-
Notifications
You must be signed in to change notification settings - Fork 3k
/
Dockerfile
272 lines (241 loc) · 15.4 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
FROM --platform=$BUILDPLATFORM registry.suse.com/bci/golang:1.20 as build
ARG VERSION
ARG COMMIT
ARG RKE_VERSION
ARG CGO_ENABLED=0
ARG TAGS="k8s"
ARG LINKFLAGS="-extldflags -static"
ARG DEFAULT_VALUES="{\"rke-version\":\"${RKE_VERSION}\"}"
ARG LDFLAGS="-X github.com/rancher/rancher/pkg/version.Version=${VERSION} -X github.com/rancher/rancher/pkg/version.GitCommit=${COMMIT} -X github.com/rancher/rancher/pkg/settings.InjectDefaults=${DEFAULT_VALUES} ${LINKFLAGS}"
ARG TARGETOS
ARG TARGETARCH
WORKDIR /app
COPY . .
RUN go mod download
RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go build -tags "${TAGS}" -ldflags "${LDFLAGS}" -o rancher
FROM registry.suse.com/bci/bci-base:15.5
# Install some packages with zypper in the chroot of the final micro image
RUN zypper -n install --no-recommends git-core curl ca-certificates unzip xz gzip sed tar shadow gawk vim-small netcat-openbsd mkisofs openssh-clients && \
zypper -n clean -a && rm -rf /tmp/* /var/tmp/* /usr/share/doc/packages/* && \
useradd rancher && \
groupadd jail-accessors && \
usermod -aG jail-accessors rancher && \
mkdir -p /var/lib/rancher /var/lib/cattle /opt/jail /opt/drivers/management-state/bin && \
chgrp jail-accessors /var/lib/rancher /var/lib/cattle /usr/local/bin && \
chmod 750 /var/lib/rancher /var/lib/cattle /usr/local/bin && \
chmod g+s /var/lib/rancher /var/lib/cattle /usr/local/bin
RUN mkdir /root/.kube && \
ln -s /etc/rancher/k3s/k3s.yaml /root/.kube/k3s.yaml && \
ln -s /etc/rancher/k3s/k3s.yaml /root/.kube/config && \
ln -s /usr/bin/rancher /usr/bin/reset-password && \
ln -s /usr/bin/rancher /usr/bin/ensure-default-admin
WORKDIR /var/lib/rancher
ARG ARCH=amd64
ARG ETCD_UNSUPPORTED_ARCH
ARG IMAGE_REPO=rancher
ARG SYSTEM_CHART_DEFAULT_BRANCH=release-v2.7
ARG CHART_DEFAULT_BRANCH=release-v2.7
ARG PARTNER_CHART_DEFAULT_BRANCH=main
ARG RKE2_CHART_DEFAULT_BRANCH=main
# kontainer-driver-metadata branch to be set for specific branch other than dev/master, logic at rancher/rancher/pkg/settings/setting.go
ARG VERSION=${VERSION}
ARG CATTLE_KDM_BRANCH=dev-v2.7
ENV CATTLE_SYSTEM_CHART_DEFAULT_BRANCH=$SYSTEM_CHART_DEFAULT_BRANCH
ENV CATTLE_CHART_DEFAULT_BRANCH=$CHART_DEFAULT_BRANCH
ENV CATTLE_PARTNER_CHART_DEFAULT_BRANCH=$PARTNER_CHART_DEFAULT_BRANCH
ENV CATTLE_RKE2_CHART_DEFAULT_BRANCH=$RKE2_CHART_DEFAULT_BRANCH
ENV CATTLE_HELM_VERSION v2.16.8-rancher2
# make sure the version number is consistent with the one at the 1) tests/v2/codecoverage/package/Dockerfile, 2) Dockerfile.dapper, 3) go.mod and 4) the setting MachineProvisionImage in pkg/settings/setting.go
ENV CATTLE_MACHINE_VERSION v0.15.0-rancher109-patch1
ENV CATTLE_K3S_VERSION v1.27.10+k3s2
ENV CATTLE_MACHINE_PROVISION_IMAGE rancher/machine:${CATTLE_MACHINE_VERSION}
ENV CATTLE_ETCD_VERSION v3.5.1
ENV LOGLEVEL_VERSION v0.1.6
ENV TINI_VERSION v0.18.0
ENV DOCKER_MACHINE_LINODE_VERSION v0.1.12
ENV TELEMETRY_VERSION v0.6.2
ENV LINODE_UI_DRIVER_VERSION v0.5.0
# make sure the version number is consistent with the one at Line 100 of pkg/data/management/machinedriver_data.go
ENV DOCKER_MACHINE_HARVESTER_VERSION v0.6.7
ENV CATTLE_KDM_BRANCH ${CATTLE_KDM_BRANCH}
ENV HELM_VERSION v3.12.3
ENV KUSTOMIZE_VERSION v5.0.1
ENV CATTLE_WINS_AGENT_VERSION v0.4.15
ENV CATTLE_WINS_AGENT_INSTALL_SCRIPT https://raw.githubusercontent.com/rancher/wins/${CATTLE_WINS_AGENT_VERSION}/install.ps1
ENV CATTLE_WINS_AGENT_UNINSTALL_SCRIPT https://raw.githubusercontent.com/rancher/wins/${CATTLE_WINS_AGENT_VERSION}/uninstall.ps1
ENV CATTLE_WINS_AGENT_UPGRADE_IMAGE rancher/wins:${CATTLE_WINS_AGENT_VERSION}
ENV CATTLE_CSI_PROXY_AGENT_VERSION v1.1.3
# make sure the CATTLE_SYSTEM_AGENT_VERSION is consistent with tests/v2/codecoverage/package/Dockerfile
ENV CATTLE_SYSTEM_AGENT_VERSION v0.3.6
ENV CATTLE_SYSTEM_AGENT_DOWNLOAD_PREFIX https://github.com/rancher/system-agent/releases/download
ENV CATTLE_SYSTEM_AGENT_UPGRADE_IMAGE rancher/system-agent:${CATTLE_SYSTEM_AGENT_VERSION}-suc
ENV CATTLE_SYSTEM_AGENT_INSTALLER_IMAGE rancher/system-agent-installer-
# make sure the ENV CATTLE_SYSTEM_AGENT_INSTALL_SCRIPT is consistent with pkg/settings/setting.go to utlize the local version of install script downloaded during build/package
ENV CATTLE_SYSTEM_AGENT_INSTALL_SCRIPT ${CATTLE_SYSTEM_AGENT_DOWNLOAD_PREFIX}/${CATTLE_SYSTEM_AGENT_VERSION}/install.sh
ENV CATTLE_SYSTEM_AGENT_UNINSTALL_SCRIPT ${CATTLE_SYSTEM_AGENT_DOWNLOAD_PREFIX}/${CATTLE_SYSTEM_AGENT_VERSION}/system-agent-uninstall.sh
ENV CATTLE_SYSTEM_UPGRADE_CONTROLLER_CHART_VERSION 102.2.0+up0.6.0
# System charts minimal version
ENV CATTLE_FLEET_MIN_VERSION=102.2.7+up0.8.6
# Deprecated in favor of CATTLE_RANCHER_WEBHOOK_VERSION.
ENV CATTLE_RANCHER_WEBHOOK_MIN_VERSION=''
ENV CATTLE_RANCHER_WEBHOOK_VERSION=2.0.13+up0.3.13
ENV CATTLE_CSP_ADAPTER_MIN_VERSION=2.0.4
RUN mkdir -p /var/lib/rancher-data/local-catalogs/system-library && \
mkdir -p /var/lib/rancher-data/local-catalogs/library && \
mkdir -p /var/lib/rancher-data/local-catalogs/helm3-library && \
mkdir -p /var/lib/rancher-data/local-catalogs/v2 && \
git clone -b $CATTLE_SYSTEM_CHART_DEFAULT_BRANCH --depth 1 https://github.com/rancher/system-charts /var/lib/rancher-data/local-catalogs/system-library && \
# Temporarily clone from our GitHub's main repo, to avoid unnecessary load
# in git.rancher.io
git config --global url."https://github.com/rancher/".insteadOf https://git.rancher.io/ && \
# Charts need to be copied into the sha256 value of git url computed in https://github.com/rancher/rancher/blob/5ebda9ac23c06e9647b586ec38aa51cc9ff9b031/pkg/catalogv2/git/download.go#L102 to create a unique folder per url
git clone -b $CATTLE_CHART_DEFAULT_BRANCH --depth 1 https://git.rancher.io/charts /var/lib/rancher-data/local-catalogs/v2/rancher-charts/4b40cac650031b74776e87c1a726b0484d0877c3ec137da0872547ff9b73a721/ && \
git clone -b $CATTLE_PARTNER_CHART_DEFAULT_BRANCH --depth 1 https://git.rancher.io/partner-charts /var/lib/rancher-data/local-catalogs/v2/rancher-partner-charts/8f17acdce9bffd6e05a58a3798840e408c4ea71783381ecd2e9af30baad65974 && \
git clone -b $CATTLE_RKE2_CHART_DEFAULT_BRANCH --depth 1 https://git.rancher.io/rke2-charts /var/lib/rancher-data/local-catalogs/v2/rancher-rke2-charts/675f1b63a0a83905972dcab2794479ed599a6f41b86cd6193d69472d0fa889c9 && \
# Revert the previous change in git.rancher.io from .gitconfig
rm "${HOME}/.gitconfig" && \
git clone -b master --depth 1 https://github.com/rancher/charts /var/lib/rancher-data/local-catalogs/library && \
git clone -b master --depth 1 https://github.com/rancher/helm3-charts /var/lib/rancher-data/local-catalogs/helm3-library
RUN curl -sLf https://github.com/rancher/machine/releases/download/${CATTLE_MACHINE_VERSION}/rancher-machine-${ARCH}.tar.gz | tar xvzf - -C /usr/bin && \
chown root:root /usr/bin/rancher-machine && \
curl -sLf https://github.com/rancher/loglevel/releases/download/${LOGLEVEL_VERSION}/loglevel-${ARCH}-${LOGLEVEL_VERSION}.tar.gz | tar xvzf - -C /usr/bin && \
curl -LO https://github.com/linode/docker-machine-driver-linode/releases/download/${DOCKER_MACHINE_LINODE_VERSION}/docker-machine-driver-linode_linux-amd64.zip && \
unzip docker-machine-driver-linode_linux-amd64.zip -d /opt/drivers/management-state/bin && \
mkdir -p /usr/share/rancher/ui/assets/ && \
cp /opt/drivers/management-state/bin/docker-machine-driver-linode /usr/share/rancher/ui/assets/ && \
rm docker-machine-driver-linode_linux-amd64.zip
RUN curl -LO https://releases.rancher.com/harvester-node-driver/${DOCKER_MACHINE_HARVESTER_VERSION}/docker-machine-driver-harvester-amd64.tar.gz && \
tar -xf docker-machine-driver-harvester-amd64.tar.gz -C /opt/drivers/management-state/bin && \
cp /opt/drivers/management-state/bin/docker-machine-driver-harvester /usr/share/rancher/ui/assets/ && \
rm docker-machine-driver-harvester-amd64.tar.gz
ENV TINI_URL_amd64=https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini \
TINI_URL_arm64=https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-arm64 \
TINI_URL_s390x=https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-s390x \
TINI_URL=TINI_URL_${ARCH}
ENV HELM_URL_V2_amd64=https://github.com/rancher/helm/releases/download/${CATTLE_HELM_VERSION}/rancher-helm \
HELM_URL_V2_arm64=https://github.com/rancher/helm/releases/download/${CATTLE_HELM_VERSION}/rancher-helm-arm64 \
HELM_URL_V2_s390x=https://github.com/rancher/helm/releases/download/${CATTLE_HELM_VERSION}/rancher-helm-s390x \
HELM_URL_V2=HELM_URL_V2_${ARCH} \
HELM_URL_V3=https://get.helm.sh/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz \
TILLER_URL_amd64=https://github.com/rancher/helm/releases/download/${CATTLE_HELM_VERSION}/rancher-tiller \
TILLER_URL_arm64=https://github.com/rancher/helm/releases/download/${CATTLE_HELM_VERSION}/rancher-tiller-arm64 \
TILLER_URL_s390x=https://github.com/rancher/helm/releases/download/${CATTLE_HELM_VERSION}/rancher-tiller-s390x \
TILLER_URL=TILLER_URL_${ARCH} \
ETCD_URL=https://github.com/etcd-io/etcd/releases/download/${CATTLE_ETCD_VERSION}/etcd-${CATTLE_ETCD_VERSION}-linux-${ARCH}.tar.gz \
KUSTOMIZE_URL=https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz
RUN curl -sLf ${KUSTOMIZE_URL} | tar -xzf - -C /usr/bin
# set up helm 2
RUN curl -sLf ${!HELM_URL_V2} > /usr/bin/rancher-helm && \
curl -sLf ${!TILLER_URL} > /usr/bin/rancher-tiller && \
ln -s /usr/bin/rancher-helm /usr/bin/helm && \
ln -s /usr/bin/rancher-tiller /usr/bin/tiller && \
chmod +x /usr/bin/rancher-helm /usr/bin/rancher-tiller
# set up helm 3
RUN curl ${HELM_URL_V3} | tar xvzf - --strip-components=1 -C /usr/bin && \
mv /usr/bin/helm /usr/bin/helm_v3 && \
chown root:root /usr/bin/helm_v3 /usr/bin/kustomize && \
chmod +x /usr/bin/kustomize
# Set up K3s: copy the necessary binaries from the K3s image.
COPY --from=rancher/k3s:v1.27.10-k3s2 \
/bin/blkid \
/bin/bandwidth \
/bin/cni \
/bin/conntrack \
/bin/containerd \
/bin/containerd-shim-runc-v2 \
/bin/ethtool \
/bin/firewall \
/bin/ip \
/bin/ipset \
/bin/k3s \
/bin/losetup \
/bin/pigz \
/bin/runc \
/bin/which \
/bin/aux/xtables-legacy-multi \
/usr/bin/
RUN ln -s /usr/bin/cni /usr/bin/bridge && \
ln -s /usr/bin/cni /usr/bin/flannel && \
ln -s /usr/bin/cni /usr/bin/host-local && \
ln -s /usr/bin/cni /usr/bin/loopback && \
ln -s /usr/bin/cni /usr/bin/portmap && \
ln -s /usr/bin/k3s /usr/bin/crictl && \
ln -s /usr/bin/k3s /usr/bin/ctr && \
ln -s /usr/bin/k3s /usr/bin/k3s-agent && \
ln -s /usr/bin/k3s /usr/bin/k3s-etcd-snapshot && \
ln -s /usr/bin/k3s /usr/bin/k3s-server && \
ln -s /usr/bin/k3s /usr/bin/kubectl && \
ln -s /usr/bin/pigz /usr/bin/unpigz && \
ln -s /usr/bin/xtables-legacy-multi /usr/bin/iptables && \
ln -s /usr/bin/xtables-legacy-multi /usr/bin/iptables-save && \
ln -s /usr/bin/xtables-legacy-multi /usr/bin/iptables-restore && \
ln -s /usr/bin/xtables-legacy-multi /usr/bin/iptables-translate && \
ln -s /usr/bin/xtables-legacy-multi /usr/bin/ip6tables && \
ln -s /usr/bin/xtables-legacy-multi /usr/bin/ip6tables-save && \
ln -s /usr/bin/xtables-legacy-multi /usr/bin/ip6tables-restore && \
ln -s /usr/bin/xtables-legacy-multi /usr/bin/ip6tables-translate
RUN curl -sLf ${!TINI_URL} > /usr/bin/tini && \
mkdir -p /var/lib/rancher/k3s/agent/images/ && \
curl -sfL ${ETCD_URL} | tar xvzf - --strip-components=1 --no-same-owner -C /usr/bin/ etcd-${CATTLE_ETCD_VERSION}-linux-${ARCH}/etcdctl && \
curl -sLf https://github.com/rancher/telemetry/releases/download/${TELEMETRY_VERSION}/telemetry-${ARCH} > /usr/bin/telemetry && \
chmod +x /usr/bin/tini /usr/bin/telemetry && \
mkdir -p /var/lib/rancher-data/driver-metadata
ENV CATTLE_UI_VERSION 2.7.16
ENV CATTLE_DASHBOARD_UI_VERSION v2.7.16
ENV CATTLE_CLI_VERSION v2.7.7
# Base UI brand used as a fallback env setting (not user facing) to indicate this is a non-prime install
ENV CATTLE_BASE_UI_BRAND=
# Please update the api-ui-version in pkg/settings/settings.go when updating the version here.
ENV CATTLE_API_UI_VERSION 1.1.11
RUN mkdir -p /var/log/auditlog
ENV AUDIT_LOG_PATH /var/log/auditlog/rancher-api-audit.log
ENV AUDIT_LOG_MAXAGE 10
ENV AUDIT_LOG_MAXBACKUP 10
ENV AUDIT_LOG_MAXSIZE 100
ENV AUDIT_LEVEL 0
RUN mkdir -p /usr/share/rancher/ui && \
cd /usr/share/rancher/ui && \
curl -sL https://releases.rancher.com/ui/${CATTLE_UI_VERSION}.tar.gz | tar xvzf - --strip-components=1 && \
mkdir -p assets/rancher-ui-driver-linode && \
cd assets/rancher-ui-driver-linode && \
curl -O https://linode.github.io/rancher-ui-driver-linode/releases/${LINODE_UI_DRIVER_VERSION}/component.js && \
curl -O https://linode.github.io/rancher-ui-driver-linode/releases/${LINODE_UI_DRIVER_VERSION}/component.css && \
curl -O https://linode.github.io/rancher-ui-driver-linode/releases/${LINODE_UI_DRIVER_VERSION}/linode.svg && \
mkdir -p /usr/share/rancher/ui/api-ui && \
cd /usr/share/rancher/ui/api-ui && \
curl -sL https://releases.rancher.com/api-ui/${CATTLE_API_UI_VERSION}.tar.gz | tar xvzf - --strip-components=1 && \
mkdir -p /usr/share/rancher/ui-dashboard/dashboard && \
cd /usr/share/rancher/ui-dashboard/dashboard && \
curl -sL https://releases.rancher.com/dashboard/${CATTLE_DASHBOARD_UI_VERSION}.tar.gz | tar xvzf - --strip-components=2 && \
ln -s dashboard/index.html ../index.html && \
cd ../../ui/assets && \
curl -sfL ${CATTLE_SYSTEM_AGENT_DOWNLOAD_PREFIX}/${CATTLE_SYSTEM_AGENT_VERSION}/rancher-system-agent-arm64 -O && \
curl -sfL ${CATTLE_SYSTEM_AGENT_DOWNLOAD_PREFIX}/${CATTLE_SYSTEM_AGENT_VERSION}/rancher-system-agent-amd64 -O && \
curl -sfL ${CATTLE_SYSTEM_AGENT_INSTALL_SCRIPT} -o system-agent-install.sh && \
curl -sfL ${CATTLE_SYSTEM_AGENT_UNINSTALL_SCRIPT} -o system-agent-uninstall.sh && \
curl -sfL https://github.com/rancher/wins/releases/download/${CATTLE_WINS_AGENT_VERSION}/wins.exe -O && \
curl -sfL https://acs-mirror.azureedge.net/csi-proxy/${CATTLE_CSI_PROXY_AGENT_VERSION}/binaries/csi-proxy-${CATTLE_CSI_PROXY_AGENT_VERSION}.tar.gz -O && \
curl -sfL ${CATTLE_WINS_AGENT_INSTALL_SCRIPT} -o wins-agent-install.ps1 \
curl -sfL ${CATTLE_WINS_AGENT_UNINSTALL_SCRIPT} -o wins-agent-uninstall.ps1
ENV CATTLE_CLI_URL_DARWIN https://releases.rancher.com/cli2/${CATTLE_CLI_VERSION}/rancher-darwin-amd64-${CATTLE_CLI_VERSION}.tar.gz
ENV CATTLE_CLI_URL_LINUX https://releases.rancher.com/cli2/${CATTLE_CLI_VERSION}/rancher-linux-amd64-${CATTLE_CLI_VERSION}.tar.gz
ENV CATTLE_CLI_URL_WINDOWS https://releases.rancher.com/cli2/${CATTLE_CLI_VERSION}/rancher-windows-386-${CATTLE_CLI_VERSION}.zip
ENV CATTLE_SERVER_VERSION ${VERSION}
COPY --from=build /app/rancher /usr/bin/
COPY --from=build /app/package/entrypoint.sh /usr/bin/
COPY --from=build /app/package/kustomize.sh /usr/bin/
COPY --from=build app/package/jailer.sh /usr/bin/
COPY --from=build /app/k3s-airgap-images.tar /var/lib/rancher/k3s/agent/images/
RUN chmod +x /usr/bin/entrypoint.sh
RUN chmod +x /usr/bin/kustomize.sh
COPY --from=build /app/data.json /var/lib/rancher-data/driver-metadata/
ENV CATTLE_AGENT_IMAGE ${IMAGE_REPO}/rancher-agent:${VERSION}
ENV CATTLE_SERVER_IMAGE ${IMAGE_REPO}/rancher
ENV ETCDCTL_API=3
ENV SSL_CERT_DIR /etc/rancher/ssl
VOLUME /var/lib/rancher
VOLUME /var/lib/kubelet
VOLUME /var/lib/cni
VOLUME /var/log
ENV ETCD_UNSUPPORTED_ARCH ${ETCD_UNSUPPORTED_ARCH}
ENTRYPOINT ["entrypoint.sh"]