github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
Files
39bac0dbefacbe79ad519de0ab7a27c4e39e6db7
containerd/contrib/Dockerfile.test
Akihiro Suda 52f82acb7b btrfs: depend on kernel UAPI instead of libbtrfs 
See containerd/btrfs PR 40 and moby/moby PR 44761. (Thanks to [@]neersighted.)

The containerd/btrfs library now requires headers from kernel 4.12 or newer:
- https://github.com/torvalds/linux/blob/master/include/uapi/linux/btrfs.h
- https://github.com/torvalds/linux/blob/master/include/uapi/linux/btrfs_tree.h

These files are licensed under the GPL-2.0 WITH Linux-syscall-note, so it should be compatible with the Apache License 2.0.
https://spdx.org/licenses/Linux-syscall-note.html

The dependency on the kernel headers only affects users building from source.
Users on older kernels may opt to not compile this library (`BUILDTAGS=no_btfs`),
or to provide headers from a newer kernel.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-02-10 10:07:34 +09:00

144 lines
6.1 KiB
Docker
Raw Blame History

# This dockerfile is used to test containerd within a container
#
# usage:
# 1.) docker build -t containerd-test -f Dockerfile.test ../
# 2.) docker run -it --privileged -v /tmp:/tmp --tmpfs /var/lib/containerd-test containerd-test bash
# 3.) $ make binaries install test
#
# Use the RUNC_VERSION build-arg to build with a custom version of runc, for example,
# to build runc v1.0.0-rc94, use:
#
# docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc94 -f Dockerfile.test ../
# ------------------------------------------------------------------------------
# Public stages:
# "integration": for running integration tests:
# docker build -t containerd-test -f Dockerfile.test --target integration ../
# docker run --privileged containerd-test
#
# "cri-integration": for running cri-integration tests:
# docker build -t containerd-test -f Dockerfile.test --target cri-integration ../
# docker run --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 containerd-test
#
# "critest: for running critest:
# docker build -t containerd-test -f Dockerfile.test --target critest ../
# docker run --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 containerd-test
#
# "cri-in-userns": for running critest with "CRI-in-UserNS" mode; needs Rootless Docker/Podman/nerdctl:
# docker build -t containerd-test -f Dockerfile.test --target cri-in-userns ../
# docker run --privileged containerd-test
# ------------------------------------------------------------------------------
ARG GOLANG_VERSION=1.19.5
ARG GOLANG_IMAGE=golang
FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang
# Install runc
FROM golang AS runc
RUN apt-get update && apt-get install -y --no-install-recommends \
libseccomp-dev \
&& rm -rf /var/lib/apt/lists/*
COPY script/setup/runc-version script/setup/install-runc ./
# Allow overriding the version of runc to install through build-args
ARG RUNC_VERSION
ARG GOPROXY=direct
ARG DESTDIR=/build
RUN ./install-runc
FROM golang AS build-env
RUN apt-get update && apt-get install -y --no-install-recommends \
btrfs-progs \
libseccomp-dev \
xfsprogs \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p /go/src/github.com/containerd/containerd
WORKDIR /go/src/github.com/containerd/containerd
FROM golang AS cni
ENV DESTDIR=/build
COPY script/setup/install-cni go.mod /
RUN DESTDIR=/build /install-cni
FROM golang AS critools
ARG DESTDIR=/build
COPY script/setup/install-critools script/setup/critools-version ./
RUN GOBIN=$DESTDIR/usr/local/bin ./install-critools
# integration stage is for running integration tests.
FROM build-env AS integration
RUN apt-get update && apt-get install -y --no-install-recommends \
lsof \
&& rm -rf /var/lib/apt/lists/*
COPY --from=runc /build/ /
COPY contrib/Dockerfile.test.d/docker-entrypoint.sh /docker-entrypoint.sh
COPY . .
RUN make BUILDTAGS="no_btrfs no_devmapper" binaries install
VOLUME /tmp
# TestMain wants to unlink /var/lib/containerd-test, so the entire /var/lib has to be volumified.
VOLUME /var/lib
# The entrypoint script is needed for nesting cgroup v2.
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["make", "integration"]
# cri-integration stage is for running cri-integration tests.
FROM integration AS cri-integration
RUN apt-get update && apt-get install -y --no-install-recommends \
sudo iptables \
&& rm -rf /var/lib/apt/lists/*
COPY --from=cni /build/ /
COPY --from=critools /build/ /
RUN make BUILDTAGS="no_btrfs no_devmapper" bin/cri-integration.test
# install-failpoint-binaries cannot be easily executed in a substage as it does not support custom DESTDIR.
RUN ./script/setup/install-failpoint-binaries
# The test scripts need these env vars to be explicitly set
ENV GITHUB_WORKSPACE=""
ENV ENABLE_CRI_SANDBOXES=""
ENV CONTAINERD_RUNTIME="io.containerd.runc.v2"
CMD ["make", "cri-integration"]
# critest stage is for running critest.
FROM cri-integration AS critest
# critest wants to create mounts under this directory, so it has to be volumified.
VOLUME /go/src/github.com/containerd/containerd
ENV TEST_RUNTIME="io.containerd.runc.v2"
CMD ["script/critest.sh", "/tmp"]
# cri-in-userns stage is for testing "CRI-in-UserNS", which should be used in conjunction with
# "Kubelet-in-UserNS": https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless
# This feature is mostly expected to be used for `kind` and `minikube`.
#
# Requires Rootless Docker/Podman/nerdctl with cgroup v2 delegation: https://rootlesscontaine.rs/getting-started/common/cgroup2/
# (Rootless Docker/Podman/nerdctl prepares the UserNS, so we do not need to create UserNS by ourselves)
FROM critest AS cri-in-userns
COPY contrib/Dockerfile.test.d/cri-in-userns/etc_containerd_config.toml /etc/containerd/config.toml
COPY contrib/Dockerfile.test.d/cri-in-userns/docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
# Skip "runtime should support unsafe sysctls": `container init caused: write sysctl key fs.mqueue.msg_max: open /proc/sys/fs/mqueue/msg_max: permission denied`
# Skip "runtime should support safe sysctls": `container init caused: write sysctl key kernel.shm_rmid_forced: open /proc/sys/kernel/shm_rmid_forced: permission denied`
# Skip "should allow privilege escalation when (NoNewPrivis is) false": expected log "Effective uid: 0\n" (stream="stdout") not found in logs [{timestamp:{wall:974487519 ext:63761339984 loc:<nil>} stream:stdout log:Effective uid: 1000) }]
CMD ["critest", "--ginkgo.skip=should support unsafe sysctls|should support safe sysctls|should allow privilege escalation when false"]
# Install proto3
FROM golang AS proto3
ARG DESTDIR=/build
RUN apt-get update && apt-get install -y --no-install-recommends \
autoconf \
automake \
g++ \
libtool \
unzip \
&& rm -rf /var/lib/apt/lists/*
COPY script/setup/install-protobuf install-protobuf
RUN ./install-protobuf \
&& mkdir -p $DESTDIR/usr/local/bin $DESTDIR/usr/local/include \
&& mv /usr/local/bin/protoc $DESTDIR/usr/local/bin/protoc \
&& mv /usr/local/include/google $DESTDIR/usr/local/include/google
FROM build-env AS dev
COPY --from=proto3 /build/ /
COPY --from=runc /build/ /
COPY . .
Reference in New Issue View Git Blame Copy Permalink