-
Notifications
You must be signed in to change notification settings - Fork 5
/
Containerfile
86 lines (73 loc) · 4.47 KB
/
Containerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# **Description:**
# > IMPORTANT NOTE: This is BOOTC. This is meant for bootable container applications. See: https://github.com/containers/podman-desktop-extension-bootc
#
# This Containerfile creates a k3s NODE on AMD64 using CentOS Stream 9. So you can run a k8s server on boot.
#
# You must know the IP address of the master in order for these nodes to connect.
# **PRIVATE REGISTRY:**
# If you want to pull from a private registry. Uncomment the "COPY auth.json /etc/ostree/auth.json" line and add your auth.json file.
# this auth.json file is typically found in ~/.config/containers/auth.json for podman users.
# **Expanding your rootfs:**
# * If you want your OS to expand it's rootfs automatically, ENABLE THIS `# RUN systemctl enable bootc-generic-growpart.service` from the Containerfile.
# * This is disabled by default as it can be dangerous if you are not using a VM or a disk that can be expanded.
# * This is good for situations like cloud providers, usb sticks, etc.
#
# **GPU:**
# * Want GPU? Change the FROM to `git.k8s.land/cdrage/bootc-nvidia-base-fedora` / see `bootc-nvidia-base-fedora` folder for more details.
# * GPU drivers will be built + loaded on each boot.
# * This README is outside of the scope of **how** to use GPU with k3s, but view the k3s advanced docs for more information: https://docs.k3s.io/advanced#nvidia-container-runtime-support read it thoroughly as you WILL need nvidia-device-plugin installed and modified to ensure it has runtimeClassName set.
#
# Notes:
# * The default user is root, and the ssh key is placed in /usr/ssh/root.keys this is enabled so we can scp / ssh and get the kubeconfig file (/etc/rancher/k3s/k3s.yaml)
# * a unique hostname must be set or else it is rejected by the master k3s server for being not unique
#
# Arguments are required in order to build this image with both your k3s token and your SSH public key. To do this, you must have the following (you can pass in this via --build-arg foo=bar on the CLI):
# * HOSTNAME=k8snode1
# * K3S_URL=https://k8smaster:6443
# * K3S_TOKEN=MySuperSecretK3sToken
# * SSH_PUBLIC_KEY=MySSHPublicKeyNOTThePrivateKey
# * K8S_VERSION=1.29.4
#
# **Running:**
# 1. Create disk image using the above extension
# 2. Boot OS
# 3. See that it creates the k3s agent on boot / connects to the k8s server
# 4. use kubectl get nodes and you should see your server.
#! Use the below base image if you want to use GPU (you'll have to built it yourself FYI!)
#! FROM ghcr.io/cdrage/bootc-nvidia-base-centos
#! Or other base registry images such as rhel9
#! FROM registry.redhat.io/rhel9/rhel-bootc:9.4
#! We use Fedora 40 as we find it the most stable for Kubernetes
FROM quay.io/fedora/fedora-bootc:40
#! ARGUMENTS
#! Intentionally left blank so users know to pass them in... the build will fail if they don't.
ARG HOSTNAME
ARG K3S_URL
ARG K3S_TOKEN
ARG SSH_PUBLIC_KEY
ARG K8S_VERSION=1.30.1
#! Copy over all usr files
COPY usr/ /usr/
#! Set hostname
#! Hostname does NOT work due to: https://gitlab.com/fedora/bootc/tracker/-/issues/25
#! Instead there is a oneshot systemd service that sets the hostname on boot
RUN echo "HOSTNAME=${HOSTNAME}" > /etc/systemd/system/hostname.service.env
#! UNCOMMENT if you want to add auth.json for pulling images from a private registry for bootc
# COPY auth.json /etc/ostree/auth.json
#! Install AMD64 k3s
RUN curl -Lo /usr/local/bin/k3s https://github.com/k3s-io/k3s/releases/download/v${K8S_VERSION}%2Bk3s1/k3s; chmod a+x /usr/local/bin/k3s
RUN echo "K3S_TOKEN=${K3S_TOKEN}" > /etc/systemd/system/k3s.service.env
RUN echo "K3S_URL=${K3S_URL}" >> /etc/systemd/system/k3s.service.env
#! Install AMD64 kubectl for internal testing
RUN curl -Lo /usr/local/bin/kubectl https://dl.k8s.io/release/v${K8S_VERSION}/bin/linux/amd64/kubectl; chmod a+x /usr/local/bin/kubectl
#! Add the SSH key from SSH_PUBLIC_KEY so we can actually get the kubeconfig file
RUN set -eu; mkdir -p /usr/ssh && \
echo 'AuthorizedKeysFile /usr/ssh/%u.keys .ssh/authorized_keys .ssh/authorized_keys2' >> /etc/ssh/sshd_config.d/30-auth-system.conf && \
echo ${SSH_PUBLIC_KEY} > /usr/ssh/root.keys && chmod 0600 /usr/ssh/root.keys
#! Enable all the services we will be using
RUN systemctl enable k3s.service
RUN systemctl enable hostname.service
#! If you want your OS to expand it's rootfs automatically, ENABLE THIS.
#! This is disabled by default as it can be dangerous if you are not using a VM or a disk that can be expanded.
#! This is good for situations like cloud providers, usb sticks, etc.
#! RUN systemctl enable bootc-generic-growpart.service