@@ -16,6 +16,10 @@ ARG VERSION_CNI_PLUGINS=1.4.0
1616ARG VERSION_CRICTL=1.32.0
1717# https://github.com/kubernetes-sigs/kubespray/blob/8f4b7f9f5d9139e6a475286605730918a1ced65b/roles/kubespray-defaults/defaults/main/checksums.yml#L569
1818ARG VERSION_HELM=3.16.4
19+ # https://github.com/kubernetes-sigs/kubespray/blob/8f4b7f9f5d9139e6a475286605730918a1ced65b/roles/kubespray-defaults/defaults/main/checksums.yml#L911
20+ ARG VERSION_NERDCTL=2.0.3
21+ # https://github.com/containerd/nerdctl/blob/v2.0.3/Dockerfile#L26
22+ ARG VERSION_BUILDKIT=0.19.0
1923ARG VERSION_IMAGE_CONTAINERD=0.4.0
2024
2125# ================================
@@ -29,6 +33,10 @@ ARG URL_ARTIFACT_HELM=https://get.helm.sh/helm-v${VERSION_HELM}-linux-amd64.tar.
2933ARG URL_ARTIFACT_K8S_BIN=https://dl.k8s.io/release/v${VERSION_K8S}/bin/linux/amd64
3034ARG URL_ARTIFACT_K8S_RELEASE=https://raw.githubusercontent.com/kubernetes/release/v${VERSION_K8S_RELEASE}
3135ARG URL_ARTIFACT_CRICTL=https://github.com/kubernetes-sigs/cri-tools/releases/download/v${VERSION_CRICTL}/crictl-v${VERSION_CRICTL}-linux-amd64.tar.gz
36+ ARG URL_ARTIFACT_NERDCTL=https://github.com/containerd/nerdctl/releases/download/v${VERSION_NERDCTL}/nerdctl-${VERSION_NERDCTL}-linux-amd64.tar.gz
37+ ARG URL_ARTIFACT_BUILDKIT=https://github.com/moby/buildkit/releases/download/v${VERSION_BUILDKIT}/buildkit-v${VERSION_BUILDKIT}.linux-amd64.tar.gz
38+ ARG URL_RAW_NERDCTL=https://raw.githubusercontent.com/containerd/nerdctl/refs/tags/v${VERSION_NERDCTL}
39+ ARG URL_RAW_BUILDKIT=https://raw.githubusercontent.com/moby/buildkit/refs/tags/v${VERSION_BUILDKIT}
3240
3341FROM ${BASE_IMAGE} AS prerequisite
3442ARG URL_ARTIFACT_CNI
@@ -45,27 +53,49 @@ RUN echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/k8s.conf
4553 # sysctl --system
4654# cgroup driver: systemd is the default
4755
48- FROM prerequisite AS install_helm
56+ FROM prerequisite AS helm
4957ARG URL_ARTIFACT_HELM
5058ADD ${URL_ARTIFACT_HELM} /tmp/helm.tar.gz
5159RUN tar -C /tmp -xzvf /tmp/helm.tar.gz && \
5260 mv /tmp/linux-amd64/helm /usr/local/bin/helm && \
5361 rm -rf /tmp/linux-amd64 /tmp/helm.tar.gz
5462
55- FROM install_helm AS install_cni
63+ FROM helm AS cni
5664# install CNI plugins
5765ADD ${URL_ARTIFACT_CNI} /tmp/cni-plugins.tgz
5866RUN mkdir -p /opt/cni/bin && \
5967 tar Cxzvf /opt/cni/bin /tmp/cni-plugins.tgz && \
6068 rm /tmp/cni-plugins.tgz
6169
62- FROM install_cni AS install_crictl
70+ FROM cni AS crictl
6371ARG URL_ARTIFACT_CRICTL
6472ARG DIR_BIN
6573RUN curl -L ${URL_ARTIFACT_CRICTL} | tar -C ${DIR_BIN} -xz && \
6674 echo 'runtime-endpoint: unix:///var/run/containerd/containerd.sock' > /etc/crictl.yaml
6775
68- FROM install_crictl AS install_kube
76+ FROM crictl AS buildkit
77+ ARG URL_ARTIFACT_BUILDKIT
78+ ARG URL_RAW_NERDCTL
79+ ARG URL_RAW_BUILDKIT
80+ # install buildkit
81+ ADD ${URL_ARTIFACT_BUILDKIT} /tmp/buildkit.tar.gz
82+ RUN tar Cxzvvf /usr/local/ /tmp/buildkit.tar.gz \
83+ && rm /tmp/buildkit.tar.gz
84+ # enable containerd worker
85+ ADD ${URL_RAW_NERDCTL}/Dockerfile.d/etc_buildkit_buildkitd.toml /etc/buildkit/buildkitd.toml
86+ # config systemd
87+ ADD ${URL_RAW_BUILDKIT}/examples/systemd/system/buildkit.service /usr/local/lib/systemd/system/buildkit.service
88+ ADD ${URL_RAW_BUILDKIT}/examples/systemd/system/buildkit.socket /usr/local/lib/systemd/system/buildkit.socket
89+ RUN systemctl enable buildkit.service
90+
91+ FROM buildkit AS nerdctl
92+ ARG URL_ARTIFACT_NERDCTL
93+ # install nerdctl
94+ ADD ${URL_ARTIFACT_NERDCTL} /tmp/nerdctl.tar.gz
95+ RUN tar Cxzvvf /usr/local/bin /tmp/nerdctl.tar.gz \
96+ && rm /tmp/nerdctl.tar.gz
97+
98+ FROM nerdctl AS kube
6999ARG URL_ARTIFACT_K8S_BIN
70100ARG URL_ARTIFACT_K8S_RELEASE
71101ARG DIR_BIN
@@ -81,7 +111,7 @@ RUN set -ex && \
81111 curl -fL --show-error -o /etc/systemd/system/kubelet.service.d/10-kubeadm.conf \
82112 "${URL_ARTIFACT_K8S_RELEASE}/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf"
83113
84- FROM install_kube AS preflight
114+ FROM kube AS preflight
85115ARG VERSION_K8S
86116COPY --chmod=755 pull.sh /tmp/
87117RUN --security=insecure /tmp/pull.sh
0 commit comments