-
Notifications
You must be signed in to change notification settings - Fork 21
Expand file tree
/
Copy pathDockerfile.hostdriver
More file actions
149 lines (124 loc) · 5.06 KB
/
Dockerfile.hostdriver
File metadata and controls
149 lines (124 loc) · 5.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
ARG builder_image
ARG hostdriver_base_image
# 1) dependency stage to create a dependency layer with go vendor folder and other dependencies
FROM --platform=${BUILDPLATFORM} ${builder_image} AS dependency
WORKDIR /workspace
# Copy source files needed for proper vendoring
COPY go.mod go.sum ./
COPY third_party/ third_party/
COPY api/ api/
COPY cmd/ cmd/
COPY test/ test/
COPY internal/ internal/
COPY pkg/ pkg/
# Vendor all dependencies with go build cache
RUN --mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
go mod vendor
# 2) Builder stage builds go binaries (no emulation).
FROM --platform=${BUILDPLATFORM} ${builder_image} AS builder
WORKDIR /workspace
ARG gcflags
ARG ldflags
ARG TARGETARCH
ENV GO_LDFLAGS=${ldflags}
ENV GO_GCFLAGS=${gcflags}
ENV ARCH=${TARGETARCH}
ENV TAG=${TAG}
# Copy the source code from the dependency image
COPY --from=dependency /workspace .
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=bind,source=Makefile,target=Makefile \
--mount=type=bind,source=hack/tools/tools.mk,target=hack/tools/tools.mk \
GOFLAGS="-mod=vendor" make binary-hostagent
# Copy the go source code so it can be distributed in the final image.
RUN mkdir src && \
find . -name '*.go' -not -path "./hack/*" -not -path "./.gocache/*" \
-exec cp --parents \{\} src/ \; && \
tar -czf source-code.tar.gz src
# 3) Version stage to create the DPF version file.
FROM ${builder_image} AS version
ARG TAG
# Write the DPF version file (separate stage to preserve builder cache when only TAG changes).
# The command echo is not present in the final image so this stage is needed.
RUN echo "${TAG}" > /tmp/dpf-version
# 4) Final stage copies artefacts from the builder and dependency stages.
FROM ${hostdriver_base_image}
ENV DEBIAN_FRONTEND=noninteractive
# Forces systemctl to connect via D-Bus instead of PID 1's private listener
ENV SYSTEMCTL_FORCE_BUS=1
# Tells systemd tools to try communicating with PID 1 even in container environments
ENV SYSTEMD_OFFLINE=0
# Legacy variable to ignore chroot detection (deprecated but still works)
ENV SYSTEMD_IGNORE_CHROOT=1
ARG TARGETARCH
ARG MFT_VERSION=4.29.0-131
ARG KUBECTL_VERSION=1.34.4
ARG PACKAGES="dpkg-dev \
libusb-1.0-0 \
ipmitool \
rshim \
curl \
screen \
pv \
bridge-utils \
iptables \
iproute2 \
netplan.io \
createrepo-c"
ARG ubuntu_mirror=http://archive.ubuntu.com/ubuntu/
RUN find /etc/apt/sources.list* -type f -exec sed -i \
-e "s|http://archive.ubuntu.com/ubuntu/|${ubuntu_mirror}|g" \
-e "s|http://ports.ubuntu.com/ubuntu/|${ubuntu_mirror}|g" \
-e "s|http://security.ubuntu.com/ubuntu/|${ubuntu_mirror}|g" '{}' \;
# Remove broken DOCA repository to prevent apt-get update failures as the repo might not be available publicly
# there is currently a bug where the repo is not available publicly. in any case we dont use packages from this repo ATM.
RUN rm -f /etc/apt/sources.list.d/doca.list
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update && \
apt-get upgrade -y -qq && \
apt-get install -y -qq --no-install-recommends ${PACKAGES}
RUN case ${TARGETARCH} in \
amd64) ARCH=x86_64 ;; \
arm64) ARCH=arm64 ;; \
*) echo "Unsupported architecture: ${TARGETARCH}" && exit 1 ;; \
esac && \
curl -fsSL https://www.mellanox.com/downloads/MFT/mft-${MFT_VERSION}-${ARCH}-deb.tgz | tar -xz -C /tmp && \
cd /tmp/mft-${MFT_VERSION}-${ARCH}-deb && \
./install.sh --without-kernel
RUN mkdir -p /bfb-folder
# Copy pre-built dpu-agent packages and generate APT/YUM repository metadata.
ARG DPUAGENT_DEB
ARG DPUAGENT_RPM
RUN mkdir -p /deb /rpm
COPY --from=packages ${DPUAGENT_DEB} /deb/
COPY --from=packages ${DPUAGENT_RPM} /rpm/
WORKDIR /deb
RUN dpkg-scanpackages -m . > Packages && gzip -k Packages
WORKDIR /rpm
RUN createrepo_c .
WORKDIR /
RUN echo "dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager.Reboot boolean:false" > /usr/sbin/reboot && chmod +x /usr/sbin/reboot
RUN curl -LO https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl && \
chmod +x kubectl && \
mv kubectl /usr/local/bin
COPY --from=builder /workspace/bin/ .
# Move source code to a directory
ARG PACKAGE_SOURCES
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
test "${PACKAGE_SOURCES}" = "false" || ( \
mkdir src && \
cd src && \
# Enable deb-src to be able to fetch sources
sed -i 's/^# deb-src/deb-src/g' /etc/apt/sources.list /etc/apt/sources.list.d/* && \
sed -i 's/^Types: deb$/Types: deb deb-src/g' /etc/apt/sources.list.d/*.sources && \
apt-get update && \
apt-get source --download-only ${PACKAGES} && \
curl -LO https://github.com/kubernetes/kubectl/archive/refs/tags/kubernetes-${KUBECTL_VERSION}.tar.gz && \
cd / && \
tar -cf source-code.tar src && \
rm -rf src \
)
COPY --chown=root:root --from=version /tmp/dpf-version /etc/dpf-version