mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
Code Activity

images: base the default image on distroless/base

Browse source 
Make distroless/base as the base image for the default image,
effectively making the minimal image as the default. Add a new "full"
image variant that corresponds the previous default image. The
"*-minimal" container image tag is provided for backwards compatibility.

The practical user impact of this change is that hook support is limited
to statically linked ELF binaries. Bash or Perl scripts are not
supported by the default image, anymore, but the new "full" image
variant can be used for backwards compatibility.
This commit is contained in:
Markus Lehtonen 2023-01-10 20:50:54 +02:00
parent 080105c772
commit cd62f6566f
4 changed files with 37 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
Makefile
View file

@ -73,14 +73,15 @@ IMAGE_BUILD_ARGS = --build-arg VERSION=$(VERSION) \
--build-arg BASE_IMAGE_MINIMAL=$(BASE_IMAGE_MINIMAL)
IMAGE_BUILD_ARGS_FULL = --target full \
-t $(IMAGE_TAG) \
$(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag)) \
$(IMAGE_BUILD_EXTRA_OPTS) ./
-t $(IMAGE_TAG)-full \
$(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag)-full) \
$(IMAGE_BUILD_EXTRA_OPTS) ./
IMAGE_BUILD_ARGS_MINIMAL = --target minimal \
-t $(IMAGE_TAG)-minimal \
$(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag)-minimal) \
$(IMAGE_BUILD_EXTRA_OPTS) ./
-t $(IMAGE_TAG) \
-t $(IMAGE_TAG)-minimal \
$(foreach tag,$(IMAGE_EXTRA_TAGS),-t $(tag) -t $(tag)-minimal) \
$(IMAGE_BUILD_EXTRA_OPTS) ./
all: image
@ -187,7 +188,7 @@ e2e-test:
-nfd.pull-if-not-present=$(E2E_PULL_IF_NOT_PRESENT) \
-ginkgo.focus="\[kubernetes-sigs\]" \
$(if $(OPENSHIFT),-nfd.openshift,)
$(GO_CMD) test -v ./test/e2e/ -args -nfd.repo=$(IMAGE_REPO) -nfd.tag=$(IMAGE_TAG_NAME)-minimal \
$(GO_CMD) test -v ./test/e2e/ -args -nfd.repo=$(IMAGE_REPO) -nfd.tag=$(IMAGE_TAG_NAME)-full \
-kubeconfig=$(KUBECONFIG) \
-nfd.e2e-config=$(E2E_TEST_CONFIG) \
-nfd.pull-if-not-present=$(E2E_PULL_IF_NOT_PRESENT) \
@ -197,7 +198,12 @@ e2e-test:
push:
$(IMAGE_PUSH_CMD) $(IMAGE_TAG)
$(IMAGE_PUSH_CMD) $(IMAGE_TAG)-minimal
for tag in $(IMAGE_EXTRA_TAGS); do $(IMAGE_PUSH_CMD) $$tag; $(IMAGE_PUSH_CMD) $$tag-minimal; done
$(IMAGE_PUSH_CMD) $(IMAGE_TAG)-full
for tag in $(IMAGE_EXTRA_TAGS); do \
$(IMAGE_PUSH_CMD) $$tag; \
$(IMAGE_PUSH_CMD) $$tag-minimal; \
$(IMAGE_PUSH_CMD) $$tag-full; \
done
push-all: ensure-buildx yamls
$(IMAGE_BUILDX_CMD) --push $(IMAGE_BUILD_ARGS) $(IMAGE_BUILD_ARGS_FULL)
@ -205,7 +211,7 @@ push-all: ensure-buildx yamls
poll-images:
set -e; \
tags="$(foreach tag,$(IMAGE_TAG_NAME) $(IMAGE_EXTRA_TAG_NAMES),$(tag) $(tag)-minimal)" \
tags="$(foreach tag,$(IMAGE_TAG_NAME) $(IMAGE_EXTRA_TAG_NAMES),$(tag) $(tag)-minimal $(tag)-full)" \
base_url=`echo $(IMAGE_REPO) | sed -e s'!\([^/]*\)!\1/v2!'`; \
for tag in $$tags; do \
image=$(IMAGE_REPO):$$tag \

21
docs/deployment/image-variants.md
View file

@ -15,21 +15,24 @@ sort: 1
---
NFD currently offers two variants of the container image. The "full" variant is
NFD currently offers two variants of the container image. The "minimal" variant is
currently deployed by default. Released container images are available for
x86_64 and Arm64 architectures.
## Full
This image is based on [debian:bullseye-slim](https://hub.docker.com/_/debian)
and contains a full Linux system for running shell-based nfd-worker hooks and
doing live debugging and diagnosis of the NFD images.
## Minimal
This is a minimal image based on
[gcr.io/distroless/base](https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md)
and only supports running statically linked binaries.
The container image tag has suffix `-minimal`
(e.g. `{{ site.container_image }}-minimal`)
For backwards compatibility a container image tag with suffix `-minimal`
(e.g. `{{ site.container_image }}-minimal`) is provided.
## Full
This image is based on [debian:bullseye-slim](https://hub.docker.com/_/debian)
and contains a full Linux system for running shell-based nfd-worker hooks and
doing live debugging and diagnosis of the NFD images.
The container image tag has suffix `-full`
(e.g. `{{ site.container_image }}-full`).

5
docs/reference/worker-configuration-reference.md
View file

@ -336,6 +336,11 @@ Hooks are DEPRECATED since v0.12.0 release and support will be removed in a
future release. Use
[feature files](../usage//customization-guide.md#feature-files) instead.
Note: The default NFD container image only supports statically linked binaries.
Use the [full](../deployment/image-variants.md#full) image variant for a
slightly more extensive environment that additionally supports bash and perl
runtimes.
Related tracking issues:
1. Config option to disable hooks [#859](https://github.com/kubernetes-sigs/node-feature-discovery/issues/859).

10
docs/usage/customization-guide.md
View file

@ -257,9 +257,8 @@ on the nfd-master command line.
**DEPRECATED** The `local` source executes hooks found in
`/etc/kubernetes/node-feature-discovery/source.d/`. The hook files must be
executable and they are supposed to print all discovered features in `stdout`.
With ELF binaries static linking is recommended as the selection of system
libraries available in the NFD release image is very limited. Other runtimes
currently supported by the NFD image are bash and perl.
Since NFD v0.13 the default container image only supports statically linked ELF
binaries.
`stderr` output of hooks is propagated to NFD log so it can be used for
debugging and logging.
@ -284,8 +283,9 @@ sources:
directory. It is the user's responsibility to review the hooks for e.g.
possible security implications.
**NOTE:** The [minimal](../deployment/image-variants.md#minimal) image
variant only supports running statically linked binaries.
**NOTE:** The [full](../deployment/image-variants.md#full) image variant
provides backwards-compatibility with older NFD versions by including a more
expanded environment, supporting bash and perl runtimes.
### Feature files