├── sysbox-issue-854 ├── umount │ ├── go.mod │ ├── umount │ └── main.go ├── Dockerfile └── sample_fuse.py ├── alpine └── Dockerfile ├── ubuntu-focal-systemd-docker-custom ├── script.sh ├── custom.service └── Dockerfile ├── ubuntu-jammy-systemd-docker-custom ├── script.sh ├── custom.service └── Dockerfile ├── k8s-node ├── 1.18 │ ├── daemon.json │ ├── kube-pull.sh │ └── Dockerfile ├── 1.19 │ ├── daemon.json │ ├── kube-pull.sh │ └── Dockerfile ├── 1.20 │ ├── daemon.json │ ├── kube-pull.sh │ └── Dockerfile └── 1.21 │ ├── daemon.json │ ├── kube-pull.sh │ └── Dockerfile ├── alpine-docker └── Dockerfile ├── alpine-test └── Dockerfile ├── test-syscont ├── Makefile ├── Dockerfile └── get-inner-img.sh ├── alpine-supervisord-docker ├── supervisord.conf ├── docker-entrypoint.sh └── Dockerfile ├── mknod-test └── Dockerfile ├── jenkins-syscont ├── supervisord.conf ├── docker-entrypoint.sh └── Dockerfile ├── kindind ├── 1.18 │ ├── download-node-img.sh │ └── Dockerfile ├── 1.19 │ ├── download-node-img.sh │ └── Dockerfile └── 1.20 │ ├── download-node-img.sh │ └── Dockerfile ├── ubuntu-bionic-drone ├── agent │ ├── supervisord.conf │ └── Dockerfile └── server │ ├── supervisord.conf │ └── Dockerfile ├── ubuntu-jammy-docker-dbg └── Dockerfile ├── alpine-docker-dbg └── Dockerfile ├── ubuntu-focal-compose └── Dockerfile ├── ubuntu-jammy-compose └── Dockerfile ├── ubuntu-bionic-compose └── Dockerfile ├── ubuntu-focal-docker-dbg └── Dockerfile ├── ubuntu-bionic-docker-dbg └── Dockerfile ├── syscont-with-inner-img ├── docker-pull.sh └── Dockerfile ├── archlinux-systemd-docker └── Dockerfile ├── manjarolinux-systemd-docker └── Dockerfile ├── debian-stretch-docker └── Dockerfile ├── ubuntu-focal-docker └── Dockerfile ├── ubuntu-jammy-docker └── Dockerfile ├── ubuntu-bionic-docker └── Dockerfile ├── ubuntu-noble-docker └── Dockerfile ├── debian-stretch-docker-dbg └── Dockerfile ├── LICENSE.txt ├── k8s-node-test └── Dockerfile ├── ubuntu-bionic-docker18 └── Dockerfile ├── ubuntu-bionic-systemd-docker └── Dockerfile ├── archlinux-systemd └── Dockerfile ├── ubuntu-noble-systemd-docker └── Dockerfile ├── ubuntu-focal-systemd-docker └── Dockerfile ├── ubuntu-jammy-systemd-docker └── Dockerfile ├── manjarolinux-systemd └── Dockerfile ├── ubuntu-bionic-nixos └── Dockerfile ├── gitlab-runner-docker └── Dockerfile ├── .github └── workflows │ └── docker-publish.yml ├── kindestnode ├── 1.21 │ └── Dockerfile ├── 1.18 │ └── Dockerfile ├── 1.19 │ └── Dockerfile └── 1.20 │ └── Dockerfile ├── almalinux-8-systemd-docker └── Dockerfile ├── rockylinux-8-systemd-docker └── Dockerfile ├── centos-stream-8-systemd-docker └── Dockerfile ├── almalinux-8-systemd └── Dockerfile ├── rockylinux-8-systemd └── Dockerfile ├── centos-stream-8-systemd └── Dockerfile ├── ubuntu-impish-systemd └── Dockerfile ├── README.md ├── ubuntu-focal-systemd └── Dockerfile ├── ubuntu-jammy-systemd └── Dockerfile ├── ubuntu-bionic-systemd └── Dockerfile ├── ubuntu-noble-systemd └── Dockerfile └── minikube └── kicbase └── Dockerfile /sysbox-issue-854/umount/go.mod: -------------------------------------------------------------------------------- 1 | module umount 2 | 3 | go 1.21.3 4 | -------------------------------------------------------------------------------- /alpine/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Alpine 3 | # 4 | 5 | FROM alpine:latest 6 | -------------------------------------------------------------------------------- /ubuntu-focal-systemd-docker-custom/script.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | sleep 3600 4 | -------------------------------------------------------------------------------- /ubuntu-jammy-systemd-docker-custom/script.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | sleep 3600 4 | -------------------------------------------------------------------------------- /k8s-node/1.18/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "exec-opts": ["native.cgroupdriver=systemd"] 3 | } 4 | -------------------------------------------------------------------------------- /k8s-node/1.19/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "exec-opts": ["native.cgroupdriver=systemd"] 3 | } 4 | -------------------------------------------------------------------------------- /k8s-node/1.20/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "exec-opts": ["native.cgroupdriver=systemd"] 3 | } 4 | -------------------------------------------------------------------------------- /k8s-node/1.21/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "exec-opts": ["native.cgroupdriver=systemd"] 3 | } 4 | -------------------------------------------------------------------------------- /sysbox-issue-854/umount/umount: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nestybox/dockerfiles/HEAD/sysbox-issue-854/umount/umount -------------------------------------------------------------------------------- /alpine-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Alpine + Docker 3 | # 4 | 5 | FROM alpine:latest 6 | 7 | RUN apk update && apk add docker 8 | -------------------------------------------------------------------------------- /alpine-test/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Alpine + some extra tools used by the Sysbox test suite. 3 | # 4 | 5 | FROM alpine:latest 6 | 7 | RUN apk update && apk add bpftool 8 | -------------------------------------------------------------------------------- /test-syscont/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: clean 2 | 3 | default: Dockerfile get-inner-img.sh 4 | ./get-inner-img.sh 5 | docker build -t nestybox/test-syscont . 6 | 7 | clean: 8 | ./get-inner-img.sh -c 9 | -------------------------------------------------------------------------------- /ubuntu-focal-systemd-docker-custom/custom.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Random script execution 3 | After=docker.service 4 | StartLimitIntervalSec=0 5 | 6 | [Service] 7 | Type=oneshot 8 | ExecStart=/usr/bin/script.sh 9 | ExecReload=/usr/bin/script.sh 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /ubuntu-jammy-systemd-docker-custom/custom.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Random script execution 3 | After=docker.service 4 | StartLimitIntervalSec=0 5 | 6 | [Service] 7 | Type=oneshot 8 | ExecStart=/usr/bin/script.sh 9 | ExecReload=/usr/bin/script.sh 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /alpine-supervisord-docker/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | stdout_logfile=/dev/stdout 3 | stdout_logfile_maxbytes=0 4 | 5 | [program:dockerd] 6 | command=/usr/bin/dockerd 7 | priority=1 8 | autostart=true 9 | autorestart=true 10 | startsecs=0 11 | 12 | [program:sshd] 13 | command=/usr/sbin/sshd -D 14 | priority=1 15 | autostart=true 16 | autorestart=true 17 | startsecs=0 18 | -------------------------------------------------------------------------------- /mknod-test/Dockerfile: -------------------------------------------------------------------------------- 1 | # Docker image that includes as FIFO device as part of the image. Meant for 2 | # testing Sysbox inner Docker image preloading. 3 | # 4 | # Build with: 5 | # $ docker build -t nestybox/mknod-test:latest . 6 | 7 | FROM alpine 8 | 9 | RUN apk add --update \ 10 | ulogd \ 11 | && rm -rf /var/cache/apk/* \ 12 | && mknod /var/log/ulogd.pcap p 13 | -------------------------------------------------------------------------------- /jenkins-syscont/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | stdout_logfile=/dev/stdout 3 | stdout_logfile_maxbytes=0 4 | 5 | [program:dockerd] 6 | command=/usr/bin/dockerd 7 | priority=1 8 | autostart=true 9 | autorestart=true 10 | startsecs=0 11 | 12 | [program:jenkins] 13 | command=/usr/local/bin/jenkins.sh 14 | priority=2 15 | autostart=true 16 | autorestart=true 17 | startsecs=0 18 | user=jenkins -------------------------------------------------------------------------------- /kindind/1.18/download-node-img.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # start dockerd (needed for building KinD) 4 | dockerd > /var/log/dockerd.log 2>&1 & 5 | sleep 3 6 | 7 | # Preload the nestybox/kindestnode:v1.18.2 image (temporarily needed for 8 | # the kind cluster nodes to bypass a bug in the OCI runc used inside 9 | # these nodes). 10 | docker pull registry.nestybox.com/nestybox/kindestnode:v1.18.2 11 | -------------------------------------------------------------------------------- /kindind/1.19/download-node-img.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # start dockerd (needed for building KinD) 4 | dockerd > /var/log/dockerd.log 2>&1 & 5 | sleep 3 6 | 7 | # Preload the nestybox/kindestnode:v1.19.4 image (temporarily needed for 8 | # the kind cluster nodes to bypass a bug in the OCI runc used inside 9 | # these nodes). 10 | docker pull registry.nestybox.com/nestybox/kindestnode:v1.19.4 11 | -------------------------------------------------------------------------------- /kindind/1.20/download-node-img.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # start dockerd (needed for building KinD) 4 | dockerd > /var/log/dockerd.log 2>&1 & 5 | sleep 3 6 | 7 | # Preload the nestybox/kindestnode:v1.20.2 image (temporarily needed for 8 | # the kind cluster nodes to bypass a bug in the OCI runc used inside 9 | # these nodes). 10 | docker pull registry.nestybox.com/nestybox/kindestnode:v1.20.2 11 | -------------------------------------------------------------------------------- /ubuntu-bionic-drone/agent/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | stdout_logfile=/dev/stdout 3 | stdout_logfile_maxbytes=0 4 | nodaemon=true 5 | 6 | [program:dockerd] 7 | command=/usr/bin/dockerd 8 | priority=1 9 | autostart=true 10 | autorestart=true 11 | startsecs=0 12 | 13 | [program:drone-agent] 14 | command=/bin/drone-agent 15 | priority=2 16 | autostart=true 17 | autorestart=true 18 | startsecs=0 -------------------------------------------------------------------------------- /ubuntu-bionic-drone/server/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | stdout_logfile=/dev/stdout 3 | stdout_logfile_maxbytes=0 4 | nodaemon=true 5 | 6 | [program:dockerd] 7 | command=/usr/bin/dockerd 8 | priority=1 9 | autostart=true 10 | autorestart=true 11 | startsecs=0 12 | 13 | [program:drone-server] 14 | command=/bin/drone-server 15 | priority=2 16 | autostart=true 17 | autorestart=true 18 | startsecs=0 -------------------------------------------------------------------------------- /ubuntu-jammy-docker-dbg/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Jammy + Docker + Debug tools 3 | # 4 | 5 | FROM nestybox/ubuntu-jammy-docker:latest 6 | 7 | # Debug utilities 8 | RUN apt-get update && apt-get install -y \ 9 | procps \ 10 | psmisc \ 11 | nano \ 12 | strace \ 13 | net-tools \ 14 | less \ 15 | wget \ 16 | iproute2 17 | 18 | CMD ["/bin/bash"] 19 | -------------------------------------------------------------------------------- /alpine-docker-dbg/Dockerfile: -------------------------------------------------------------------------------- 1 | # Alpine image used by several Sysbox tests (carries alpine plus a few useful 2 | # debug utilities). 3 | 4 | FROM alpine:latest 5 | 6 | RUN apk update && apk add \ 7 | acl \ 8 | bash \ 9 | curl \ 10 | findmnt \ 11 | nano \ 12 | strace \ 13 | tree \ 14 | libcap \ 15 | bind-tools \ 16 | nftables 17 | 18 | RUN apk update && apk add docker 19 | 20 | CMD ["/bin/sh"] 21 | -------------------------------------------------------------------------------- /ubuntu-focal-compose/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Focal + Docker + Compose 3 | # 4 | # Instructions for Docker compose installation taken from: 5 | # https://docs.docker.com/compose/install/ 6 | # 7 | 8 | FROM nestybox/ubuntu-focal-docker:latest 9 | 10 | RUN curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && \ 11 | chmod +x /usr/local/bin/docker-compose 12 | -------------------------------------------------------------------------------- /ubuntu-jammy-compose/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Jammy + Docker + Compose 3 | # 4 | # Instructions for Docker compose installation taken from: 5 | # https://docs.docker.com/compose/install/ 6 | # 7 | 8 | FROM nestybox/ubuntu-jammy-docker:latest 9 | 10 | RUN curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && \ 11 | chmod +x /usr/local/bin/docker-compose 12 | -------------------------------------------------------------------------------- /sysbox-issue-854/Dockerfile: -------------------------------------------------------------------------------- 1 | # Dockerfile for testing fix for Sysbox issue 854 2 | # 3 | # Build with: 4 | # docker build -t nestybox/sysbox-issue-854 . 5 | 6 | FROM python:3.12 7 | 8 | RUN pip install fusepy 9 | RUN apt update 10 | RUN apt install -y libfuse-dev fuse strace 11 | COPY ./sample_fuse.py /tmp/sample_fuse.py 12 | COPY umount/umount /bin/umount-path 13 | RUN chmod +x /tmp/sample_fuse.py 14 | RUN chmod +x /bin/umount-path 15 | 16 | WORKDIR /tmp 17 | -------------------------------------------------------------------------------- /ubuntu-bionic-compose/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Bionic + Docker + Compose 3 | # 4 | # Instructions for Docker compose installation taken from: 5 | # https://docs.docker.com/compose/install/ 6 | # 7 | 8 | FROM nestybox/ubuntu-bionic-docker:latest 9 | 10 | RUN curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && \ 11 | chmod +x /usr/local/bin/docker-compose 12 | 13 | -------------------------------------------------------------------------------- /ubuntu-focal-docker-dbg/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Focal + Docker 3 | # 4 | # Instructions for docker installation taken from: 5 | # https://docs.docker.com/install/linux/docker-ce/ubuntu/ 6 | # 7 | 8 | FROM nestybox/ubuntu-focal-docker:latest 9 | 10 | # Debug utilities 11 | RUN apt-get update && apt-get install -y \ 12 | procps \ 13 | psmisc \ 14 | nano \ 15 | strace \ 16 | net-tools \ 17 | less \ 18 | wget \ 19 | iproute2 20 | 21 | CMD ["/bin/bash"] 22 | -------------------------------------------------------------------------------- /ubuntu-bionic-docker-dbg/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Bionic + Docker 3 | # 4 | # Instructions for docker installation taken from: 5 | # https://docs.docker.com/install/linux/docker-ce/ubuntu/ 6 | # 7 | 8 | FROM nestybox/ubuntu-bionic-docker:latest 9 | 10 | # Debug utilities 11 | RUN apt-get update && apt-get install -y \ 12 | procps \ 13 | psmisc \ 14 | nano \ 15 | strace \ 16 | net-tools \ 17 | less \ 18 | wget \ 19 | iproute2 20 | 21 | CMD ["/bin/bash"] 22 | -------------------------------------------------------------------------------- /syscont-with-inner-img/docker-pull.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # dockerd start 4 | dockerd > /var/log/dockerd.log 2>&1 & 5 | dockerd_pid=$! 6 | sleep 2 7 | 8 | # pull inner images 9 | docker pull busybox:latest 10 | docker pull alpine:latest 11 | 12 | # dockerd cleanup (remove the .pid file as otherwise it prevents 13 | # dockerd from launching correctly inside sys container) 14 | kill $dockerd_pid 15 | rm -f /var/run/docker.pid 16 | rm -f /var/run/docker/containerd/containerd.pid 17 | rm -f /var/run/containerd/containerd.pid 18 | -------------------------------------------------------------------------------- /sysbox-issue-854/umount/main.go: -------------------------------------------------------------------------------- 1 | // Simple program to call the umount syscall on a given path directly, without 2 | // any path resolution. 3 | 4 | package main 5 | 6 | import ( 7 | "fmt" 8 | "os" 9 | "syscall" 10 | ) 11 | 12 | func main() { 13 | if len(os.Args) != 2 { 14 | fmt.Println("Usage: umount ") 15 | os.Exit(1) 16 | } 17 | 18 | path := os.Args[1] 19 | 20 | // Call the umount syscall 21 | err := syscall.Unmount(path, 0) 22 | if err != nil { 23 | fmt.Fprintf(os.Stderr, "Failed to unmount %s: %v\n", path, err) 24 | os.Exit(1) 25 | } 26 | 27 | fmt.Printf("Successfully unmounted %s\n", path) 28 | } 29 | -------------------------------------------------------------------------------- /jenkins-syscont/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # sys container init: 5 | # 6 | # If no command is passed to the container, supervisord becomes init and 7 | # starts all its configured programs (per /etc/supervisor/conf.f/supervisord.conf). 8 | # 9 | # If a command is passed to the container, it runs in the foreground; 10 | # supervisord runs in the background and starts all its configured 11 | # programs. 12 | # 13 | # In either case, supervisord always starts its configured programs. 14 | 15 | if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then 16 | exec supervisord -n "$@" 17 | else 18 | supervisord -c /etc/supervisor/conf.d/supervisord.conf & 19 | exec "$@" 20 | fi 21 | -------------------------------------------------------------------------------- /alpine-supervisord-docker/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | # sys container init: 5 | # 6 | # If no command is passed to the container, supervisord becomes init and 7 | # starts all its configured programs (per /etc/supervisor/conf.f/supervisord.conf). 8 | # 9 | # If a command is passed to the container, it runs in the foreground; 10 | # supervisord runs in the background and starts all its configured 11 | # programs. 12 | # 13 | # In either case, supervisord always starts its configured programs. 14 | 15 | if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then 16 | exec supervisord -n "$@" 17 | else 18 | supervisord -c /etc/supervisor/conf.d/supervisord.conf & 19 | exec "$@" 20 | fi 21 | -------------------------------------------------------------------------------- /syscont-with-inner-img/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Sample Dockerfile to build a system container image that include inner container images. 3 | # 4 | # Build with: (must use the old docker builder, does not work with buildx yet): 5 | # $ DOCKER_BUILDKIT=0 docker build -t ghcr.io/nestybox/syscont-inner-img:latest . 6 | # 7 | # For arm64, build it on an arm64 host and tag it differently: 8 | # $ DOCKER_BUILDKIT=0 docker build -t ghcr.io/nestybox/syscont-inner-img:latest-arm64 . 9 | # 10 | # Run with: 11 | # $ docker run -it --runtime=sysbox-runc --hostname=syscont nestybox/syscont-with-inner-img:latest 12 | 13 | FROM ghcr.io/nestybox/alpine-docker 14 | 15 | COPY docker-pull.sh /usr/bin 16 | RUN chmod +x /usr/bin/docker-pull.sh && docker-pull.sh && rm /usr/bin/docker-pull.sh 17 | -------------------------------------------------------------------------------- /archlinux-systemd-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # ArchLinux + Systemd + Docker 3 | # 4 | # Description: 5 | # 6 | # This image serves as a basic reference example for user's looking to run 7 | # ArchLinux + Systemd + Docker inside a container. 8 | # 9 | # Usage: 10 | # 11 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/archlinux-systemd-docker 12 | # 13 | # This will run systemd and prompt for a user login; the default user/password 14 | # in this image is "admin/admin". Docker will be automatically started and user 15 | # admin can launch inner Docker containers. 16 | 17 | FROM nestybox/archlinux-systemd 18 | 19 | RUN pacman --noconfirm -Syu \ 20 | bash-completion \ 21 | docker 22 | 23 | RUN systemctl enable docker 24 | 25 | RUN usermod -aG docker admin 26 | -------------------------------------------------------------------------------- /manjarolinux-systemd-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # ManjaroLinux + Systemd + Docker 3 | # 4 | # Description: 5 | # 6 | # This image serves as a basic reference example for user's looking to run 7 | # ManjaroLinux + Systemd + Docker inside a container. 8 | # 9 | # Usage: 10 | # 11 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/manjarolinux-systemd-docker 12 | # 13 | # This will run systemd and prompt for a user login; the default user/password 14 | # in this image is "admin/admin". Docker will be automatically started and user 15 | # admin can launch inner Docker containers. 16 | 17 | FROM nestybox/manjarolinux-systemd 18 | 19 | RUN pacman --noconfirm -Syu \ 20 | bash-completion \ 21 | docker 22 | 23 | RUN systemctl enable docker 24 | 25 | RUN usermod -aG docker admin 26 | -------------------------------------------------------------------------------- /debian-stretch-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Debian Stretch + Docker 3 | # 4 | # Instructions for docker installation taken from: 5 | # https://docs.docker.com/install/linux/docker-ce/debian/ 6 | # 7 | 8 | FROM debian:stretch 9 | 10 | # Docker install 11 | RUN apt-get update && apt-get install --no-install-recommends -y \ 12 | apt-transport-https \ 13 | ca-certificates \ 14 | curl \ 15 | gnupg2 \ 16 | software-properties-common 17 | RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - 18 | RUN apt-key fingerprint 0EBFCD88 19 | RUN add-apt-repository \ 20 | "deb [arch=amd64] https://download.docker.com/linux/debian \ 21 | $(lsb_release -cs) \ 22 | stable" 23 | RUN apt-get update && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io 24 | 25 | -------------------------------------------------------------------------------- /ubuntu-focal-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Focal + Docker 3 | # 4 | # Instructions for docker installation taken from: 5 | # https://docs.docker.com/install/linux/docker-ce/ubuntu/ 6 | # 7 | 8 | FROM ubuntu:focal 9 | 10 | # Docker install 11 | RUN apt-get update && apt-get install --no-install-recommends -y \ 12 | apt-transport-https \ 13 | ca-certificates \ 14 | curl \ 15 | gnupg-agent \ 16 | software-properties-common 17 | RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - 18 | RUN apt-key fingerprint 0EBFCD88 19 | 20 | RUN add-apt-repository \ 21 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 22 | $(lsb_release -cs) \ 23 | stable" 24 | RUN apt-get update && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io 25 | -------------------------------------------------------------------------------- /ubuntu-jammy-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Jammy + Docker 3 | # 4 | # Instructions for docker installation taken from: 5 | # https://docs.docker.com/install/linux/docker-ce/ubuntu/ 6 | # 7 | 8 | FROM ubuntu:jammy 9 | 10 | # Docker install 11 | RUN apt-get update && apt-get install --no-install-recommends -y \ 12 | apt-transport-https \ 13 | ca-certificates \ 14 | curl \ 15 | gnupg-agent \ 16 | software-properties-common 17 | RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - 18 | RUN apt-key fingerprint 0EBFCD88 19 | 20 | RUN add-apt-repository \ 21 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 22 | $(lsb_release -cs) \ 23 | stable" 24 | RUN apt-get update && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io 25 | -------------------------------------------------------------------------------- /ubuntu-bionic-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Bionic + Docker 3 | # 4 | # Instructions for docker installation taken from: 5 | # https://docs.docker.com/install/linux/docker-ce/ubuntu/ 6 | # 7 | 8 | FROM ubuntu:bionic 9 | 10 | # Docker install 11 | RUN apt-get update && apt-get install --no-install-recommends -y \ 12 | apt-transport-https \ 13 | ca-certificates \ 14 | curl \ 15 | gnupg-agent \ 16 | software-properties-common 17 | RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - 18 | RUN apt-key fingerprint 0EBFCD88 19 | 20 | RUN add-apt-repository \ 21 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 22 | $(lsb_release -cs) \ 23 | stable" 24 | RUN apt-get update && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io 25 | -------------------------------------------------------------------------------- /ubuntu-noble-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Noble (24.04) + Docker 3 | # 4 | # Instructions for docker installation taken from: 5 | # https://docs.docker.com/install/linux/docker-ce/ubuntu/ 6 | # 7 | 8 | FROM ubuntu:noble 9 | 10 | # Docker install 11 | RUN apt-get update && apt-get install --no-install-recommends -y \ 12 | apt-transport-https \ 13 | ca-certificates \ 14 | curl \ 15 | gnupg-agent \ 16 | software-properties-common 17 | RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - 18 | RUN apt-key fingerprint 0EBFCD88 19 | 20 | RUN add-apt-repository \ 21 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 22 | $(lsb_release -cs) \ 23 | stable" 24 | RUN apt-get update && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io 25 | -------------------------------------------------------------------------------- /debian-stretch-docker-dbg/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Debian Stretch + Docker 3 | # 4 | # Instructions for docker installation taken from: 5 | # https://docs.docker.com/install/linux/docker-ce/debian/ 6 | # 7 | 8 | FROM nestybox/debian-stretch-docker:latest 9 | 10 | # Debug utilities 11 | RUN apt-get update && apt-get install -y \ 12 | procps \ 13 | psmisc \ 14 | nano \ 15 | strace \ 16 | net-tools \ 17 | wget 18 | 19 | CMD ["/bin/bash"] 20 | 21 | # 22 | # The following steps could be used as an alternative to the 23 | # docker-ce install above. They only install the docker engine. 24 | # I got these from here: 25 | # https://gist.github.com/apokalyptik/99cefb3d2e16b9b0c3141e222f3267db#file-set-up-the-master-md 26 | # 27 | # apt-key adv \ 28 | # --keyserver hkp://p80.pool.sks-keyservers.net:80 \ 29 | # --recv-keys 58118E89F3A912897C070ADBF76221572C52609D 30 | # echo 'deb https://apt.dockerproject.org/repo debian-jessie main' \ 31 | # > /etc/apt/sources.list.d/docker.list 32 | # apt-get update 33 | # apt-get -fqqy install docker-engine 34 | 35 | -------------------------------------------------------------------------------- /ubuntu-focal-systemd-docker-custom/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Ubuntu Focal + Systemd + Sshd + Docker + Custom entry-point. 2 | # 3 | # Usage: 4 | # 5 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont nestybox/ubuntu-focal-systemd-docker-custom 6 | # 7 | # This will run systemd and prompt for a user login; the default 8 | # user/password in this image is "admin/admin". Once you log in you 9 | # can run Docker inside as usual. You can also ssh into the image: 10 | # 11 | # $ ssh admin@ -p 12 | # 13 | # where is chosen by Docker and mapped into the system container's sshd port. 14 | # 15 | 16 | FROM nestybox/ubuntu-focal-systemd-docker:latest 17 | 18 | # Example of a systemd service created to showcase a custom entry-point. 19 | COPY script.sh /usr/bin/ 20 | COPY custom.service /lib/systemd/system/ 21 | RUN chmod +x /usr/bin/script.sh && \ 22 | ln -sf /lib/systemd/system/custom.service \ 23 | /etc/systemd/system/multi-user.target.wants/custom.service 24 | 25 | 26 | -------------------------------------------------------------------------------- /ubuntu-jammy-systemd-docker-custom/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Ubuntu Jammy + Systemd + Sshd + Docker + Custom entry-point. 2 | # 3 | # Usage: 4 | # 5 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont nestybox/ubuntu-jammy-systemd-jammy-custom 6 | # 7 | # This will run systemd and prompt for a user login; the default 8 | # user/password in this image is "admin/admin". Once you log in you 9 | # can run Docker inside as usual. You can also ssh into the image: 10 | # 11 | # $ ssh admin@ -p 12 | # 13 | # where is chosen by Docker and mapped into the system container's sshd port. 14 | # 15 | 16 | FROM nestybox/ubuntu-jammy-systemd-docker:latest 17 | 18 | # Example of a systemd service created to showcase a custom entry-point. 19 | COPY script.sh /usr/bin/ 20 | COPY custom.service /lib/systemd/system/ 21 | RUN chmod +x /usr/bin/script.sh && \ 22 | ln -sf /lib/systemd/system/custom.service \ 23 | /etc/systemd/system/multi-user.target.wants/custom.service 24 | 25 | 26 | -------------------------------------------------------------------------------- /k8s-node/1.18/kube-pull.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Runs inside the K8s node system container; requests kubeadm to pull K8s 5 | # control-plane components. 6 | # 7 | 8 | usage() { 9 | echo "\nUsage: $0 \n" 10 | echo "E.g., $0 v1.18.2" 11 | } 12 | 13 | if [ "$#" -ne 1 ]; then 14 | echo "Invalid number of arguments. Expect 1, got $#". 15 | usage 16 | exit 1 17 | fi 18 | 19 | k8s_version=$1 20 | 21 | # start dockerd 22 | dockerd > /var/log/dockerd.log 2>&1 & 23 | dockerd_pid=$! 24 | sleep 2 25 | 26 | # pull inner images 27 | kubeadm config images pull --kubernetes-version=$k8s_version 28 | # flannel cni 29 | docker image pull quay.io/coreos/flannel:v0.12.0-amd64 30 | # weaveNet cni 31 | docker image pull docker.io/weaveworks/weave-kube:2.8.1 32 | docker image pull docker.io/weaveworks/weave-npc:2.8.1 33 | # calico cni 34 | docker image pull quay.io/tigera/operator:v1.17.2 35 | 36 | # stop dockerd (remove the .pid file as otherwise it may prevent 37 | # dockerd from launching correctly inside the sys container) 38 | kill $dockerd_pid 39 | rm -f /var/run/docker.pid 40 | -------------------------------------------------------------------------------- /k8s-node/1.19/kube-pull.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Runs inside the K8s node system container; requests kubeadm to pull K8s 5 | # control-plane components. 6 | # 7 | 8 | usage() { 9 | echo "\nUsage: $0 \n" 10 | echo "E.g., $0 v1.18.2" 11 | } 12 | 13 | if [ "$#" -ne 1 ]; then 14 | echo "Invalid number of arguments. Expect 1, got $#". 15 | usage 16 | exit 1 17 | fi 18 | 19 | k8s_version=$1 20 | 21 | # start dockerd 22 | dockerd > /var/log/dockerd.log 2>&1 & 23 | dockerd_pid=$! 24 | sleep 2 25 | 26 | # pull inner images 27 | kubeadm config images pull --kubernetes-version=$k8s_version 28 | # flannel cni 29 | docker image pull quay.io/coreos/flannel:v0.12.0-amd64 30 | # weaveNet cni 31 | docker image pull docker.io/weaveworks/weave-kube:2.8.1 32 | docker image pull docker.io/weaveworks/weave-npc:2.8.1 33 | # calico cni 34 | docker image pull quay.io/tigera/operator:v1.17.2 35 | 36 | # stop dockerd (remove the .pid file as otherwise it may prevent 37 | # dockerd from launching correctly inside the sys container) 38 | kill $dockerd_pid 39 | rm -f /var/run/docker.pid 40 | -------------------------------------------------------------------------------- /k8s-node/1.20/kube-pull.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Runs inside the K8s node system container; requests kubeadm to pull K8s 5 | # control-plane components. 6 | # 7 | 8 | usage() { 9 | echo "\nUsage: $0 \n" 10 | echo "E.g., $0 v1.18.2" 11 | } 12 | 13 | if [ "$#" -ne 1 ]; then 14 | echo "Invalid number of arguments. Expect 1, got $#". 15 | usage 16 | exit 1 17 | fi 18 | 19 | k8s_version=$1 20 | 21 | # start dockerd 22 | dockerd > /var/log/dockerd.log 2>&1 & 23 | dockerd_pid=$! 24 | sleep 2 25 | 26 | # pull inner images 27 | kubeadm config images pull --kubernetes-version=$k8s_version 28 | # flannel cni 29 | docker image pull quay.io/coreos/flannel:v0.12.0-amd64 30 | # weaveNet cni 31 | docker image pull docker.io/weaveworks/weave-kube:2.8.1 32 | docker image pull docker.io/weaveworks/weave-npc:2.8.1 33 | # calico cni 34 | docker image pull quay.io/tigera/operator:v1.17.2 35 | 36 | # stop dockerd (remove the .pid file as otherwise it may prevent 37 | # dockerd from launching correctly inside the sys container) 38 | kill $dockerd_pid 39 | rm -f /var/run/docker.pid 40 | -------------------------------------------------------------------------------- /k8s-node/1.21/kube-pull.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Runs inside the K8s node system container; requests kubeadm to pull K8s 5 | # control-plane components. 6 | # 7 | 8 | usage() { 9 | echo "\nUsage: $0 \n" 10 | echo "E.g., $0 v1.18.2" 11 | } 12 | 13 | if [ "$#" -ne 1 ]; then 14 | echo "Invalid number of arguments. Expect 1, got $#". 15 | usage 16 | exit 1 17 | fi 18 | 19 | k8s_version=$1 20 | 21 | # start dockerd 22 | dockerd > /var/log/dockerd.log 2>&1 & 23 | dockerd_pid=$! 24 | sleep 2 25 | 26 | # pull inner images 27 | kubeadm config images pull --kubernetes-version=$k8s_version 28 | # flannel cni 29 | docker image pull quay.io/coreos/flannel:v0.12.0-amd64 30 | # weaveNet cni 31 | docker image pull docker.io/weaveworks/weave-kube:2.8.1 32 | docker image pull docker.io/weaveworks/weave-npc:2.8.1 33 | # calico cni 34 | docker image pull quay.io/tigera/operator:v1.17.2 35 | 36 | # stop dockerd (remove the .pid file as otherwise it may prevent 37 | # dockerd from launching correctly inside the sys container) 38 | kill $dockerd_pid 39 | rm -f /var/run/docker.pid 40 | -------------------------------------------------------------------------------- /alpine-supervisord-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Sample system container with alpine + supervisord + sshd + docker 3 | # 4 | # Run with: 5 | # 6 | # $ docker run --runtime=sysbox-runc -d -P 7 | # 8 | 9 | FROM alpine:latest 10 | 11 | # docker 12 | RUN apk add --update docker && \ 13 | rm -rf /tmp/* /var/cache/apk/* 14 | 15 | # supervisord 16 | RUN apk add --update supervisor && rm -rf /tmp/* /var/cache/apk/* 17 | RUN mkdir -p /var/log/supervisor 18 | #COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf 19 | COPY supervisord.conf /etc/ 20 | 21 | # sshd 22 | RUN apk add --update openssh && rm -rf /tmp/* /var/cache/apk/* 23 | RUN mkdir /var/run/sshd 24 | RUN echo 'root:root' | chpasswd 25 | RUN sed -ri 's/^#?PermitRootLogin\s+.*/PermitRootLogin yes/' /etc/ssh/sshd_config 26 | RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config 27 | RUN mkdir /root/.ssh 28 | RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa 29 | EXPOSE 22 30 | 31 | # entrypoint 32 | COPY docker-entrypoint.sh /usr/bin/docker-entrypoint.sh 33 | RUN chmod +x /usr/bin/docker-entrypoint.sh 34 | 35 | ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] 36 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Nestybox, Inc. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /k8s-node-test/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Kubernetes node system container **test** image. 3 | # 4 | # NOTE: MEANT FOR INTERNAL USE BY NESTYBOX; DO NOT MAKE PUBLIC. 5 | # 6 | # This image is a superset of k8s-node image, which includes systemd, 7 | # kubeadm and all k8s control plane pod images. Its main purpose is 8 | # to serve as a testing image for K8s' integration-test suites. 9 | # 10 | # NOTE: THIS IMAGE SHOULD BE BUILT INSIDE THE SYSBOX TEST CONTAINER, 11 | # TO AVOID THE PROBLEMS IN SYSBOX ISSUE 676. 12 | # 13 | # This testing image is expected to be utilized from all the Sysbox's 14 | # supported platforms, so it must be generated with an instruction 15 | # like this one: 16 | # 17 | # $ docker buildx build --platform linux/amd64,linux/arm64 -t ghcr.io/nestybox/k8s-node-test:v1.20.2 --push . 18 | # 19 | 20 | FROM ghcr.io/nestybox/k8s-node:v1.21.12 21 | 22 | ARG k8s_version=v1.21.12 23 | 24 | # Debug/Testing utilities 25 | RUN apt-get update && apt-get install --no-install-recommends -y \ 26 | lsof \ 27 | less \ 28 | nano \ 29 | psmisc \ 30 | iproute2 \ 31 | iputils-ping \ 32 | jq \ 33 | net-tools \ 34 | dnsutils \ 35 | tcpdump \ 36 | bridge-utils \ 37 | && rm -rf /var/lib/apt/lists/* 38 | -------------------------------------------------------------------------------- /test-syscont/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Alpine + docker + a bunch of inner container images 3 | # 4 | # Instructions for docker installation taken from: 5 | # https://docs.docker.com/install/linux/docker-ce/ubuntu/ 6 | # 7 | # TODO 8 | # Use light-weight base (alpine) 9 | # Embed other images inside 10 | 11 | 12 | FROM alpine:latest 13 | 14 | RUN apk update && apk add \ 15 | bash \ 16 | curl \ 17 | docker \ 18 | findmnt \ 19 | nano \ 20 | strace 21 | 22 | # Inner container images (embedded in sys container image) 23 | COPY elasticsearch_5.6.16-alpine.tar /root/img/elasticsearch_5.6.16-alpine.tar 24 | COPY alpine_3.10.tar /root/img/alpine_3.10.tar 25 | COPY httpd_alpine.tar /root/img/httpd_alpine.tar 26 | COPY fluentd_edge.tar /root/img/fluentd_edge.tar 27 | COPY python_alpine.tar /root/img/python_alpine.tar 28 | COPY mysql_server_5.6.tar /root/img/mysql_server_5.6.tar 29 | COPY nginx_mainline_alpine.tar /root/img/nginx_mainline_alpine.tar 30 | COPY postgres_alpine.tar /root/img/postgres_alpine.tar 31 | COPY prometheus.tar /root/img/prometheus.tar 32 | COPY redis_5.0.5_alpine.tar /root/img/redis_5.0.5_alpine.tar 33 | COPY telegraf-1.12-alpine.tar /root/img/telegraf-1.12-alpine.tar 34 | COPY influxdb_1.7-alpine.tar /root/img/influxdb_1.7-alpine.tar 35 | -------------------------------------------------------------------------------- /jenkins-syscont/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # System Container with Jenkins Master + Dockerd 3 | # 4 | # Run with: docker run --rm -d --runtime=sysbox-runc -P nestybox/jenkins-syscont 5 | 6 | FROM jenkins/jenkins:lts 7 | USER root 8 | 9 | # 10 | # Docker install 11 | # 12 | RUN apt-get update && apt-get install --no-install-recommends -y \ 13 | apt-transport-https \ 14 | ca-certificates \ 15 | curl \ 16 | gnupg2 \ 17 | software-properties-common 18 | RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - 19 | RUN apt-key fingerprint 0EBFCD88 20 | RUN add-apt-repository \ 21 | "deb [arch=amd64] https://download.docker.com/linux/debian \ 22 | $(lsb_release -cs) \ 23 | stable" 24 | RUN apt-get update && apt-get install --no-install-recommends -y \ 25 | docker-ce docker-ce-cli containerd.io 26 | RUN usermod -aG docker jenkins 27 | 28 | # 29 | # supervisord 30 | # 31 | RUN apt-get install --no-install-recommends -y supervisor 32 | RUN mkdir -p /var/log/supervisor 33 | COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf 34 | 35 | # 36 | # Entrypoint 37 | # 38 | COPY docker-entrypoint.sh /usr/bin/docker-entrypoint.sh 39 | RUN chmod +x /usr/bin/docker-entrypoint.sh 40 | 41 | ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] 42 | -------------------------------------------------------------------------------- /ubuntu-bionic-docker18/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Bionic + Docker 18.09.8 3 | # 4 | # NOTE: this dockerfile relies on deb packages for Docker 18.09 that 5 | # must be downloaded and copied into this directory before launching 6 | # the docker build. 7 | # 8 | # They can be obtained from https://download.docker.com/linux/ubuntu/dists/bionic/pool/stable/amd64/ 9 | # 10 | 11 | FROM ubuntu:bionic 12 | 13 | # Docker 18.09.8 install 14 | RUN apt-get update && apt-get install --no-install-recommends -y \ 15 | apt-transport-https \ 16 | ca-certificates \ 17 | curl \ 18 | gnupg-agent \ 19 | software-properties-common \ 20 | iptables 21 | 22 | RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - 23 | RUN apt-key fingerprint 0EBFCD88 24 | RUN add-apt-repository \ 25 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 26 | $(lsb_release -cs) \ 27 | stable" 28 | 29 | RUN apt-get update && apt-get install --no-install-recommends -y \ 30 | containerd.io 31 | 32 | # Install the docker 18 deb packages 33 | COPY docker-ce-cli_18.09.8_3-0_ubuntu-bionic_amd64.deb /root/ 34 | COPY docker-ce_18.09.8_3-0_ubuntu-bionic_amd64.deb /root/ 35 | 36 | RUN dpkg -i /root/docker-ce-cli_18.09.8_3-0_ubuntu-bionic_amd64.deb 37 | RUN dpkg -i /root/docker-ce_18.09.8_3-0_ubuntu-bionic_amd64.deb 38 | 39 | CMD ["/bin/bash"] 40 | -------------------------------------------------------------------------------- /ubuntu-bionic-systemd-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Bionic + Systemd + sshd + Docker 3 | # 4 | # Usage: 5 | # 6 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont nestybox/ubuntu-bionic-systemd-docker 7 | # 8 | # This will run systemd and prompt for a user login; the default 9 | # user/password in this image is "admin/admin". Once you log in you 10 | # can run Docker inside as usual. You can also ssh into the image: 11 | # 12 | # $ ssh admin@ -p 13 | # 14 | # where is chosen by Docker and mapped into the system container's sshd port. 15 | # 16 | 17 | FROM ghcr.io/nestybox/ubuntu-bionic-systemd:latest 18 | 19 | # Install Docker 20 | RUN apt-get update && apt-get install -y curl \ 21 | && rm -rf /var/lib/apt/lists/* \ 22 | && curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh \ 23 | # Add user "admin" to the Docker group 24 | && usermod -a -G docker admin 25 | ADD https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker /etc/bash_completion.d/docker.sh 26 | 27 | # Install Sshd 28 | RUN apt-get update && apt-get install --no-install-recommends -y openssh-server \ 29 | && rm -rf /var/lib/apt/lists/* \ 30 | && mkdir /home/admin/.ssh \ 31 | && chown admin:admin /home/admin/.ssh 32 | 33 | EXPOSE 22 34 | 35 | # Set systemd as entrypoint. 36 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 37 | -------------------------------------------------------------------------------- /archlinux-systemd/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # ArchLinux + Systemd 3 | # 4 | # Description: 5 | # 6 | # This image serves as a basic reference example for user's looking to run 7 | # ArchLinux + Systemd inside a system container, in order to deploy various 8 | # services within the system container, or use it as a virtual host environment. 9 | # 10 | # Usage: 11 | # 12 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/archlinux-systemd 13 | # 14 | # This will run systemd and prompt for a user login; the default user/password 15 | # in this image is "admin/admin". 16 | 17 | FROM archlinux 18 | 19 | # remove man pages and locale data 20 | RUN rm -rf /archlinux/usr/share/locale && rm -rf /archlinux/usr/share/man 21 | 22 | # The following systemd services don't work well (yet) inside a sysbox container 23 | # (due to lack of permissions inside unprivileged containers) 24 | RUN systemctl mask systemd-journald-audit.socket systemd-udev-trigger.service systemd-networkd-wait-online.service 25 | 26 | # The following systemd services are not needed 27 | RUN systemctl mask systemd-firstboot.service 28 | 29 | # switch default target from graphical to multi-user 30 | RUN systemctl set-default multi-user.target 31 | 32 | # Create default 'admin/admin' user 33 | RUN useradd --create-home --shell /bin/bash admin && echo "admin:admin" | chpasswd 34 | 35 | # Set systemd as entrypoint. 36 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 37 | -------------------------------------------------------------------------------- /ubuntu-noble-systemd-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Ubuntu Noble + Systemd + Sshd + Docker. 2 | # 3 | # Usage: 4 | # 5 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont nestybox/ubuntu-noble-systemd-docker 6 | # 7 | # This will run systemd and prompt for a user login; the default 8 | # user/password in this image is "admin/admin". Once you log in you 9 | # can run Docker inside as usual. You can also ssh into the image: 10 | # 11 | # $ ssh admin@ -p 12 | # 13 | # where is chosen by Docker and mapped into the system container's sshd port. 14 | # 15 | 16 | FROM nestybox/ubuntu-noble-systemd:latest 17 | 18 | # Install Docker 19 | RUN apt-get update && apt-get install -y curl \ 20 | && rm -rf /var/lib/apt/lists/* \ 21 | && curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh \ 22 | # Add user "admin" to the Docker group 23 | && usermod -a -G docker admin 24 | ADD https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker /etc/bash_completion.d/docker.sh 25 | 26 | # Install Sshd 27 | RUN apt-get update && apt-get install --no-install-recommends -y openssh-server \ 28 | && rm -rf /var/lib/apt/lists/* \ 29 | && mkdir /home/admin/.ssh \ 30 | && chown admin:admin /home/admin/.ssh 31 | 32 | EXPOSE 22 33 | 34 | # Set systemd as entrypoint. 35 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 36 | -------------------------------------------------------------------------------- /ubuntu-focal-systemd-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Ubuntu Focal + Systemd + Sshd + Docker. 2 | # 3 | # Usage: 4 | # 5 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont nestybox/ubuntu-focal-systemd-docker 6 | # 7 | # This will run systemd and prompt for a user login; the default 8 | # user/password in this image is "admin/admin". Once you log in you 9 | # can run Docker inside as usual. You can also ssh into the image: 10 | # 11 | # $ ssh admin@ -p 12 | # 13 | # where is chosen by Docker and mapped into the system container's sshd port. 14 | # 15 | 16 | FROM ghcr.io/nestybox/ubuntu-focal-systemd:latest 17 | 18 | # Install Docker 19 | RUN apt-get update && apt-get install -y curl \ 20 | && rm -rf /var/lib/apt/lists/* \ 21 | && curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh \ 22 | # Add user "admin" to the Docker group 23 | && usermod -a -G docker admin 24 | ADD https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker /etc/bash_completion.d/docker.sh 25 | 26 | # Install Sshd 27 | RUN apt-get update && apt-get install --no-install-recommends -y openssh-server \ 28 | && rm -rf /var/lib/apt/lists/* \ 29 | && mkdir /home/admin/.ssh \ 30 | && chown admin:admin /home/admin/.ssh 31 | 32 | EXPOSE 22 33 | 34 | # Set systemd as entrypoint. 35 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 36 | -------------------------------------------------------------------------------- /ubuntu-jammy-systemd-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Ubuntu Jammy + Systemd + Sshd + Docker. 2 | # 3 | # Usage: 4 | # 5 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont nestybox/ubuntu-jammy-systemd-docker 6 | # 7 | # This will run systemd and prompt for a user login; the default 8 | # user/password in this image is "admin/admin". Once you log in you 9 | # can run Docker inside as usual. You can also ssh into the image: 10 | # 11 | # $ ssh admin@ -p 12 | # 13 | # where is chosen by Docker and mapped into the system container's sshd port. 14 | # 15 | 16 | FROM ghcr.io/nestybox/ubuntu-jammy-systemd:latest 17 | 18 | # Install Docker 19 | RUN apt-get update && apt-get install -y curl \ 20 | && rm -rf /var/lib/apt/lists/* \ 21 | && curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh \ 22 | # Add user "admin" to the Docker group 23 | && usermod -a -G docker admin 24 | ADD https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker /etc/bash_completion.d/docker.sh 25 | 26 | # Install Sshd 27 | RUN apt-get update && apt-get install --no-install-recommends -y openssh-server \ 28 | && rm -rf /var/lib/apt/lists/* \ 29 | && mkdir /home/admin/.ssh \ 30 | && chown admin:admin /home/admin/.ssh 31 | 32 | EXPOSE 22 33 | 34 | # Set systemd as entrypoint. 35 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 36 | 37 | 38 | -------------------------------------------------------------------------------- /sysbox-issue-854/sample_fuse.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import os 4 | import sys 5 | import errno 6 | from fuse import FUSE, FuseOSError, Operations 7 | 8 | class SimpleFS(Operations): 9 | def __init__(self, root): 10 | self.root = root 11 | 12 | def _full_path(self, partial): 13 | if partial.startswith("/"): 14 | partial = partial[1:] 15 | return os.path.join(self.root, partial) 16 | 17 | def getattr(self, path, fh=None): 18 | full_path = self._full_path(path) 19 | st = os.lstat(full_path) 20 | return dict((key, getattr(st, key)) for key in ('st_atime', 'st_ctime', 21 | 'st_gid', 'st_mode', 'st_mtime', 'st_nlink', 'st_size', 'st_uid')) 22 | 23 | def readdir(self, path, fh): 24 | full_path = self._full_path(path) 25 | dirents = ['.', '..'] 26 | if os.path.isdir(full_path): 27 | dirents.extend(os.listdir(full_path)) 28 | for r in dirents: 29 | yield r 30 | 31 | def read(self, path, size, offset, fh): 32 | with open(self._full_path(path), 'rb') as f: 33 | f.seek(offset) 34 | return f.read(size) 35 | 36 | def write(self, path, buf, offset, fh): 37 | with open(self._full_path(path), 'r+b') as f: 38 | f.seek(offset) 39 | f.write(buf) 40 | return len(buf) 41 | 42 | def main(mountpoint, root): 43 | FUSE(SimpleFS(root), mountpoint, nothreads=True, foreground=False) 44 | 45 | if __name__ == '__main__': 46 | main(sys.argv[2], sys.argv[1]) 47 | -------------------------------------------------------------------------------- /manjarolinux-systemd/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Manjaro Linux + Systemd 3 | # 4 | # Description: 5 | # 6 | # This image serves as a basic reference example for user's looking to run 7 | # Manjaro Linux + Systemd inside a system container, in order to deploy various 8 | # services within the system container, or use it as a virtual host environment. 9 | # 10 | # Usage: 11 | # 12 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/manjarolinux-systemd 13 | # 14 | # This will run systemd and prompt for a user login; the default user/password 15 | # in this image is "admin/admin". 16 | 17 | FROM manjarolinux/base 18 | 19 | # The following systemd services don't work well (yet) inside a sysbox container 20 | # (due to lack of permissions inside unprivileged containers) 21 | RUN systemctl mask systemd-journald-audit.socket systemd-udev-trigger.service systemd-networkd-wait-online.service 22 | 23 | # The following systemd services are not needed 24 | RUN systemctl mask systemd-firstboot.service 25 | 26 | # switch default target from graphical to multi-user 27 | RUN systemctl set-default multi-user.target 28 | 29 | # Useful utilities 30 | RUN pacman -Syu --noconfirm && pacman -S --noconfirm sudo which 31 | 32 | # Enable sudo on the sudo group 33 | RUN sed -i 's/# \%sudo\sALL=(ALL)\sALL/\%sudo ALL=(ALL) ALL/g' /etc/sudoers 34 | 35 | # Create default 'admin/admin' user 36 | RUN groupadd sudo && useradd --create-home --shell /bin/bash -G sudo admin && echo "admin:admin" | chpasswd 37 | 38 | # Set systemd as entrypoint. 39 | ENTRYPOINT [ "/lib/systemd/systemd", "--log-level=err" ] 40 | -------------------------------------------------------------------------------- /ubuntu-bionic-nixos/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | RUN apt-get update \ 4 | && apt-get install --no-install-recommends -y \ 5 | ca-certificates \ 6 | sudo \ 7 | wget \ 8 | xz-utils \ 9 | && apt clean -y \ 10 | && apt autoremove -y \ 11 | && rm -rf /var/cache/apt/archives/* \ 12 | && rm -rf /var/lib/apt/lists/* 13 | 14 | ENV USER user 15 | ENV UID 1000 16 | ENV GID 1000 17 | 18 | RUN groupadd --gid "$GID" "$USER" \ 19 | && useradd \ 20 | --uid "$UID" \ 21 | --gid "$GID" \ 22 | --create-home \ 23 | --shell /bin/bash \ 24 | "$USER" \ 25 | && echo "${USER} ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/${GID}-${USER}" 26 | 27 | RUN groupadd --system --gid 30000 nixbld \ 28 | && for i in $(seq 1 30); do adduser --system --disabled-password --home /var/empty --gecos "Nix build user $i" --uid $((30000 + i)) --gid 30000 nixbld$i ; done \ 29 | && mkdir -m 0755 /etc/nix \ 30 | && echo "sandbox = false" > /etc/nix/nix.conf \ 31 | && mkdir -m 0755 /nix \ 32 | && chown ${USER} /nix 33 | 34 | USER $USER 35 | WORKDIR /home/${USER}/ 36 | 37 | ARG NIX_VERSION=2.3.10 38 | RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-$(uname -m)-linux.tar.xz \ 39 | && tar xf nix-${NIX_VERSION}-$(uname -m)-linux.tar.xz \ 40 | && sh nix-${NIX_VERSION}-$(uname -m)-linux/install \ 41 | && rm -r nix-${NIX_VERSION}-$(uname -m)-linux* \ 42 | && . ${HOME}/.profile \ 43 | && nix-collect-garbage --delete-old \ 44 | && nix-store --optimise \ 45 | && nix-store --verify --check-contents 46 | -------------------------------------------------------------------------------- /gitlab-runner-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Dockerfile for a system container that includes the GitLab runner 3 | # plus it's own docker daemon. 4 | # 5 | # This allows the GitLab runner to run with the Docker executor in total 6 | # isolation from the underlying host, thus improving security (particularly for 7 | # CI jobs that interact with Docker by issuing commands such as "docker build" 8 | # or "docker run". 9 | # 10 | # Start the GitLab runner with: 11 | # 12 | # $ docker run --runtime=sysbox-runc -d --name gitlab-runner --restart always -v /srv/gitlab-runner/config:/etc/gitlab-runner nestybox/gitlab-runner-docker 13 | # 14 | # Then register it with the GitLab server: 15 | # 16 | # $ docker run --rm -it -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register 17 | # 18 | 19 | FROM gitlab/gitlab-runner:latest 20 | 21 | # Docker install (cli + engine) 22 | RUN apt-get update && apt-get install --no-install-recommends -y \ 23 | apt-transport-https \ 24 | ca-certificates \ 25 | curl \ 26 | gnupg-agent \ 27 | software-properties-common \ 28 | && rm -rf /var/lib/apt/lists/* 29 | RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - 30 | RUN apt-key fingerprint 0EBFCD88 31 | RUN add-apt-repository \ 32 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 33 | $(lsb_release -cs) \ 34 | stable" 35 | RUN apt-get update && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io \ 36 | && rm -rf /var/lib/apt/lists/* 37 | 38 | # Modify the gitlab runner's entrypoint to start the docker engine 39 | RUN sed -i 's/#!\/bin\/bash/#!\/bin\/bash\nrm \/var\/run\/docker.pid\ndockerd > \/var\/log\/dockerd.log 2>\&1 \&\nsleep 3/' entrypoint 40 | -------------------------------------------------------------------------------- /.github/workflows/docker-publish.yml: -------------------------------------------------------------------------------- 1 | name: Docker 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | push_to_registries: 10 | name: Build Docker image and Push to both Dockerhub and Github Container-Registry 11 | runs-on: ubuntu-latest 12 | 13 | steps: 14 | - name: Check out the repo 15 | uses: actions/checkout@v2 16 | with: 17 | fetch-depth: 0 18 | 19 | - name: Log into Dockerhub registry 20 | run: echo "${{ secrets.PASSWORD_DOCKERHUB }}" | docker login -u ${{ secrets.USERNAME_DOCKERHUB }} --password-stdin 21 | 22 | - name: Log into Github registry 23 | run: echo "${{ secrets.CR_PAT }}" | docker login https://ghcr.io -u $GITHUB_ACTOR --password-stdin 24 | 25 | - name: Build and push the images 26 | run: | 27 | # Identify Dockerfile changes across the repo and build/push the corresponding image 28 | # to both Dockerhub and Github repos. 29 | for filePath in $(git diff-tree --no-commit-id --name-only -r ${{ github.sha }} ${{ github.event.before }} | grep "Dockerfile"); 30 | do 31 | folder=${filePath%"/Dockerfile"} 32 | IMAGE_NAME=${folder##*/} 33 | 34 | tmpName="image-$RANDOM" 35 | docker build $folder --file $folder/Dockerfile --tag $tmpName 36 | 37 | IMAGE_ID_DOCKERHUB=${{ secrets.USERNAME_DOCKERHUB }}/$IMAGE_NAME 38 | IMAGE_ID_GITHUB=ghcr.io/${{ secrets.USERNAME_GITHUB }}/$IMAGE_NAME 39 | 40 | echo IMAGE_ID=$IMAGE_ID 41 | echo VERSION=$VERSION 42 | 43 | docker tag $tmpName $IMAGE_ID_DOCKERHUB:latest 44 | docker push $IMAGE_ID_DOCKERHUB:latest 45 | 46 | docker tag $tmpName $IMAGE_ID_GITHUB:latest 47 | docker push $IMAGE_ID_GITHUB:latest 48 | done; 49 | 50 | -------------------------------------------------------------------------------- /kindestnode/1.21/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # nestybox/kindestnode:v1.21.2 3 | # 4 | # This image can be used to deploy K8s.io KinD *inside* a Sysbox container (or pod). 5 | # 6 | # NOTE: this is not the image for the Sysbox container. This is an image for the 7 | # inner containers that the KinD tool will run inside the Sysbox container. 8 | # The KinD tool is itself running inside the Sysbox container, and uses this 9 | # image to create the K8s nodes that form the KinD cluster. 10 | # 11 | # Why is this image needed? 12 | # 13 | # The kindest/node:v1.21.2 image requires cgroups v2 be enabled on the 14 | # host whenever it's running on a rootless environment (more specifically 15 | # within a user-namespace). 16 | # 17 | # This requirement stems from the fact that cgroups v2 formalizes the concept of 18 | # "cgroup delegation", where the container is allowed to manage a subset of the 19 | # cgroup hierarchy. 20 | # 21 | # In Sysbox containers however, this requirement is too stringent, as Sysbox 22 | # supports cgroup delegation with cgroups v1 too (i.e., it uses a technique 23 | # to ensure that a container can manage a cgroup hierarchy in isolation 24 | # whether the host is configured with cgroups v1 or v2). 25 | # 26 | # Therefore, this image relaxes the cgroup v2 requirement by modifying the 27 | # entrypoint script in the kindest/node:v1.21.2. 28 | # 29 | # Usage: 30 | # 31 | # 1) Launch a Sysbox container (or pod) and install the K8s.io KinD tool inside of it. 32 | # 33 | # For example, there is another container image called nestybox/kindind that comes 34 | # with Ubuntu + Docker + KinD in it already: 35 | # 36 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont --hostname=syscont nestybox/kindind 37 | # 38 | # 2) Inside the Sysbox container, use the K8s.io KinD tool to create a K8s-in-Docker 39 | # cluster, using the nestybox/kindestnode image: 40 | # 41 | # $ kind create cluster --image=nestybox/kindestnode:v1.21.2 42 | # 43 | # That's it: with this you'll get a full K8s cluster (thanks to KinD) deployed 44 | # in Docker containers, all of which are running inside a single, well isolated 45 | # (rootless) Sysbox container. 46 | # 47 | 48 | FROM kindest/node:v1.21.2 49 | RUN sed -i 's/^validate_userns$/# validate_userns/' /usr/local/bin/entrypoint 50 | -------------------------------------------------------------------------------- /kindestnode/1.18/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # nestybox/kindestnode:v1.18.19 3 | # 4 | # This image can be used to deploy K8s.io KinD *inside* a Sysbox container (or pod). 5 | # 6 | # NOTE: this is not the image for the Sysbox container. This is an image for the 7 | # inner containers that the KinD tool will run inside the Sysbox container. 8 | # The KinD tool is itself running inside the Sysbox container, and uses this 9 | # image to create the K8s nodes that form the KinD cluster. 10 | # 11 | # Why is this image needed? 12 | # 13 | # The kindest/node:v1.18.19 image requires cgroups v2 be enabled on the 14 | # host whenever it's running on a rootless environment (more specifically 15 | # within a user-namespace). 16 | # 17 | # This requirement stems from the fact that cgroups v2 formalizes the concept of 18 | # "cgroup delegation", where the container is allowed to manage a subset of the 19 | # cgroup hierarchy. 20 | # 21 | # In Sysbox containers however, this requirement is too stringent, as Sysbox 22 | # supports cgroup delegation with cgroups v1 too (i.e., it uses a technique 23 | # to ensure that a container can manage a cgroup hierarchy in isolation 24 | # whether the host is configured with cgroups v1 or v2). 25 | # 26 | # Therefore, this image relaxes the cgroup v2 requirement by modifying the 27 | # entrypoint script in the kindest/node:v1.18.19. 28 | # 29 | # Usage: 30 | # 31 | # 1) Launch a Sysbox container (or pod) and install the K8s.io KinD tool inside of it. 32 | # 33 | # For example, there is another container image called nestybox/kindind that comes 34 | # with Ubuntu + Docker + KinD: 35 | # 36 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont --hostname=syscont nestybox/kindind 37 | # 38 | # 2) Inside the Sysbox container, use the K8s.io KinD tool to create a K8s-in-Docker 39 | # cluster, using the nestybox/kindestnode image: 40 | # 41 | # $ kind create cluster --image=nestybox/kindestnode:v1.18.19 42 | # 43 | # That's it: with this you'll get a full K8s cluster (thanks to KinD) deployed 44 | # in Docker containers, all of which are running inside a single, well isolated 45 | # (rootless) Sysbox container. 46 | # 47 | 48 | # NOTE: earlier versions of kindest node v1.18 also required a patch OCI runc; 49 | # v1.18.19 does not. 50 | 51 | FROM kindest/node:v1.18.19 52 | RUN sed -i 's/^validate_userns$/# validate_userns/' /usr/local/bin/entrypoint 53 | -------------------------------------------------------------------------------- /kindestnode/1.19/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # nestybox/kindestnode:v1.19.11 3 | # 4 | # This image can be used to deploy K8s.io KinD *inside* a Sysbox container (or pod). 5 | # 6 | # NOTE: this is not the image for the Sysbox container. This is an image for the 7 | # inner containers that the KinD tool will run inside the Sysbox container. 8 | # The KinD tool is itself running inside the Sysbox container, and uses this 9 | # image to create the K8s nodes that form the KinD cluster. 10 | # 11 | # Why is this image needed? 12 | # 13 | # The kindest/node:v1.19.11 image requires cgroups v2 be enabled on the 14 | # host whenever it's running on a rootless environment (more specifically 15 | # within a user-namespace). 16 | # 17 | # This requirement stems from the fact that cgroups v2 formalizes the concept of 18 | # "cgroup delegation", where the container is allowed to manage a subset of the 19 | # cgroup hierarchy. 20 | # 21 | # In Sysbox containers however, this requirement is too stringent, as Sysbox 22 | # supports cgroup delegation with cgroups v1 too (i.e., it uses a technique 23 | # to ensure that a container can manage a cgroup hierarchy in isolation 24 | # whether the host is configured with cgroups v1 or v2). 25 | # 26 | # Therefore, this image relaxes the cgroup v2 requirement by modifying the 27 | # entrypoint script in the kindest/node:v1.19.11. 28 | # 29 | # Usage: 30 | # 31 | # 1) Launch a Sysbox container (or pod) and install the K8s.io KinD tool inside of it. 32 | # 33 | # For example, there is another container image called nestybox/kindind that comes 34 | # with Ubuntu + Docker + KinD: 35 | # 36 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont --hostname=syscont nestybox/kindind 37 | # 38 | # 2) Inside the Sysbox container, use the K8s.io KinD tool to create a K8s-in-Docker 39 | # cluster, using the nestybox/kindestnode image: 40 | # 41 | # $ kind create cluster --image=nestybox/kindestnode:v1.19.11 42 | # 43 | # That's it: with this you'll get a full K8s cluster (thanks to KinD) deployed 44 | # in Docker containers, all of which are running inside a single, well isolated 45 | # (rootless) Sysbox container. 46 | # 47 | 48 | # NOTE: earlier versions of kindest node v1.19 also required a patch OCI runc; 49 | # v1.19.11 does not. 50 | 51 | FROM kindest/node:v1.19.11 52 | RUN sed -i 's/^validate_userns$/# validate_userns/' /usr/local/bin/entrypoint 53 | -------------------------------------------------------------------------------- /kindestnode/1.20/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # nestybox/kindestnode:v1.20.7 3 | # 4 | # This image can be used to deploy K8s.io KinD *inside* a Sysbox container (or pod). 5 | # 6 | # NOTE: this is not the image for the Sysbox container. This is an image for the 7 | # inner containers that the KinD tool will run inside the Sysbox container. 8 | # The KinD tool is itself running inside the Sysbox container, and uses this 9 | # image to create the K8s nodes that form the KinD cluster. 10 | # 11 | # Why is this image needed? 12 | # 13 | # The kindest/node:v1.20.7 image requires cgroups v2 be enabled on the 14 | # host whenever it's running on a rootless environment (more specifically 15 | # within a user-namespace). 16 | # 17 | # This requirement stems from the fact that cgroups v2 formalizes the concept of 18 | # "cgroup delegation", where the container is allowed to manage a subset of the 19 | # cgroup hierarchy. 20 | # 21 | # In Sysbox containers however, this requirement is too stringent, as Sysbox 22 | # supports cgroup delegation with cgroups v1 too (i.e., it uses a technique 23 | # to ensure that a container can manage a cgroup hierarchy in isolation 24 | # whether the host is configured with cgroups v1 or v2). 25 | # 26 | # Therefore, this image relaxes the cgroup v2 requirement by modifying the 27 | # entrypoint script in the kindest/node:v1.20.7. 28 | # 29 | # Usage: 30 | # 31 | # 1) Launch a Sysbox container (or pod) and install the K8s.io KinD tool inside of it. 32 | # 33 | # For example, there is another container image called nestybox/kindind that comes 34 | # with Ubuntu + Docker + KinD in it already: 35 | # 36 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont --hostname=syscont nestybox/kindind 37 | # 38 | # 2) Inside the Sysbox container, use the K8s.io KinD tool to create a K8s-in-Docker 39 | # cluster, using the nestybox/kindestnode image: 40 | # 41 | # $ kind create cluster --image=nestybox/kindestnode:v1.20.7 42 | # 43 | # That's it: with this you'll get a full K8s cluster (thanks to KinD) deployed 44 | # in Docker containers, all of which are running inside a single, well isolated 45 | # (rootless) Sysbox container. 46 | # 47 | 48 | # NOTE: earlier versions of kindest node v1.20 also required a patch OCI runc; 49 | # v1.20.7 does not. 50 | 51 | FROM kindest/node:v1.20.7 52 | RUN sed -i 's/^validate_userns$/# validate_userns/' /usr/local/bin/entrypoint 53 | -------------------------------------------------------------------------------- /almalinux-8-systemd-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with AlmaLinux + Systemd + Sshd + Docker. 2 | # 3 | # Usage: 4 | # 5 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont nestybox/almalinux-8-systemd-docker 6 | # 7 | # This will run systemd and prompt for a user login; the default 8 | # user/password in this image is "admin/admin". Once you log in you 9 | # can run Docker inside as usual. You can also ssh into the image: 10 | # 11 | # $ ssh admin@ -p 12 | # 13 | # where is chosen by Docker and mapped into the system container's sshd port. 14 | # 15 | 16 | FROM nestybox/almalinux-8-systemd:latest 17 | 18 | # Docker install 19 | RUN dnf install -y dnf-plugins-core && \ 20 | dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \ 21 | dnf install -y docker-ce docker-ce-cli containerd.io && \ 22 | systemctl enable docker && \ 23 | \ 24 | # Housekeeping 25 | dnf clean all && \ 26 | rm -rf \ 27 | /var/cache/dnf/* \ 28 | /var/log/* \ 29 | /tmp/* \ 30 | /var/tmp/* \ 31 | /usr/share/doc/* \ 32 | /usr/share/man/* && \ 33 | \ 34 | # Add user "admin" to the Docker group 35 | usermod -a -G docker admin 36 | 37 | # Sshd install 38 | RUN dnf install -y openssh-server && \ 39 | mkdir /home/admin/.ssh && \ 40 | chown admin:admin /home/admin/.ssh 41 | 42 | EXPOSE 22 43 | 44 | # Set systemd as entrypoint. 45 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 46 | -------------------------------------------------------------------------------- /rockylinux-8-systemd-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Rocky Linux + Systemd + Sshd + Docker. 2 | # 3 | # Usage: 4 | # 5 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont nestybox/rockylinux-8-systemd-docker 6 | # 7 | # This will run systemd and prompt for a user login; the default 8 | # user/password in this image is "admin/admin". Once you log in you 9 | # can run Docker inside as usual. You can also ssh into the image: 10 | # 11 | # $ ssh admin@ -p 12 | # 13 | # where is chosen by Docker and mapped into the system container's sshd port. 14 | # 15 | 16 | FROM nestybox/rockylinux-8-systemd:latest 17 | 18 | # Docker install 19 | RUN dnf install -y dnf-plugins-core && \ 20 | dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \ 21 | dnf install -y docker-ce docker-ce-cli containerd.io && \ 22 | systemctl enable docker && \ 23 | \ 24 | # Housekeeping 25 | dnf clean all && \ 26 | rm -rf \ 27 | /var/cache/dnf/* \ 28 | /var/log/* \ 29 | /tmp/* \ 30 | /var/tmp/* \ 31 | /usr/share/doc/* \ 32 | /usr/share/man/* && \ 33 | \ 34 | # Add user "admin" to the Docker group 35 | usermod -a -G docker admin 36 | 37 | # Sshd install 38 | RUN dnf install -y openssh-server && \ 39 | mkdir /home/admin/.ssh && \ 40 | chown admin:admin /home/admin/.ssh 41 | 42 | EXPOSE 22 43 | 44 | # Set systemd as entrypoint. 45 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 46 | -------------------------------------------------------------------------------- /centos-stream-8-systemd-docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with CentOS Stream + Systemd + Sshd + Docker. 2 | # 3 | # Usage: 4 | # 5 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont nestybox/centos-stream-8-systemd-docker 6 | # 7 | # This will run systemd and prompt for a user login; the default 8 | # user/password in this image is "admin/admin". Once you log in you 9 | # can run Docker inside as usual. You can also ssh into the image: 10 | # 11 | # $ ssh admin@ -p 12 | # 13 | # where is chosen by Docker and mapped into the system container's sshd port. 14 | # 15 | 16 | FROM nestybox/centos-stream-8-systemd:latest 17 | 18 | # Docker install 19 | RUN dnf install -y dnf-plugins-core && \ 20 | dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \ 21 | dnf install -y docker-ce docker-ce-cli containerd.io && \ 22 | systemctl enable docker && \ 23 | \ 24 | # Housekeeping 25 | dnf clean all && \ 26 | rm -rf \ 27 | /var/cache/dnf/* \ 28 | /var/log/* \ 29 | /tmp/* \ 30 | /var/tmp/* \ 31 | /usr/share/doc/* \ 32 | /usr/share/man/* && \ 33 | \ 34 | # Add user "admin" to the Docker group 35 | usermod -a -G docker admin 36 | 37 | # Sshd install 38 | RUN dnf install -y openssh-server && \ 39 | mkdir /home/admin/.ssh && \ 40 | chown admin:admin /home/admin/.ssh 41 | 42 | EXPOSE 22 43 | 44 | # Set systemd as entrypoint. 45 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 46 | -------------------------------------------------------------------------------- /almalinux-8-systemd/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with AlmaLinux + Systemd 2 | # 3 | # Description: 4 | # 5 | # This image serves as a basic reference example for user's looking to 6 | # run Systemd inside a system container in order to deploy various 7 | # services within the system container, or use it as a virtual host 8 | # environment. 9 | # 10 | # Usage: 11 | # 12 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/almalinux-8-systemd 13 | # 14 | # This will run systemd and prompt for a user login; the default user/password 15 | # in this image is "admin/admin". 16 | 17 | FROM almalinux:8 18 | 19 | # 20 | # Systemd installation 21 | # 22 | RUN dnf install -y \ 23 | iptables \ 24 | iproute \ 25 | kmod \ 26 | procps-ng \ 27 | sudo \ 28 | udev && \ 29 | # Unmask services 30 | systemctl unmask \ 31 | systemd-remount-fs.service \ 32 | dev-hugepages.mount \ 33 | sys-fs-fuse-connections.mount \ 34 | systemd-logind.service \ 35 | getty.target \ 36 | console-getty.service && \ 37 | # Prevents journald from reading kernel messages from /dev/kmsg 38 | echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ 39 | \ 40 | # Housekeeping 41 | dnf clean all && \ 42 | rm -rf \ 43 | /var/cache/dnf/* \ 44 | /var/log/* \ 45 | /tmp/* \ 46 | /var/tmp/* \ 47 | /usr/share/doc/* \ 48 | /usr/share/man/* && \ 49 | \ 50 | # Create default 'admin/admin' user 51 | useradd --create-home --shell /bin/bash admin -G wheel && echo "admin:admin" | chpasswd 52 | 53 | # Make use of stopsignal (instead of sigterm) to stop systemd containers. 54 | STOPSIGNAL SIGRTMIN+3 55 | 56 | # Set systemd as entrypoint. 57 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 58 | -------------------------------------------------------------------------------- /rockylinux-8-systemd/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Rocky Linux + Systemd 2 | # 3 | # Description: 4 | # 5 | # This image serves as a basic reference example for user's looking to 6 | # run Systemd inside a system container in order to deploy various 7 | # services within the system container, or use it as a virtual host 8 | # environment. 9 | # 10 | # Usage: 11 | # 12 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/rockylinux-8-systemd 13 | # 14 | # This will run systemd and prompt for a user login; the default user/password 15 | # in this image is "admin/admin". 16 | 17 | FROM rockylinux:8 18 | 19 | # 20 | # Systemd installation 21 | # 22 | RUN dnf install -y \ 23 | iptables \ 24 | iproute \ 25 | kmod \ 26 | procps-ng \ 27 | sudo \ 28 | udev && \ 29 | # Unmask services 30 | systemctl unmask \ 31 | systemd-remount-fs.service \ 32 | dev-hugepages.mount \ 33 | sys-fs-fuse-connections.mount \ 34 | systemd-logind.service \ 35 | getty.target \ 36 | console-getty.service && \ 37 | # Prevents journald from reading kernel messages from /dev/kmsg 38 | echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ 39 | \ 40 | # Housekeeping 41 | dnf clean all && \ 42 | rm -rf \ 43 | /var/cache/dnf/* \ 44 | /var/log/* \ 45 | /tmp/* \ 46 | /var/tmp/* \ 47 | /usr/share/doc/* \ 48 | /usr/share/man/* && \ 49 | \ 50 | # Create default 'admin/admin' user 51 | useradd --create-home --shell /bin/bash admin -G wheel && echo "admin:admin" | chpasswd 52 | 53 | # Make use of stopsignal (instead of sigterm) to stop systemd containers. 54 | STOPSIGNAL SIGRTMIN+3 55 | 56 | # Set systemd as entrypoint. 57 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 58 | -------------------------------------------------------------------------------- /centos-stream-8-systemd/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with CentOS Stream + Systemd 2 | # 3 | # Description: 4 | # 5 | # This image serves as a basic reference example for user's looking to 6 | # run Systemd inside a system container in order to deploy various 7 | # services within the system container, or use it as a virtual host 8 | # environment. 9 | # 10 | # Usage: 11 | # 12 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/centos-stream-8-systemd 13 | # 14 | # This will run systemd and prompt for a user login; the default user/password 15 | # in this image is "admin/admin". 16 | 17 | FROM quay.io/centos/centos:stream8 18 | 19 | # 20 | # Systemd installation 21 | # 22 | RUN dnf install -y \ 23 | iptables \ 24 | iproute \ 25 | kmod \ 26 | procps-ng \ 27 | sudo \ 28 | udev && \ 29 | # Unmask services 30 | systemctl unmask \ 31 | systemd-remount-fs.service \ 32 | dev-hugepages.mount \ 33 | sys-fs-fuse-connections.mount \ 34 | systemd-logind.service \ 35 | getty.target \ 36 | console-getty.service && \ 37 | # Prevents journald from reading kernel messages from /dev/kmsg 38 | echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ 39 | \ 40 | # Housekeeping 41 | dnf clean all && \ 42 | rm -rf \ 43 | /var/cache/dnf/* \ 44 | /var/log/* \ 45 | /tmp/* \ 46 | /var/tmp/* \ 47 | /usr/share/doc/* \ 48 | /usr/share/man/* && \ 49 | \ 50 | # Create default 'admin/admin' user 51 | useradd --create-home --shell /bin/bash admin -G wheel && echo "admin:admin" | chpasswd 52 | 53 | # Make use of stopsignal (instead of sigterm) to stop systemd containers. 54 | STOPSIGNAL SIGRTMIN+3 55 | 56 | # Set systemd as entrypoint. 57 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 58 | -------------------------------------------------------------------------------- /ubuntu-impish-systemd/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Ubuntu Impish + Systemd 2 | # 3 | # Description: 4 | # 5 | # This image serves as a basic reference example for user's looking to 6 | # run Systemd inside a system container in order to deploy various 7 | # services within the system container, or use it as a virtual host 8 | # environment. 9 | # 10 | # Usage: 11 | # 12 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/ubuntu-impish-systemd 13 | # 14 | # This will run systemd and prompt for a user login; the default user/password 15 | # in this image is "admin/admin". 16 | 17 | FROM ubuntu:impish 18 | 19 | # 20 | # Systemd installation 21 | # 22 | RUN apt-get update && \ 23 | apt-get install -y --no-install-recommends \ 24 | systemd \ 25 | systemd-sysv \ 26 | libsystemd0 \ 27 | ca-certificates \ 28 | dbus \ 29 | iptables \ 30 | iproute2 \ 31 | kmod \ 32 | locales \ 33 | sudo \ 34 | udev && \ 35 | \ 36 | # Prevents journald from reading kernel messages from /dev/kmsg 37 | echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ 38 | \ 39 | # Housekeeping 40 | apt-get clean -y && \ 41 | rm -rf \ 42 | /var/cache/debconf/* \ 43 | /var/lib/apt/lists/* \ 44 | /var/log/* \ 45 | /tmp/* \ 46 | /var/tmp/* \ 47 | /usr/share/doc/* \ 48 | /usr/share/man/* \ 49 | /usr/share/local/* && \ 50 | \ 51 | # Create default 'admin/admin' user 52 | useradd --create-home --shell /bin/bash admin && echo "admin:admin" | chpasswd && adduser admin sudo 53 | 54 | # Make use of stopsignal (instead of sigterm) to stop systemd containers. 55 | STOPSIGNAL SIGRTMIN+3 56 | 57 | # Set systemd as entrypoint. 58 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 59 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Nestybox System Container Dockerfiles 2 | ===================================== 3 | 4 | This directory contains the Dockerfiles for system container images 5 | uploaded to the Nestybox public repos on DockerHub and Github. 6 | 7 | The Dockerfiles and associated images are meant to be used as examples. 8 | 9 | Feel free to copy them and modify them to your needs, or source them 10 | from within your Dockerfiles. 11 | 12 | # Building the images 13 | 14 | * In general, make sure to build each image for the supported platforms. For example, to 15 | build and push the `ghcr.io/nestybox/alpine-test` image for both amd64 and arm64: 16 | 17 | ```console 18 | $ docker buildx create --driver=docker-container --name mybuilder --use 19 | $ cd alpine-test 20 | $ docker buildx build --platform linux/amd64,linux/arm64 -t ghcr.io/nestybox/alpine . --push 21 | ``` 22 | 23 | # Pulling a Nestybox system container image 24 | 25 | For example, to run the system container image that contains Ubuntu 26 | Bionic + Docker, simply type the following: 27 | 28 | * DockerHub registry 29 | 30 | ```console 31 | $ docker run --runtime=sysbox-runc -it nestybox/ubuntu-bionic-docker:latest 32 | ``` 33 | 34 | * Github registry: 35 | 36 | ```console 37 | $ docker run --runtime=sysbox-runc -it ghcr.io/nestybox/ubuntu-bionic-docker:latest 38 | ``` 39 | 40 | # Customizing the system container to your needs 41 | 42 | Two approaches: either source the Nestybox image from within your own 43 | Dockerfile, or copy the Nestybox Dockerfile and modify it. 44 | 45 | The former approach makes sense if you wish to leverage the entire image. 46 | 47 | The latter approach makes sense if there is some instruction within the 48 | Nestybox Dockerfile that you wish to change. 49 | 50 | ## Sourcing the Nestybox Image 51 | 52 | Simply add this at the beginning of your Dockerfile 53 | 54 | ```console 55 | FROM nestybox/ubuntu-disco-docker:latest 56 | ``` 57 | 58 | Then add your instructions to the Dockerfile. 59 | 60 | Then build the image and tag it: 61 | 62 | ```console 63 | $ docker build . 64 | $ docker tag my-custom-syscont:latest 65 | ``` 66 | 67 | And run it with: 68 | 69 | ```console 70 | $ docker run --runtime=sysbox-runc -it my-custom-syscont:latest 71 | ``` 72 | 73 | You can then push the image to your own container image repo for later re-use. 74 | 75 | ## Copy the Dockerfile, modify it, and build a new image 76 | 77 | First, copy the Nestybox Dockerfile to some directory, `cd` to that directory, and modify it per your needs. 78 | 79 | Then build the image and tag it: 80 | 81 | ```console 82 | $ docker build . 83 | $ docker tag my-custom-syscont:latest 84 | ``` 85 | 86 | And run it with: 87 | 88 | ```console 89 | $ docker run --runtime=sysbox-runc -it my-custom-syscont:latest 90 | ``` 91 | 92 | You can then push the image to your own container image repo for later re-use. 93 | -------------------------------------------------------------------------------- /test-syscont/get-inner-img.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | prog_name=$(basename "$0") 4 | 5 | usage() 6 | { 7 | echo " 8 | Usage: 9 | $prog_name [OPTIONS] 10 | 11 | Gets inner images to embedd in the system container used for Sysbox integration tests. 12 | 13 | Options: 14 | -d, --debug Debug mode (default false). 15 | -h, --help Display this help and exit. 16 | -c, --clean Don't get anything; perform cleanup actions. 17 | " 18 | } 19 | 20 | parseCmdArgs() 21 | { 22 | opts=$(getopt \ 23 | -o dhc \ 24 | -l clean,debug,help \ 25 | -n "$prog_name" \ 26 | -- "$@" 27 | ) 28 | 29 | eval set --$opts 30 | 31 | while : 32 | do 33 | case "$1" in 34 | -c | --clean ) 35 | clean="clean" 36 | shift 37 | ;; 38 | -h | --help ) 39 | usage 40 | exit 0 41 | ;; 42 | -d | --debug ) 43 | debug="debug" 44 | shift 45 | ;; 46 | --) # End of all options 47 | shift 48 | break; 49 | ;; 50 | -*) 51 | echo "Error: Unknown option: $1" >&2 52 | usage 53 | exit 1 54 | ;; 55 | *) # No more options 56 | break 57 | ;; 58 | esac 59 | done 60 | 61 | # Check for any remaining unknown params after options 62 | if [ $# -ne 0 ] 63 | then 64 | echo "Error: invalid arguments in command line ($@)" 65 | exit 1 66 | fi 67 | } 68 | 69 | # the list of inner images to be retrieved 70 | inner_img=( "mysql/mysql-server:5.6,mysql_server_5.6.tar" 71 | "python:alpine,python_alpine.tar" 72 | "elasticsearch:5.6.16-alpine,elasticsearch_5.6.16-alpine.tar" 73 | "alpine:3.10,alpine_3.10.tar" 74 | "httpd:alpine,httpd_alpine.tar" 75 | "fluent/fluentd:edge,fluentd_edge.tar" 76 | "nginx:mainline-alpine,nginx_mainline_alpine.tar" 77 | "postgres:alpine,postgres_alpine.tar" 78 | "prom/prometheus,prometheus.tar" 79 | "redis:5.0.5-alpine,redis_5.0.5_alpine.tar" 80 | "influxdb:1.7-alpine,influxdb_1.7-alpine.tar" 81 | "telegraf:1.12-alpine,telegraf-1.12-alpine.tar" ) 82 | 83 | function get_img() { 84 | for i in "${inner_img[@]}"; do 85 | img=$(sh -c "echo \"$i\" | cut -f1 -d\",\"") 86 | tar=$(sh -c "echo \"$i\" | cut -f2 -d\",\"") 87 | 88 | if [ ! -f "$tar" ]; then 89 | docker pull "$img" 90 | docker save -o "$tar" "$img" 91 | docker image rm "$img" 92 | fi 93 | done 94 | } 95 | 96 | function clean_img() { 97 | for i in "${inner_img[@]}"; do 98 | img=$(sh -c "echo \"$i\" | cut -f1 -d\",\"") 99 | tar=$(sh -c "echo \"$i\" | cut -f2 -d\",\"") 100 | 101 | if [ -f "$tar" ]; then 102 | rm "$tar" 103 | fi 104 | done 105 | } 106 | 107 | parseCmdArgs $@ 108 | 109 | [ -n "$debug" ] && set -x 110 | 111 | if [ -n "$clean" ]; then 112 | clean_img 113 | else 114 | get_img 115 | fi 116 | 117 | exit 0 118 | -------------------------------------------------------------------------------- /ubuntu-focal-systemd/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Ubuntu Focal + Systemd 2 | # 3 | # Description: 4 | # 5 | # This image serves as a basic reference example for user's looking to 6 | # run Systemd inside a system container in order to deploy various 7 | # services within the system container, or use it as a virtual host 8 | # environment. 9 | # 10 | # Usage: 11 | # 12 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/ubuntu-focal-systemd 13 | # 14 | # This will run systemd and prompt for a user login; the default user/password 15 | # in this image is "admin/admin". 16 | 17 | FROM ubuntu:focal 18 | 19 | # 20 | # Systemd installation 21 | # 22 | RUN apt-get update && \ 23 | apt-get install -y --no-install-recommends \ 24 | systemd \ 25 | systemd-sysv \ 26 | libsystemd0 \ 27 | ca-certificates \ 28 | dbus \ 29 | iptables \ 30 | iproute2 \ 31 | kmod \ 32 | locales \ 33 | sudo \ 34 | udev && \ 35 | \ 36 | # Prevents journald from reading kernel messages from /dev/kmsg 37 | echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ 38 | \ 39 | # Housekeeping 40 | apt-get clean -y && \ 41 | rm -rf \ 42 | /var/cache/debconf/* \ 43 | /var/lib/apt/lists/* \ 44 | /var/log/* \ 45 | /tmp/* \ 46 | /var/tmp/* \ 47 | /usr/share/doc/* \ 48 | /usr/share/man/* \ 49 | /usr/share/local/* && \ 50 | \ 51 | # Create default 'admin/admin' user 52 | useradd --create-home --shell /bin/bash admin && echo "admin:admin" | chpasswd && adduser admin sudo 53 | 54 | # Disable systemd services/units that are unnecessary within a container. 55 | RUN systemctl mask systemd-udevd.service \ 56 | systemd-udevd-kernel.socket \ 57 | systemd-udevd-control.socket \ 58 | systemd-modules-load.service \ 59 | sys-kernel-debug.mount \ 60 | sys-kernel-tracing.mount 61 | 62 | # Make use of stopsignal (instead of sigterm) to stop systemd containers. 63 | STOPSIGNAL SIGRTMIN+3 64 | 65 | # Set systemd as entrypoint. 66 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 67 | 68 | -------------------------------------------------------------------------------- /ubuntu-jammy-systemd/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Ubuntu Jammy + Systemd 2 | # 3 | # Description: 4 | # 5 | # This image serves as a basic reference example for user's looking to 6 | # run Systemd inside a system container in order to deploy various 7 | # services within the system container, or use it as a virtual host 8 | # environment. 9 | # 10 | # Usage: 11 | # 12 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/ubuntu-jammy-systemd 13 | # 14 | # This will run systemd and prompt for a user login; the default user/password 15 | # in this image is "admin/admin". 16 | 17 | FROM ubuntu:jammy 18 | 19 | # 20 | # Systemd installation 21 | # 22 | RUN apt-get update && \ 23 | apt-get install -y --no-install-recommends \ 24 | systemd \ 25 | systemd-sysv \ 26 | libsystemd0 \ 27 | ca-certificates \ 28 | dbus \ 29 | iptables \ 30 | iproute2 \ 31 | kmod \ 32 | locales \ 33 | sudo \ 34 | udev && \ 35 | \ 36 | # Prevents journald from reading kernel messages from /dev/kmsg 37 | echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ 38 | \ 39 | # Housekeeping 40 | apt-get clean -y && \ 41 | rm -rf \ 42 | /var/cache/debconf/* \ 43 | /var/lib/apt/lists/* \ 44 | /var/log/* \ 45 | /tmp/* \ 46 | /var/tmp/* \ 47 | /usr/share/doc/* \ 48 | /usr/share/man/* \ 49 | /usr/share/local/* && \ 50 | \ 51 | # Create default 'admin/admin' user 52 | useradd --create-home --shell /bin/bash admin && echo "admin:admin" | chpasswd && adduser admin sudo 53 | 54 | # Disable systemd services/units that are unnecessary within a container. 55 | RUN systemctl mask systemd-udevd.service \ 56 | systemd-udevd-kernel.socket \ 57 | systemd-udevd-control.socket \ 58 | systemd-modules-load.service \ 59 | sys-kernel-debug.mount \ 60 | sys-kernel-tracing.mount 61 | 62 | # Make use of stopsignal (instead of sigterm) to stop systemd containers. 63 | STOPSIGNAL SIGRTMIN+3 64 | 65 | # Set systemd as entrypoint. 66 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 67 | 68 | -------------------------------------------------------------------------------- /ubuntu-bionic-systemd/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Ubuntu Bionic + Systemd 3 | # 4 | # Description: 5 | # 6 | # This image serves as a basic reference example for user's looking to 7 | # run Systemd inside a system container in order to deploy various 8 | # services within the system container, or use it as a virtual host 9 | # environment. 10 | # 11 | # Usage: 12 | # 13 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/ubuntu-bionic-systemd 14 | # 15 | # This will run systemd and prompt for a user login; the default user/password 16 | # in this image is "admin/admin". 17 | 18 | FROM ubuntu:bionic 19 | 20 | # 21 | # Systemd installation 22 | # 23 | RUN apt-get update && \ 24 | apt-get install -y --no-install-recommends \ 25 | systemd \ 26 | systemd-sysv \ 27 | libsystemd0 \ 28 | ca-certificates \ 29 | dbus \ 30 | iptables \ 31 | iproute2 \ 32 | kmod \ 33 | locales \ 34 | sudo \ 35 | udev && \ 36 | \ 37 | # Prevents journald from reading kernel messages from /dev/kmsg 38 | echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ 39 | \ 40 | # Housekeeping 41 | apt-get clean -y && \ 42 | rm -rf \ 43 | /var/cache/debconf/* \ 44 | /var/lib/apt/lists/* \ 45 | /var/log/* \ 46 | /tmp/* \ 47 | /var/tmp/* \ 48 | /usr/share/doc/* \ 49 | /usr/share/man/* \ 50 | /usr/share/local/* && \ 51 | \ 52 | # Create default 'admin/admin' user 53 | useradd --create-home --shell /bin/bash admin && echo "admin:admin" | chpasswd && adduser admin sudo 54 | 55 | # Disable systemd services/units that are unnecessary within a container. 56 | RUN systemctl mask systemd-udevd.service \ 57 | systemd-udevd-kernel.socket \ 58 | systemd-udevd-control.socket \ 59 | systemd-modules-load.service \ 60 | sys-kernel-config.mount \ 61 | sys-kernel-debug.mount \ 62 | sys-kernel-tracing.mount 63 | 64 | # Make use of stopsignal (instead of sigterm) to stop systemd containers. 65 | STOPSIGNAL SIGRTMIN+3 66 | 67 | # Set systemd as entrypoint. 68 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 69 | -------------------------------------------------------------------------------- /kindind/1.18/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # kindind: kubernetes-in-docker ... in docker :) 3 | # 4 | # 5 | # Why? 6 | # 7 | # This is useful as a way of encapsulating a full K8s cluster in a single 8 | # container image and properly isolating it from the underlying host. On the 9 | # latter point, K8s.io KinD uses unsecure privileged containers; by placing 10 | # K8s.io KinD inside a Sysbox container, the Sysbox container acts as secure 11 | # boundary around that entire K8s cluster. 12 | # 13 | # Build Process 14 | # ============= 15 | # 16 | # Building this image requires configuring Sysbox-runc as Docker's default 17 | # runtime during the build process. Refer to [this](https://github.com/nestybox/sysbox/blob/master/docs/quickstart/images.md#building-a-system-container-that-includes-inner-container-images) 18 | # document for mroe details. 19 | # 20 | # $ sudo more /etc/docker/daemon.json 21 | #{ 22 | # "default-runtime": "sysbox-runc", 23 | # "runtimes": { 24 | # "sysbox-runc": { 25 | # "path": "/usr/bin/sysbox-runc" 26 | # } 27 | # } 28 | #} 29 | # 30 | # $ sudo systemctl restart docker 31 | # $ docker build -t registry.nestybox.com/nestybox/k8s-node:v1.18.2 . 32 | # 33 | # Once the build completes, you can revert the default runtime config if you wish. 34 | # 35 | # Usage 36 | # ===== 37 | # 38 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont registry.nestybox.com/nestybox/kindind:v1.18.2 39 | # 40 | # This will spawn a sys container which contains systemd, Docker, and the K8s.io 41 | # KinD tool inside. Systemd login is "admin/admin". Once you log in you can run 42 | # K8s.io KinD as if you were in a VM. E.g.,: 43 | # 44 | # $ kind create cluster --image=registry.nestybox.com/nestybox/kindestnode:v1.18.2 45 | # 46 | # The "nestybox/kindestnode:v1.18.2" image is currently required due to a bug in 47 | # the OCI runc that prevents it from running correctly inside a system 48 | # container. Note that in this case said runc is running inside a privileged 49 | # container (deployed by k8s.io kind) that is inside a system container (where 50 | # that privileged container is only privileged with respect to the system 51 | # container, not with respect to the host). 52 | # 53 | 54 | FROM nestybox/ubuntu-bionic-systemd-docker:latest 55 | 56 | RUN apt-get update && apt-get install -y \ 57 | git \ 58 | make 59 | 60 | # kubectl (with bash completion) 61 | ARG k8s_version=v1.18.2 62 | RUN curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - \ 63 | && echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list \ 64 | && apt-get update \ 65 | && apt-get install kubectl="${k8s_version#v}"-00 \ 66 | && apt-get install bash-completion \ 67 | && kubectl completion bash >/etc/bash_completion.d/kubectl \ 68 | && apt-get clean -y \ 69 | && rm -rf /var/lib/apt/lists/* 70 | 71 | # K8s.io KinD 72 | RUN curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64 \ 73 | && chmod +x ./kind \ 74 | && mv ./kind /usr/bin/kind 75 | 76 | # Pre-fetch kindnestnode image to be utilized by KinD tool 77 | COPY download-node-img.sh /usr/bin 78 | RUN chmod +x /usr/bin/download-node-img.sh && download-node-img.sh && rm /usr/bin/download-node-img.sh 79 | -------------------------------------------------------------------------------- /kindind/1.19/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # kindind: kubernetes-in-docker ... in docker :) 3 | # 4 | # 5 | # Why? 6 | # 7 | # This is useful as a way of encapsulating a full K8s cluster in a single 8 | # container image and properly isolating it from the underlying host. On the 9 | # latter point, K8s.io KinD uses unsecure privileged containers; by placing 10 | # K8s.io KinD inside a Sysbox container, the Sysbox container acts as secure 11 | # boundary around that entire K8s cluster. 12 | # 13 | # Build Process 14 | # ============= 15 | # 16 | # Building this image requires configuring Sysbox-runc as Docker's default 17 | # runtime during the build process. Refer to [this](https://github.com/nestybox/sysbox/blob/master/docs/quickstart/images.md#building-a-system-container-that-includes-inner-container-images) 18 | # document for mroe details. 19 | # 20 | # $ sudo more /etc/docker/daemon.json 21 | #{ 22 | # "default-runtime": "sysbox-runc", 23 | # "runtimes": { 24 | # "sysbox-runc": { 25 | # "path": "/usr/bin/sysbox-runc" 26 | # } 27 | # } 28 | #} 29 | # 30 | # $ sudo systemctl restart docker 31 | # $ docker build -t registry.nestybox.com/nestybox/k8s-node:v1.19.4 . 32 | # 33 | # Once the build completes, you can revert the default runtime config if you wish. 34 | # 35 | # Usage 36 | # ===== 37 | # 38 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont registry.nestybox.com/nestybox/kindind:v1.19.4 39 | # 40 | # This will spawn a sys container which contains systemd, Docker, and the K8s.io 41 | # KinD tool inside. Systemd login is "admin/admin". Once you log in you can run 42 | # K8s.io KinD as if you were in a VM. E.g.,: 43 | # 44 | # $ kind create cluster --image=registry.nestybox.com/nestybox/kindestnode:v1.19.4 45 | # 46 | # The "nestybox/kindestnode:v1.19.4" image is currently required due to a bug in 47 | # the OCI runc that prevents it from running correctly inside a system 48 | # container. Note that in this case said runc is running inside a privileged 49 | # container (deployed by k8s.io kind) that is inside a system container (where 50 | # that privileged container is only privileged with respect to the system 51 | # container, not with respect to the host). 52 | # 53 | 54 | FROM nestybox/ubuntu-bionic-systemd-docker:latest 55 | 56 | RUN apt-get update && apt-get install -y \ 57 | git \ 58 | make 59 | 60 | # kubectl (with bash completion) 61 | ARG k8s_version=v1.19.4 62 | RUN curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - \ 63 | && echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list \ 64 | && apt-get update \ 65 | && apt-get install kubectl="${k8s_version#v}"-00 \ 66 | && apt-get install bash-completion \ 67 | && kubectl completion bash >/etc/bash_completion.d/kubectl \ 68 | && apt-get clean -y \ 69 | && rm -rf /var/lib/apt/lists/* 70 | 71 | # K8s.io KinD 72 | RUN curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64 \ 73 | && chmod +x ./kind \ 74 | && mv ./kind /usr/bin/kind 75 | 76 | # Pre-fetch kindnestnode image to be utilized by KinD tool 77 | COPY download-node-img.sh /usr/bin 78 | RUN chmod +x /usr/bin/download-node-img.sh && download-node-img.sh && rm /usr/bin/download-node-img.sh 79 | -------------------------------------------------------------------------------- /kindind/1.20/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # kindind: kubernetes-in-docker ... in docker :) 3 | # 4 | # 5 | # Why? 6 | # 7 | # This is useful as a way of encapsulating a full K8s cluster in a single 8 | # container image and properly isolating it from the underlying host. On the 9 | # latter point, K8s.io KinD uses unsecure privileged containers; by placing 10 | # K8s.io KinD inside a Sysbox container, the Sysbox container acts as secure 11 | # boundary around that entire K8s cluster. 12 | # 13 | # Build Process 14 | # ============= 15 | # 16 | # Building this image requires configuring Sysbox-runc as Docker's default 17 | # runtime during the build process. Refer to [this](https://github.com/nestybox/sysbox/blob/master/docs/quickstart/images.md#building-a-system-container-that-includes-inner-container-images) 18 | # document for mroe details. 19 | # 20 | # $ sudo more /etc/docker/daemon.json 21 | #{ 22 | # "default-runtime": "sysbox-runc", 23 | # "runtimes": { 24 | # "sysbox-runc": { 25 | # "path": "/usr/bin/sysbox-runc" 26 | # } 27 | # } 28 | #} 29 | # 30 | # $ sudo systemctl restart docker 31 | # $ docker build -t registry.nestybox.com/nestybox/k8s-node:v1.20.2 . 32 | # 33 | # Once the build completes, you can revert the default runtime config if you wish. 34 | # 35 | # Usage 36 | # ===== 37 | # 38 | # $ docker run --runtime=sysbox-runc -it --rm -P --name=syscont registry.nestybox.com/nestybox/kindind:v1.20.2 39 | # 40 | # This will spawn a sys container which contains systemd, Docker, and the K8s.io 41 | # KinD tool inside. Systemd login is "admin/admin". Once you log in you can run 42 | # K8s.io KinD as if you were in a VM. E.g.,: 43 | # 44 | # $ kind create cluster --image=registry.nestybox.com/nestybox/kindestnode:v1.20.2 45 | # 46 | # The "nestybox/kindestnode:v1.20.2" image is currently required due to a bug in 47 | # the OCI runc that prevents it from running correctly inside a system 48 | # container. Note that in this case said runc is running inside a privileged 49 | # container (deployed by k8s.io kind) that is inside a system container (where 50 | # that privileged container is only privileged with respect to the system 51 | # container, not with respect to the host). 52 | # 53 | 54 | FROM nestybox/ubuntu-bionic-systemd-docker:latest 55 | 56 | RUN apt-get update && apt-get install -y \ 57 | git \ 58 | make 59 | 60 | # kubectl (with bash completion) 61 | ARG k8s_version=v1.20.2 62 | RUN curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - \ 63 | && echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list \ 64 | && apt-get update \ 65 | && apt-get install kubectl="${k8s_version#v}"-00 \ 66 | && apt-get install bash-completion \ 67 | && kubectl completion bash >/etc/bash_completion.d/kubectl \ 68 | && apt-get clean -y \ 69 | && rm -rf /var/lib/apt/lists/* 70 | 71 | # K8s.io KinD 72 | RUN curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.10.0/kind-linux-amd64 \ 73 | && chmod +x ./kind \ 74 | && mv ./kind /usr/bin/kind 75 | 76 | # Pre-fetch kindnestnode image to be utilized by KinD tool 77 | COPY download-node-img.sh /usr/bin 78 | RUN chmod +x /usr/bin/download-node-img.sh && download-node-img.sh && rm /usr/bin/download-node-img.sh 79 | -------------------------------------------------------------------------------- /k8s-node/1.20/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample Kubernetes (K8s) node system container image. 2 | # 3 | # Containers deployed with this image acts as K8s nodes. 4 | # 5 | # The image creates a container that includes systemd, kubeadm, docker, and all 6 | # k8s control plane pod images (apiserver, kubeproxy, etc.). 7 | # 8 | # You must deploy the container with the Sysbox container runtime (see below). 9 | # 10 | # NOTE: BUILDING THIS IMAGE REQUIRES CONFIGURING SYSBOX-RUNC AS DOCKER'S DEFAULT 11 | # RUNTIME DURING THE BUILD. 12 | # 13 | # $ sudo more /etc/docker/daemon.json 14 | #{ 15 | # "default-runtime": "sysbox-runc", 16 | # "runtimes": { 17 | # "sysbox-runc": { 18 | # "path": "/usr/bin/sysbox-runc" 19 | # } 20 | # } 21 | #} 22 | # 23 | # $ sudo systemctl restart docker 24 | # $ docker build -t nestybox/k8s-node: . 25 | # 26 | # E.g., 27 | # 28 | # $ docker build -t nestybox/k8s-node:v1.20.2 . 29 | # 30 | # Once the build completes, you can revert the default runtime config if you wish. 31 | # 32 | # Deploy k8s-node containers with: 33 | # 34 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-master nestybox/k8s-node:v1.20.2 35 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-worker-0 nestybox/k8s-node:v1.20.2 36 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-worker-1 nestybox/k8s-node:v1.20.2 37 | # ... 38 | # 39 | # Then run 'kubeadm init' in them just as you would on a physical host or VM. 40 | 41 | FROM ghcr.io/nestybox/ubuntu-focal-systemd-docker:latest 42 | 43 | ARG k8s_version=v1.20.2 44 | 45 | # Requirements for subsequent steps. 46 | RUN apt-get update && apt-get install --no-install-recommends -y software-properties-common \ 47 | && rm -rf /var/lib/apt/lists/* 48 | 49 | # Install Kubeadm. 50 | # 51 | # Note: we use kubeadm for Ubuntu Xenial because a version for Bionic is not available; 52 | # see https://packages.cloud.google.com/apt/dists/ 53 | RUN curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add \ 54 | && apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main" \ 55 | && apt-get update && apt-get install --no-install-recommends -y \ 56 | kubeadm="${k8s_version#v}"-00 \ 57 | kubelet="${k8s_version#v}"-00 \ 58 | kubectl="${k8s_version#v}"-00 \ 59 | && rm -rf /var/lib/apt/lists/* 60 | 61 | # Preload k8s control plane container images into the sys container image. 62 | COPY kube-pull.sh /usr/bin/ 63 | RUN chmod +x /usr/bin/kube-pull.sh && kube-pull.sh $k8s_version && rm /usr/bin/kube-pull.sh 64 | 65 | # Docker daemon config. 66 | COPY daemon.json /etc/docker/ 67 | 68 | # bash completion 69 | RUN apt-get update \ 70 | && mkdir -p /etc/bash_completion.d \ 71 | && apt-get install bash-completion \ 72 | && rm -rf /var/lib/apt/lists/* \ 73 | && echo "source /etc/profile.d/bash_completion.sh" >> /root/.bashrc \ 74 | && echo "source <(kubectl completion bash)" >> /root/.bashrc \ 75 | && echo "source /etc/profile.d/bash_completion.sh" >> /home/admin/.bashrc \ 76 | && echo "source <(kubectl completion bash)" >> /home/admin/.bashrc 77 | -------------------------------------------------------------------------------- /k8s-node/1.21/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample Kubernetes (K8s) node system container image. 2 | # 3 | # Containers deployed with this image acts as K8s nodes. 4 | # 5 | # The image creates a container that includes systemd, kubeadm, docker, and all 6 | # k8s control plane pod images (apiserver, kubeproxy, etc.). 7 | # 8 | # You must deploy the container with the Sysbox container runtime (see below). 9 | # 10 | # NOTE: BUILDING THIS IMAGE REQUIRES CONFIGURING SYSBOX-RUNC AS DOCKER'S DEFAULT 11 | # RUNTIME DURING THE BUILD. 12 | # 13 | # $ sudo more /etc/docker/daemon.json 14 | #{ 15 | # "default-runtime": "sysbox-runc", 16 | # "runtimes": { 17 | # "sysbox-runc": { 18 | # "path": "/usr/bin/sysbox-runc" 19 | # } 20 | # } 21 | #} 22 | # 23 | # $ sudo systemctl restart docker 24 | # $ docker build -t nestybox/k8s-node: . 25 | # 26 | # E.g., 27 | # 28 | # $ docker build -t nestybox/k8s-node:v1.21.12 . 29 | # 30 | # Once the build completes, you can revert the default runtime config if you wish. 31 | # 32 | # Deploy k8s-node containers with: 33 | # 34 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-master nestybox/k8s-node:v1.21.12 35 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-worker-0 nestybox/k8s-node:v1.21.12 36 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-worker-1 nestybox/k8s-node:v1.21.12 37 | # ... 38 | # 39 | # Then run 'kubeadm init' in them just as you would on a physical host or VM. 40 | 41 | FROM ghcr.io/nestybox/ubuntu-focal-systemd-docker:latest 42 | 43 | ARG k8s_version=v1.21.12 44 | 45 | # Requirements for subsequent steps. 46 | RUN apt-get update && apt-get install --no-install-recommends -y software-properties-common \ 47 | && rm -rf /var/lib/apt/lists/* 48 | 49 | # Install Kubeadm. 50 | # 51 | # Note: we use kubeadm for Ubuntu Xenial because a version for Bionic is not available; 52 | # see https://packages.cloud.google.com/apt/dists/ 53 | RUN curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add \ 54 | && apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main" \ 55 | && apt-get update && apt-get install --no-install-recommends -y \ 56 | kubeadm="${k8s_version#v}"-00 \ 57 | kubelet="${k8s_version#v}"-00 \ 58 | kubectl="${k8s_version#v}"-00 \ 59 | && rm -rf /var/lib/apt/lists/* 60 | 61 | # Preload k8s control plane container images into the sys container image. 62 | COPY kube-pull.sh /usr/bin/ 63 | RUN chmod +x /usr/bin/kube-pull.sh && kube-pull.sh $k8s_version && rm /usr/bin/kube-pull.sh 64 | 65 | # Docker daemon config. 66 | COPY daemon.json /etc/docker/ 67 | 68 | # bash completion 69 | RUN apt-get update \ 70 | && mkdir -p /etc/bash_completion.d \ 71 | && apt-get install bash-completion \ 72 | && rm -rf /var/lib/apt/lists/* \ 73 | && echo "source /etc/profile.d/bash_completion.sh" >> /root/.bashrc \ 74 | && echo "source <(kubectl completion bash)" >> /root/.bashrc \ 75 | && echo "source /etc/profile.d/bash_completion.sh" >> /home/admin/.bashrc \ 76 | && echo "source <(kubectl completion bash)" >> /home/admin/.bashrc 77 | -------------------------------------------------------------------------------- /ubuntu-noble-systemd/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample container image with Ubuntu Noble + Systemd 2 | # 3 | # Description: 4 | # 5 | # This image serves as a basic reference example for user's looking to 6 | # run Systemd inside a system container in order to deploy various 7 | # services within the system container, or use it as a virtual host 8 | # environment. 9 | # 10 | # Usage: 11 | # 12 | # $ docker run --runtime=sysbox-runc -it --rm --name=syscont nestybox/ubuntu-noble-systemd 13 | # 14 | # This will run systemd and prompt for a user login; the default user/password 15 | # in this image is "admin/admin". 16 | 17 | FROM ubuntu:noble 18 | 19 | # 20 | # Systemd installation 21 | # 22 | RUN apt-get update && \ 23 | apt-get install -y --no-install-recommends \ 24 | systemd \ 25 | systemd-sysv \ 26 | libsystemd0 \ 27 | ca-certificates \ 28 | dbus \ 29 | iptables \ 30 | iproute2 \ 31 | kmod \ 32 | locales \ 33 | sudo \ 34 | udev && \ 35 | \ 36 | # Prevents journald from reading kernel messages from /dev/kmsg 37 | echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \ 38 | \ 39 | # Housekeeping 40 | apt-get clean -y && \ 41 | rm -rf \ 42 | /var/cache/debconf/* \ 43 | /var/lib/apt/lists/* \ 44 | /var/log/* \ 45 | /tmp/* \ 46 | /var/tmp/* \ 47 | /usr/share/doc/* \ 48 | /usr/share/man/* \ 49 | /usr/share/local/* && \ 50 | \ 51 | # Create default 'admin/admin' user 52 | useradd --create-home --shell /bin/bash admin && echo "admin:admin" | chpasswd && adduser admin sudo 53 | 54 | # Disable systemd services/units that are unnecessary within a container. 55 | RUN systemctl mask systemd-udevd.service \ 56 | systemd-udevd-kernel.socket \ 57 | systemd-udevd-control.socket \ 58 | systemd-modules-load.service \ 59 | sys-kernel-debug.mount \ 60 | sys-kernel-tracing.mount \ 61 | sys-kernel-config.mount \ 62 | e2scrub_reap.service \ 63 | e2scrub_all.timer 64 | 65 | # Make use of stopsignal (instead of sigterm) to stop systemd containers. 66 | STOPSIGNAL SIGRTMIN+3 67 | 68 | # Set systemd as entrypoint. 69 | ENTRYPOINT [ "/sbin/init", "--log-level=err" ] 70 | -------------------------------------------------------------------------------- /minikube/kicbase/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # nestybox/minikube-kicbase 3 | # 4 | # This Docker image is used to run the Kubernetes Minikube tool *inside* a 5 | # Sysbox container (or pod). That is, the Sysbox container acts as a secure 6 | # virtual host inside of which you run Minikube. 7 | # 8 | # This image is a replacement for the gcr.io/k8s-minikube/kicbase image that 9 | # Minikube uses to deploy Kubernetes clusters inside Docker containers. 10 | # 11 | # Why is this image needed? 12 | # 13 | # The gcr.io/k8s-minikube/kicbase image requires cgroups v2 be enabled 14 | # on the host whenever it's running on a rootless environment (more specifically 15 | # within a user-namespace). 16 | # 17 | # This requirement stems from the fact that cgroups v2 formalizes the concept of 18 | # "cgroup delegation", where the container is allowed to manage a subset of the 19 | # cgroup hierarchy. 20 | # 21 | # In Sysbox containers however, this requirement is too stringent, as Sysbox 22 | # supports cgroup delegation with cgroups v1 too (i.e., it uses a technique 23 | # to ensure that a container can manage a cgroup hierarchy in isolation 24 | # whether the host is configured with cgroups v1 or v2). 25 | # 26 | # Therefore, this image relaxes the cgroup v2 requirement by modifying the 27 | # entrypoint script in the gcr.io/k8s-minikube/kicbase image. 28 | # 29 | # Usage: 30 | # 31 | # 1) Launch a Sysbox container (or pod) and install Minikube inside of it: 32 | # 33 | # NOTE: Minikube requires that /dev/fuse be exposed inside the container; 34 | # this is easy and safe to do, as follows: 35 | # 36 | # $ docker run --runtime=sysbox-runc -it --rm --device /dev/fuse:/dev/fuse nestybox/ubuntu-focal-systemd-docker 37 | # 38 | # 2) Inside the Sysbox container, install Minikube and use it to create a K8s-in-Docker 39 | # cluster, using the nestybox/minikube-kicbase:v0.0.28: 40 | # 41 | # $ curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 42 | # $ sudo install minikube-linux-amd64 /usr/local/bin/minikube 43 | # $ minikube start --base-image=nestybox/minikube-kicbase:v0.0.28 44 | # 45 | # 3) Install kubectl and interact with the cluster: 46 | # 47 | # $ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" 48 | # $ sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl 49 | # $ kubectl get all --all-namespaces 50 | # 51 | # NOTES: 52 | # 53 | # 1) Minikube will use privileged containers (which are insecure), but since 54 | # these are all running inside a rootless Sysbox container (i.e., the Sysbox 55 | # container acts as a virtual host), the Sysbox container provides strong 56 | # isolation from the underlying host. 57 | # 58 | # 2) Minikube supports several "drivers" to deploy the Kubernetes cluster (e.g., 59 | # Docker, Podman, KVM, VirtualBox, etc.) When running Minikube inside a 60 | # Sysbox container (or pod), use the Docker driver only (which is Minikube's 61 | # default driver). Support for other drivers will be added in the near 62 | # future. 63 | # 64 | # 3) It's possible to run Minikube inside a Sysbox container using the official 65 | # gcr.io/k8s-minikube/kicbase image. However, the host must first be booted 66 | # with cgroups v2 enabled. 67 | 68 | FROM gcr.io/k8s-minikube/kicbase:v0.0.28 69 | RUN sed -i 's/^validate_userns$/# validate_userns/' /usr/local/bin/entrypoint 70 | -------------------------------------------------------------------------------- /ubuntu-bionic-drone/agent/Dockerfile: -------------------------------------------------------------------------------- 1 | # Nestybox's Drone-agent Dockerfile. 2 | # 3 | # Description: 4 | # 5 | # Dockerfile to construct a system container hosting Drone-agent functionality. 6 | # The obtained image will incorporate the drone-agent binary, as well as the 7 | # Docker package required to instantiate 'slave' containers to execute continous 8 | # integration tasks. Both daemons (drone-agent and dockerd) will be managed 9 | # through supervisord process manager. 10 | # 11 | # Requirements: 12 | # 13 | # A supervisord.conf file in charge of launching dockerd & drone-agent daemons, 14 | # must be provided as part of this image compilation process. See example below: 15 | # 16 | # --- 17 | # $ cat supervisord.conf 18 | # [supervisord] 19 | # stdout_logfile=/dev/stdout 20 | # stdout_logfile_maxbytes=0 21 | # nodaemon=true 22 | # 23 | # [program:dockerd] 24 | # command=/usr/bin/dockerd 25 | # priority=1 26 | # autostart=true 27 | # autorestart=true 28 | # startsecs=0 29 | # 30 | # [program:drone-agent] 31 | # command=/bin/drone-agent 32 | # priority=2 33 | # autostart=true 34 | # autorestart=true 35 | # startsecs=0 36 | # --- 37 | # 38 | # Container initialization: 39 | # 40 | # $ docker run --runtime=sysbox-runc \ 41 | # --env=DRONE_SERVER_HOST=my-drone.server.com:80 \ 42 | # --env=DRONE_RPC_SECRET=my-secret \ 43 | # -d --rm --name=drone nestybox/ubuntu-bionic-drone-agent 44 | # 45 | # [ refer to Drone's official documentation for more details ] 46 | # 47 | 48 | 49 | ####################### 50 | # Drone compilation # 51 | ####################### 52 | 53 | FROM golang:latest as golang 54 | RUN cd /root && \ 55 | git clone https://github.com/drone/drone.git && \ 56 | cd drone && \ 57 | sh scripts/build.sh 58 | 59 | RUN cd /root && \ 60 | git clone https://github.com/drone/drone-cli.git && \ 61 | cd drone-cli && \ 62 | sh .drone.sh 63 | 64 | 65 | ######################## 66 | # Drone installation # 67 | ######################## 68 | 69 | FROM ubuntu:bionic 70 | EXPOSE 80 443 71 | VOLUME /data 72 | 73 | ENV GODEBUG netdns=go 74 | ENV XDG_CACHE_HOME /data 75 | ENV DRONE_DATABASE_DRIVER sqlite3 76 | ENV DRONE_DATABASE_DATASOURCE /data/database.sqlite 77 | ENV DRONE_RUNNER_OS=linux 78 | ENV DRONE_RUNNER_ARCH=amd64 79 | ENV DRONE_SERVER_PORT=:80 80 | ENV DRONE_SERVER_HOST=localhost 81 | ENV DRONE_DATADOG_ENABLED=true 82 | ENV DRONE_DATADOG_ENDPOINT=https://stats.drone.ci/api/v1/series 83 | 84 | 85 | RUN apt-get update && \ 86 | apt-get install -y --no-install-recommends ca-certificates && \ 87 | rm -rf /var/lib/apt/lists/* 88 | 89 | # Add previously built drone binaries. 90 | COPY --from=golang /root/drone/release/linux/drone-agent /bin/ 91 | COPY --from=golang /root/drone-cli/release/linux/amd64/drone /bin/ 92 | 93 | 94 | ######################### 95 | # Docker installation # 96 | ######################### 97 | 98 | RUN apt-get update && \ 99 | apt-get install -y --no-install-recommends apt-transport-https \ 100 | ca-certificates curl gnupg-agent software-properties-common && \ 101 | rm -rf /var/lib/apt/lists/* && \ 102 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \ 103 | apt-key fingerprint 0EBFCD88 104 | 105 | RUN add-apt-repository \ 106 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 107 | $(lsb_release -cs) \ 108 | stable" 109 | 110 | RUN apt-get update && \ 111 | apt-get install -y --no-install-recommends docker-ce docker-ce-cli containerd.io && \ 112 | rm -rf /var/lib/apt/lists/* 113 | 114 | 115 | ############################## 116 | # Supervisord installation # 117 | ############################## 118 | 119 | RUN apt-get update && apt-get install -y --no-install-recommends supervisor && \ 120 | rm -rf /var/lib/apt/lists/* 121 | 122 | RUN mkdir -p /var/log/supervisor 123 | COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf 124 | CMD ["/usr/bin/supervisord"] 125 | -------------------------------------------------------------------------------- /ubuntu-bionic-drone/server/Dockerfile: -------------------------------------------------------------------------------- 1 | # Nestybox's Drone-server Dockerfile. 2 | # 3 | # Description: 4 | # 5 | # Dockerfile to construct a system container to host Drone-server functionality. 6 | # The obtained image will incorporate the drone-server binary, as well as the 7 | # Docker package required to instantiate 'slave' containers to execute continous 8 | # integration tasks. Both daemons (drone-server and dockerd) will be managed 9 | # through supervisord process manager. 10 | # 11 | # Requirements: 12 | # 13 | # A supervisord.conf file in charge of launching dockerd & drone-server daemons, 14 | # must be provided as part of this image compilation process. See example below: 15 | # 16 | # --- 17 | # $ cat supervisord.conf 18 | # [supervisord] 19 | # stdout_logfile=/dev/stdout 20 | # stdout_logfile_maxbytes=0 21 | # nodaemon=true 22 | # 23 | # [program:dockerd] 24 | # command=/usr/bin/dockerd 25 | # priority=1 26 | # autostart=true 27 | # autorestart=true 28 | # startsecs=0 29 | # 30 | # [program:drone-server] 31 | # command=/bin/drone-server 32 | # priority=2 33 | # autostart=true 34 | # autorestart=true 35 | # startsecs=0 36 | # --- 37 | # 38 | # Container initialization: 39 | # 40 | # $ docker run --runtime=sysbox-runc \ 41 | # --env=DRONE_GITHUB_SERVER=https://github.com \ 42 | # --env=DRONE_GITHUB_CLIENT_ID=${DRONE_GITHUB_CLIENT_ID} \ 43 | # --env=DRONE_GITHUB_CLIENT_SECRET=${DRONE_GITHUB_CLIENT_ID} \ 44 | # --env=DRONE_SERVER_HOST=${DRONE_SERVER_HOST} \ 45 | # --env=DRONE_SERVER=http://${DRONE_SERVER_HOST} \ 46 | # --env=DRONE_USER_CREATE=username:nestybox,admin:true,token:${DRONE_TOKEN} \ 47 | # --publish=80:80 --publish=443:443 \ 48 | # -d --rm --name=drone nestybox/ubuntu-bionic-drone-server 49 | # 50 | # [ refer to Drone's official documentation for more details ] 51 | # 52 | 53 | 54 | ####################### 55 | # Drone compilation # 56 | ####################### 57 | 58 | FROM golang:latest as golang 59 | RUN cd /root && \ 60 | git clone https://github.com/drone/drone.git && \ 61 | cd drone && \ 62 | sh scripts/build.sh 63 | 64 | RUN cd /root && \ 65 | git clone https://github.com/drone/drone-cli.git && \ 66 | cd drone-cli && \ 67 | sh .drone.sh 68 | 69 | 70 | ######################## 71 | # Drone installation # 72 | ######################## 73 | 74 | FROM ubuntu:bionic 75 | EXPOSE 80 443 76 | VOLUME /data 77 | 78 | ENV GODEBUG netdns=go 79 | ENV XDG_CACHE_HOME /data 80 | ENV DRONE_DATABASE_DRIVER sqlite3 81 | ENV DRONE_DATABASE_DATASOURCE /data/database.sqlite 82 | ENV DRONE_RUNNER_OS=linux 83 | ENV DRONE_RUNNER_ARCH=amd64 84 | ENV DRONE_SERVER_PORT=:80 85 | ENV DRONE_SERVER_HOST=localhost 86 | ENV DRONE_DATADOG_ENABLED=true 87 | ENV DRONE_DATADOG_ENDPOINT=https://stats.drone.ci/api/v1/series 88 | 89 | RUN apt-get update && \ 90 | apt-get install -y --no-install-recommends ca-certificates && \ 91 | rm -rf /var/lib/apt/lists/* 92 | 93 | # Add previously built drone binaries. 94 | COPY --from=golang /root/drone/release/linux/drone-server /bin/ 95 | COPY --from=golang /root/drone-cli/release/linux/amd64/drone /bin/ 96 | 97 | 98 | ######################### 99 | # Docker installation # 100 | ######################### 101 | 102 | RUN apt-get update && \ 103 | apt-get install -y --no-install-recommends apt-transport-https \ 104 | ca-certificates curl gnupg-agent software-properties-common && \ 105 | rm -rf /var/lib/apt/lists/* && \ 106 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \ 107 | apt-key fingerprint 0EBFCD88 108 | 109 | RUN add-apt-repository \ 110 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 111 | $(lsb_release -cs) \ 112 | stable" 113 | 114 | RUN apt-get update && \ 115 | apt-get install -y --no-install-recommends docker-ce docker-ce-cli containerd.io && \ 116 | rm -rf /var/lib/apt/lists/* 117 | 118 | 119 | ############################## 120 | # Supervisord installation # 121 | ############################## 122 | 123 | RUN apt-get update && apt-get install -y --no-install-recommends supervisor && \ 124 | rm -rf /var/lib/apt/lists/* 125 | 126 | RUN mkdir -p /var/log/supervisor 127 | COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf 128 | CMD ["/usr/bin/supervisord"] 129 | -------------------------------------------------------------------------------- /k8s-node/1.19/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample Kubernetes (K8s) node system container image. 2 | # 3 | # Containers deployed with this image acts as K8s nodes. 4 | # 5 | # The image creates a container that includes systemd, kubeadm, docker, and all 6 | # k8s control plane pod images (apiserver, kubeproxy, etc.). 7 | # 8 | # You must deploy the container with the Sysbox container runtime (see below). 9 | # 10 | # NOTE: BUILDING THIS IMAGE REQUIRES CONFIGURING SYSBOX-RUNC AS DOCKER'S DEFAULT 11 | # RUNTIME DURING THE BUILD. 12 | # 13 | # $ sudo more /etc/docker/daemon.json 14 | #{ 15 | # "default-runtime": "sysbox-runc", 16 | # "runtimes": { 17 | # "sysbox-runc": { 18 | # "path": "/usr/bin/sysbox-runc" 19 | # } 20 | # } 21 | #} 22 | # 23 | # $ sudo systemctl restart docker 24 | # $ docker build -t nestybox/k8s-node: . 25 | # 26 | # E.g., 27 | # 28 | # $ docker build -t nestybox/k8s-node:v1.19.4 . 29 | # 30 | # Once the build completes, you can revert the default runtime config if you wish. 31 | # 32 | # Deploy k8s-node containers with: 33 | # 34 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-master nestybox/k8s-node:v1.19.4 35 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-worker-0 nestybox/k8s-node:v1.19.4 36 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-worker-1 nestybox/k8s-node:v1.19.4 37 | # ... 38 | # 39 | # Then run 'kubeadm init' in them just as you would on a physical host or VM. 40 | 41 | FROM nestybox/ubuntu-bionic-systemd:latest 42 | 43 | ARG k8s_version=v1.19.4 44 | 45 | # Install Docker. 46 | RUN apt-get update && apt-get install --no-install-recommends -y \ 47 | apt-transport-https \ 48 | ca-certificates \ 49 | curl \ 50 | gnupg-agent \ 51 | software-properties-common \ 52 | && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \ 53 | && apt-key fingerprint 0EBFCD88 \ 54 | && add-apt-repository \ 55 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 56 | $(lsb_release -cs) \ 57 | stable" \ 58 | && apt-get update \ 59 | && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io \ 60 | && rm -rf /var/lib/apt/lists/* \ 61 | # Add user "admin" to the Docker group \ 62 | && usermod -a -G docker admin 63 | 64 | 65 | # Install Kubeadm. 66 | # 67 | # Note: we use kubeadm for Ubuntu Xenial because a version for Bionic is not available; 68 | # see https://packages.cloud.google.com/apt/dists/ 69 | RUN curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add \ 70 | && apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main" \ 71 | && apt-get update && apt-get install --no-install-recommends -y \ 72 | kubeadm="${k8s_version#v}"-00 \ 73 | kubelet="${k8s_version#v}"-00 \ 74 | kubectl="${k8s_version#v}"-00 \ 75 | && rm -rf /var/lib/apt/lists/* 76 | 77 | # Preload k8s control plane container images into the sys container image. 78 | COPY kube-pull.sh /usr/bin/ 79 | RUN chmod +x /usr/bin/kube-pull.sh && kube-pull.sh $k8s_version && rm /usr/bin/kube-pull.sh 80 | 81 | # Docker daemon config. 82 | COPY daemon.json /etc/docker/ 83 | 84 | # bash completion 85 | RUN apt-get update \ 86 | && mkdir -p /etc/bash_completion.d \ 87 | && apt-get install bash-completion \ 88 | && rm -rf /var/lib/apt/lists/* \ 89 | && echo "source /etc/profile.d/bash_completion.sh" >> /root/.bashrc \ 90 | && echo "source <(kubectl completion bash)" >> /root/.bashrc \ 91 | && echo "source /etc/profile.d/bash_completion.sh" >> /home/admin/.bashrc \ 92 | && echo "source <(kubectl completion bash)" >> /home/admin/.bashrc 93 | -------------------------------------------------------------------------------- /k8s-node/1.18/Dockerfile: -------------------------------------------------------------------------------- 1 | # Sample Kubernetes (K8s) node system container image. 2 | # 3 | # Containers deployed with this image acts as K8s nodes. 4 | # 5 | # The image creates a container that includes systemd, kubeadm, docker, and all 6 | # k8s control plane pod images (apiserver, kubeproxy, etc.). 7 | # 8 | # You must deploy the container with the Sysbox container runtime (see below). 9 | # 10 | # NOTE: BUILDING THIS IMAGE REQUIRES CONFIGURING SYSBOX-RUNC AS DOCKER'S DEFAULT 11 | # RUNTIME DURING THE BUILD. 12 | # 13 | # $ sudo more /etc/docker/daemon.json 14 | #{ 15 | # "default-runtime": "sysbox-runc", 16 | # "runtimes": { 17 | # "sysbox-runc": { 18 | # "path": "/usr/bin/sysbox-runc" 19 | # } 20 | # } 21 | #} 22 | # 23 | # $ sudo systemctl restart docker 24 | # $ docker build -t nestybox/k8s-node: . 25 | # 26 | # E.g., 27 | # 28 | # $ docker build -t nestybox/k8s-node:v1.18.2 . 29 | # 30 | # Once the build completes, you can revert the default runtime config if you wish. 31 | # 32 | # Deploy k8s-node containers with: 33 | # 34 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-master nestybox/k8s-node:v1.18.2 35 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-worker-0 nestybox/k8s-node:v1.18.2 36 | # $ docker run --runtime=sysbox-runc --rm -d --name k8s-worker-1 nestybox/k8s-node:v1.18.2 37 | # ... 38 | # 39 | # Then run 'kubeadm init' in them just as you would on a physical host or VM. 40 | 41 | FROM nestybox/ubuntu-bionic-systemd:latest 42 | 43 | ARG k8s_version=v1.18.2 44 | 45 | # Install Docker. 46 | RUN apt-get update && apt-get install --no-install-recommends -y \ 47 | apt-transport-https \ 48 | ca-certificates \ 49 | curl \ 50 | gnupg-agent \ 51 | software-properties-common \ 52 | && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \ 53 | && apt-key fingerprint 0EBFCD88 \ 54 | && add-apt-repository \ 55 | "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ 56 | $(lsb_release -cs) \ 57 | stable" \ 58 | && apt-get update \ 59 | && apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io \ 60 | && rm -rf /var/lib/apt/lists/* \ 61 | # Add user "admin" to the Docker group \ 62 | && usermod -a -G docker admin 63 | 64 | 65 | # Install Kubeadm. 66 | # 67 | # Note: we use kubeadm for Ubuntu Xenial because a version for Bionic is not available; 68 | # see https://packages.cloud.google.com/apt/dists/ 69 | RUN curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add \ 70 | && apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main" \ 71 | && apt-get update && apt-get install --no-install-recommends -y \ 72 | kubeadm="${k8s_version#v}"-00 \ 73 | kubelet="${k8s_version#v}"-00 \ 74 | kubectl="${k8s_version#v}"-00 \ 75 | && apt-mark hold kubelet kubeadm kubectl \ 76 | && rm -rf /var/lib/apt/lists/* 77 | 78 | # Preload k8s control plane container images into the sys container image. 79 | COPY kube-pull.sh /usr/bin/ 80 | RUN chmod +x /usr/bin/kube-pull.sh && kube-pull.sh $k8s_version && rm /usr/bin/kube-pull.sh 81 | 82 | # Docker daemon config. 83 | COPY daemon.json /etc/docker/ 84 | 85 | # bash completion 86 | RUN apt-get update \ 87 | && mkdir -p /etc/bash_completion.d \ 88 | && apt-get install bash-completion \ 89 | && rm -rf /var/lib/apt/lists/* \ 90 | && echo "source /etc/profile.d/bash_completion.sh" >> /root/.bashrc \ 91 | && echo "source <(kubectl completion bash)" >> /root/.bashrc \ 92 | && echo "source /etc/profile.d/bash_completion.sh" >> /home/admin/.bashrc \ 93 | && echo "source <(kubectl completion bash)" >> /home/admin/.bashrc 94 | --------------------------------------------------------------------------------