debian-iptables/Dockerfile
View File

@ -18,11 +18,7 @@ FROM BASEIMAGE
# If we're building normally, for amd64, CROSS_BUILD lines are removed # If we're building normally, for amd64, CROSS_BUILD lines are removed
CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/ CROSS_BUILD_COPY qemu-ARCH-static /usr/bin/
# All apt-get's must be in one run command or the RUN clean-install \
# cleanup has no effect.
RUN DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y \
iptables \ iptables \
ebtables \ ebtables \
conntrack \ conntrack
&& rm -rf /var/lib/apt/lists/*

13
build/debian-iptables/Makefile
View File

@ -14,33 +14,28 @@
.PHONY: build push .PHONY: build push
REGISTRY?="gcr.io/google_containers" REGISTRY?="gcr.io/google-containers"
IMAGE=debian-iptables IMAGE=debian-iptables
TAG=v6 TAG=v7
ARCH?=amd64 ARCH?=amd64
TEMP_DIR:=$(shell mktemp -d) TEMP_DIR:=$(shell mktemp -d)
QEMUVERSION=v2.7.0 QEMUVERSION=v2.7.0
ifeq ($(ARCH),amd64)
BASEIMAGE?=debian:jessie
endif
ifeq ($(ARCH),arm) ifeq ($(ARCH),arm)
BASEIMAGE?=armhf/debian:jessie
QEMUARCH=arm QEMUARCH=arm
endif endif
ifeq ($(ARCH),arm64) ifeq ($(ARCH),arm64)
BASEIMAGE?=aarch64/debian:jessie
QEMUARCH=aarch64 QEMUARCH=aarch64
endif endif
ifeq ($(ARCH),ppc64le) ifeq ($(ARCH),ppc64le)
BASEIMAGE?=ppc64le/debian:jessie
QEMUARCH=ppc64le QEMUARCH=ppc64le
endif endif
ifeq ($(ARCH),s390x) ifeq ($(ARCH),s390x)
BASEIMAGE?=s390x/debian:jessie
QEMUARCH=s390x QEMUARCH=s390x
endif endif
BASEIMAGE=gcr.io/google-containers/debian-base-$(ARCH):0.1
build: build:
cp ./* $(TEMP_DIR) cp ./* $(TEMP_DIR)
cd $(TEMP_DIR) && sed -i "s|BASEIMAGE|$(BASEIMAGE)|g" Dockerfile cd $(TEMP_DIR) && sed -i "s|BASEIMAGE|$(BASEIMAGE)|g" Dockerfile