Add load into containerd for image Make

weaveworks · Jun 2, 2020 · 83ae8f5 · 83ae8f5
1 parent 802e4fc
commit 83ae8f5
Show file tree

Hide file tree

Showing 2 changed files with 90 additions and 10 deletions.
diff --git a/images/Makefile b/images/Makefile
@@ -1,3 +1,30 @@
+SHELL:=/bin/bash
+# Set the command for running `docker`
+# -- allows user to override for things like sudo usage or container images 
+DOCKER := docker
+# Set the first containerd.sock that successfully stats -- fallback to the docker4mac default
+CONTAINERD_SOCK := $(shell \
+	$(DOCKER) run -i --rm \
+		-v /run:/run:ro \
+		-v /var/run:/var/run:ro \
+		busybox:latest \
+		ls 2>/dev/null \
+		/run/containerd/containerd.sock \
+		/run/docker/containerd/containerd.sock \
+		/var/run/containerd/containerd.sock \
+		/var/run/docker/containerd/containerd.sock \
+		| head -n1 \
+		|| echo \
+			/var/run/docker/containerd/containerd.sock \
+	)
+# Set the command for running `ctr`
+# Use root inside a container with the host containerd socket
+# This is a form of privilege escalation that avoids interactive sudo during make
+CTR := $(DOCKER) run -i --rm \
+		-v $(CONTAINERD_SOCK):/run/containerd/containerd.sock \
+		linuxkit/containerd:751de142273e1b5d2d247d2832d654ab92e907bc \
+		ctr
+
 # WHAT specifies the OS image to build
 WHAT?=
 IS_LATEST?=
@@ -30,7 +57,10 @@ DOCKERARCH=arm64v8
 QEMUARCH=aarch64
 endif
 
-all: build
+
+all: build-all
+
+
 build:
 ifeq ($(WHAT),)
 	$(error WHAT is a required argument)
@@ -39,7 +69,7 @@ endif
 
 ifeq ($(IS_MANIFEST_LIST),0)
 	sed "s|DOCKERARCH|$(DOCKERARCH)|g;/QEMUARCH/d" ${WHAT}/Dockerfile \
-		| docker build \
+		| $(DOCKER) build \
 			--build-arg RELEASE \
 			--build-arg BINARY_REF \
 			--build-arg GOARCH \
@@ -48,7 +78,7 @@ ifeq ($(IS_MANIFEST_LIST),0)
 			${WHAT}
 else
 	# Register /usr/bin/qemu-ARCH-static as the handler for non-x86 binaries in the kernel
-	docker run --rm --privileged multiarch/qemu-user-static:register --reset
+	$(DOCKER) run --rm --privileged multiarch/qemu-user-static:register --reset
 	cp -a ${WHAT}/. $(BUILD_TMPDIR)/
 	sed "s|QEMUARCH|$(QEMUARCH)|g;s|DOCKERARCH|$(DOCKERARCH)|g" ${WHAT}/Dockerfile > $(BUILD_TMPDIR)/Dockerfile
 
@@ -59,7 +89,7 @@ else
 	cp ../bin/$(GOARCH)/qemu-$(QEMUARCH)-static $(BUILD_TMPDIR)
 endif
 
-	docker build \
+	$(DOCKER) build \
 		--build-arg RELEASE \
 		--build-arg BINARY_REF \
 		--build-arg GOARCH \
@@ -68,17 +98,29 @@ endif
 	find $(BUILD_TMPDIR)/ -mindepth 1 -delete
 endif
 
-	docker tag $(FULL_IMAGE_NAME)$(ARCH_TAG) $(RELEASE_IMAGE_NAME)$(ARCH_TAG)
+	$(DOCKER) tag $(FULL_IMAGE_NAME)$(ARCH_TAG) $(RELEASE_IMAGE_NAME)$(ARCH_TAG)
 ifeq ($(IS_LATEST),true)
-	docker tag $(FULL_IMAGE_NAME)$(ARCH_TAG) $(LATEST_IMAGE_NAME)$(ARCH_TAG)
+	$(DOCKER) tag $(FULL_IMAGE_NAME)$(ARCH_TAG) $(LATEST_IMAGE_NAME)$(ARCH_TAG)
 endif
 
+
+ctr-import:
+	$(DOCKER) image save $(FULL_IMAGE_NAME)$(ARCH_TAG) \
+		| $(CTR) -n firecracker image import -
+	$(DOCKER) image save $(RELEASE_IMAGE_NAME)$(ARCH_TAG) \
+		| $(CTR) -n firecracker image import -
+ifeq ($(IS_LATEST),true)
+	$(DOCKER) image save $(LATEST_IMAGE_NAME)$(ARCH_TAG) \
+		| $(CTR) -n firecracker image import -
+endif
+
+
 push:
 ifeq ($(IS_MANIFEST_LIST),0)
-	docker push $(FULL_IMAGE_NAME)
-	docker push $(RELEASE_IMAGE_NAME)
+	$(DOCKER) push $(FULL_IMAGE_NAME)
+	$(DOCKER) push $(RELEASE_IMAGE_NAME)
 ifeq ($(IS_LATEST),true)
-	docker push $(LATEST_IMAGE_NAME)
+	$(DOCKER) push $(LATEST_IMAGE_NAME)
 endif
 else
 ifeq ($(GOARCH),amd64)
@@ -90,9 +132,15 @@ endif
 endif
 endif
 
+
+ctr-import-all:
+	$(MAKE) OP=ctr-import build-all
+
+
 push-all: build-all
 	$(MAKE) OP=push build-all
 
+
 build-all:
 	$(MAKE) ${OP} WHAT=amazon-kernel
 	$(MAKE) ${OP} WHAT=amazonlinux    RELEASE=2                                        IS_LATEST=true

diff --git a/images/kernel/Makefile b/images/kernel/Makefile
@@ -1,3 +1,30 @@
+SHELL:=/bin/bash
+# Set the command for running `docker`
+# -- allows user to override for things like sudo usage or container images 
+DOCKER := docker
+# Set the first containerd.sock that successfully stats -- fallback to the docker4mac default
+CONTAINERD_SOCK := $(shell \
+	$(DOCKER) run -i --rm \
+		-v /run:/run:ro \
+		-v /var/run:/var/run:ro \
+		busybox:latest \
+		ls 2>/dev/null \
+		/run/containerd/containerd.sock \
+		/run/docker/containerd/containerd.sock \
+		/var/run/containerd/containerd.sock \
+		/var/run/docker/containerd/containerd.sock \
+		| head -n1 \
+		|| echo \
+			/var/run/docker/containerd/containerd.sock \
+	)
+# Set the command for running `ctr`
+# Use root inside a container with the host containerd socket
+# This is a form of privilege escalation that avoids interactive sudo during make
+CTR := $(DOCKER) run -i --rm \
+		-v $(CONTAINERD_SOCK):/run/containerd/containerd.sock \
+		linuxkit/containerd:751de142273e1b5d2d247d2832d654ab92e907bc \
+		ctr
+
 # Check https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/refs/ for updates
 REGISTRY?=weaveworks
 IMAGE_NAME?=${REGISTRY}/ignite-kernel
@@ -28,13 +55,18 @@ upgrade-%:
 
 build: $(addprefix build-,$(KERNEL_VERSIONS))
 build-%:
-	docker build -t $(IMAGE_NAME):$*-${GOARCH} \
+	$(DOCKER) build -t $(IMAGE_NAME):$*-${GOARCH} \
 		--build-arg KERNEL_VERSION=$* \
 		--build-arg ARCH=${KERNEL_ARCH} \
 		--build-arg GOARCH=${GOARCH} \
 		--build-arg ARCH_MAKE_PARAMS=${ARCH_MAKE_PARAMS} \
 		--build-arg VMLINUX_PATH=${VMLINUX_PATH} .
 
+ctr-import: $(addprefix ctr-import-,$(KERNEL_VERSIONS))
+ctr-import-%:
+	$(DOCKER) image save $(IMAGE_NAME):$*-${GOARCH} \
+		| $(CTR) -n firecracker image import -
+
 push: $(addprefix push-,$(KERNEL_VERSIONS))
 push-%:
 	../../hack/push-manifest-list.sh $(IMAGE_NAME):$* $(GOARCH_LIST)