diff --git a/pipelines/concourse.yml b/pipelines/concourse.yml index 52c0df14..e7f4b843 100644 --- a/pipelines/concourse.yml +++ b/pipelines/concourse.yml @@ -331,14 +331,8 @@ jobs: - get: golang-builder-image trigger: true params: { format: oci-layout } - - get: containerd - trigger: true - - get: runc - trigger: true - get: gdn trigger: true - - get: cni - trigger: true - get: dumb-init trigger: true - get: resource-types-amd64 @@ -1495,22 +1489,6 @@ resources: repository: bosh-backup-and-restore access_token: ((concourse_github_dummy.access_token)) - - name: containerd - type: github-release - icon: *release-icon - source: - owner: containerd - repository: containerd - access_token: ((concourse_github_dummy.access_token)) - - - name: runc - type: github-release - icon: *release-icon - source: - owner: opencontainers - repository: runc - access_token: ((concourse_github_dummy.access_token)) - - name: dumb-init type: github-release icon: *release-icon @@ -1527,14 +1505,6 @@ resources: repository: garden-runc-release access_token: ((concourse_github_dummy.access_token)) - - name: cni - type: github-release - icon: *release-icon - source: - owner: containernetworking - repository: plugins - access_token: ((concourse_github_dummy.access_token)) - - name: mock-resource type: registry-image icon: *release-icon diff --git a/pipelines/release.yml b/pipelines/release.yml index 73c98292..695c073e 100644 --- a/pipelines/release.yml +++ b/pipelines/release.yml @@ -336,14 +336,8 @@ jobs: - get: golang-builder-image trigger: true params: { format: oci-layout } - - get: containerd - trigger: true - - get: runc - trigger: true - get: gdn trigger: true - - get: cni - trigger: true - get: dumb-init trigger: true - get: resource-types-amd64 @@ -1711,33 +1705,6 @@ resources: semver_constraint: ((dep_bin_versions.gdn)) access_token: ((concourse_github_dummy.access_token)) - - name: containerd - type: github-release - icon: *release-icon - source: - owner: containerd - repository: containerd - semver_constraint: ((dep_bin_versions.containerd)) - access_token: ((concourse_github_dummy.access_token)) - - - name: runc - type: github-release - icon: *release-icon - source: - owner: opencontainers - repository: runc - semver_constraint: ((dep_bin_versions.runc)) - access_token: ((concourse_github_dummy.access_token)) - - - name: cni - type: github-release - icon: *release-icon - source: - owner: containernetworking - repository: plugins - semver_constraint: ((dep_bin_versions.cni)) - access_token: ((concourse_github_dummy.access_token)) - - name: postgres-release type: bosh-io-release icon: *release-icon diff --git a/tasks/build-dev-image/Dockerfile b/tasks/build-dev-image/Dockerfile index 6141d009..7b10592f 100644 --- a/tasks/build-dev-image/Dockerfile +++ b/tasks/build-dev-image/Dockerfile @@ -36,39 +36,57 @@ RUN apk --no-cache add \ ca-certificates \ dumb-init -# Networking tools for container runtimes -RUN apk --no-cache add \ - iproute2 \ - iptables \ - ip6tables \ - # guardian runtime runs some script on startup to create iptable rules and - # requires the real xargs, not busybox's impl (https://github.com/cloudfoundry/guardian/blob/main/kawasaki/iptables/global_chains.go) - cmd:xargs - -# for worker/runtime/integration tests -RUN apk --no-cache add \ - mount \ - umount +RUN mkdir -p /usr/local/concourse/bin -# Add container runtime dependencies -# +# Container runtime, dependencies # For containerd backend: # - containerd binaries # - runc # - cni plugins -# - iptables (needed by cni plugins) +RUN apk --no-cache add \ + cni-plugins \ + runc \ + containerd + +# Copy containerd binaries +RUN cp /usr/bin/containerd* /usr/local/concourse/bin/ && \ + cp /usr/bin/ctr /usr/local/concourse/bin/ + +# Copy runc +RUN cp /usr/bin/runc /usr/local/concourse/bin/ + +# Copy CNI plugin binaries +RUN cp /usr/bin/bandwidth /usr/bin/bridge /usr/bin/dhcp /usr/bin/dummy \ + /usr/bin/firewall /usr/bin/host-device /usr/bin/host-local /usr/bin/ipvlan \ + /usr/bin/loopback /usr/bin/macvlan /usr/bin/portmap /usr/bin/ptp \ + /usr/bin/sbr /usr/bin/static /usr/bin/tap /usr/bin/tuning \ + /usr/bin/vlan /usr/bin/vrf \ + /usr/local/concourse/bin/ + +# Remove container runtime packages after they've been copied to the concourse bin directory +RUN apk --no-cache del \ + cni-plugins \ + runc \ + containerd + +# Add networking tools +RUN apk --no-cache add \ + iproute2 \ + iptables \ + ip6tables \ + # guardian runtime runs some script on startup to create iptable rules and + # requires the real xargs, not busybox's impl (https://github.com/cloudfoundry/guardian/blob/main/kawasaki/iptables/global_chains.go) + cmd:xargs -# Copies files from the bin directory of the tarball to /usr/local/concourse/bin -ADD containerd/containerd-*-linux-${TARGETARCH}.tar.gz /usr/local/concourse +# for worker/runtime/integration tests +RUN apk --no-cache add \ + mount \ + umount COPY gdn/gdn-linux-${TARGETARCH}-[0-9]*.*.* /usr/local/concourse/bin/gdn # wolfi does not have /var/run setup, which guardian depends on existing already RUN ln -sf /run /var/run -COPY runc/runc.${TARGETARCH} /usr/local/concourse/bin/runc - -ADD cni/cni-plugins-linux-${TARGETARCH}-*.tgz /usr/local/concourse/bin - RUN chmod -R +x /usr/local/concourse/bin # add fly executables diff --git a/tasks/build-dev-image/task.yml b/tasks/build-dev-image/task.yml index 324e76bb..6f54ba96 100644 --- a/tasks/build-dev-image/task.yml +++ b/tasks/build-dev-image/task.yml @@ -10,12 +10,6 @@ inputs: - name: ci - name: concourse - name: gdn - - name: containerd - optional: true - - name: runc - optional: true - - name: cni - optional: true - name: resource-types-amd64 - name: resource-types-arm64 - name: fly-linux