-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
82 lines (74 loc) · 3.63 KB
/
Dockerfile
File metadata and controls
82 lines (74 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# =====================================================================
# blockchain-node-benchmark/collector — K8s DaemonSet image
# =====================================================================
# v1.4.6 Step B-2: production-grade image for `deploy/k8s/04-daemonset.yaml`.
#
# Design:
# - Pure-stdlib monitoring stack (verified by ast.walk of cgroup_collector.py,
# pod_device_mapper.py, kubelet_stats_client.py, k8s_api_client.py —
# zero third-party PyPI deps). So we use python:3.11-slim with NO pip install.
# - Multi-arch capable (linux/amd64 + linux/arm64) — Docker BuildKit picks
# base automatically. Override with --platform if needed.
# - Read-only root filesystem compatible. /opt/blockchain-bench is mounted
# ro by the DaemonSet (config in 04-daemonset.yaml securityContext).
# - No CMD baked — the DaemonSet sets the command per pod (cgroup_collector
# vs monitoring_coordinator s5_diag etc.). Image is a "binary host", not
# a "service entry point".
#
# Build (local kind):
# docker build -t blockchain-node-benchmark/collector:v1.3 .
# kind load docker-image blockchain-node-benchmark/collector:v1.3
#
# Build (GAR push):
# IMAGE=us-central1-docker.pkg.dev/PROJECT/REPO/collector:v1.3
# docker build -t "$IMAGE" .
# docker push "$IMAGE"
# =====================================================================
FROM python:3.11-slim
# Image labels for provenance (Kubernetes/GAR tooling reads these)
LABEL org.opencontainers.image.title="blockchain-node-benchmark/collector"
LABEL org.opencontainers.image.description="DaemonSet collector for cgroup + K8s pod monitoring"
LABEL org.opencontainers.image.source="https://github.com/StayHungryStayFoolish/blockchain-node-benchmark"
LABEL org.opencontainers.image.licenses="Apache-2.0"
# bash needed for monitoring_coordinator.sh and the test scripts.
# curl useful for liveness probes / debugging from inside pod.
# tini for proper PID 1 signal handling (DaemonSet pods get SIGTERM
# on rolling update; without tini the python child orphans).
RUN apt-get update && apt-get install -y --no-install-recommends \
bash \
curl \
tini \
ca-certificates \
jq \
bc \
gawk \
sysstat \
net-tools \
netcat-openbsd \
ethtool \
procps \
iproute2 \
coreutils \
&& rm -rf /var/lib/apt/lists/*
# Copy the entire repo to /opt/blockchain-bench. The DaemonSet mounts this
# read-only, then bind-mounts host /proc /sys /dev under /host/* per
# 04-daemonset.yaml convention.
WORKDIR /opt/blockchain-bench
COPY . /opt/blockchain-bench/
# Make all .sh scripts executable (git might lose the +x bit on Windows
# checkouts; defensive chmod).
RUN find /opt/blockchain-bench -name '*.sh' -exec chmod +x {} \;
# Default PYTHONPATH so cross-file imports work (kubelet_stats_client
# imports k8s_api_client as a sibling module).
ENV PYTHONPATH=/opt/blockchain-bench/monitoring:/opt/blockchain-bench
ENV PYTHONUNBUFFERED=1
# Health-check command — verify the collector can at least print the
# cgroup header (no IO, no privileges needed). Pod readiness probe in
# 04-daemonset.yaml uses --data which IS privileged; this is for local
# `docker run` smoke tests.
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
CMD python3 /opt/blockchain-bench/monitoring/cgroup_collector.py --header > /dev/null
# tini is PID 1; the DaemonSet template's `command:` becomes tini's argv[1+].
ENTRYPOINT ["/usr/bin/tini", "--"]
# Default CMD just verifies the image works; real DaemonSet overrides this.
CMD ["python3", "/opt/blockchain-bench/monitoring/cgroup_collector.py", "--header"]