diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.2-r0.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.3.ebuild similarity index 78% rename from sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.2-r0.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.3.ebuild index 2cbe7bd844..f2d34a2902 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.2-r0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/etcd-wrapper-0.0.3.ebuild @@ -22,6 +22,8 @@ RDEPEND=">=app-emulation/rkt-1.9.1[rkt_stage1_fly]" S=${WORKDIR} src_install() { - dobin "${FILESDIR}"/etcd-wrapper - systemd_dounit "${FILESDIR}"/etcd-wrapper.service + exeinto /usr/lib/coreos + doexe "${FILESDIR}"/etcd-wrapper + + systemd_dounit "${FILESDIR}"/etcd-member.service } diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service new file mode 100644 index 0000000000..10d9f5df86 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-member.service @@ -0,0 +1,27 @@ +[Unit] +Description=etcd (System Application Container) +Documentation=https://github.com/coreos/etcd +Wants=network.target +Conflicts=etcd.service +Conflicts=etcd2.service + +[Service] +Type=notify +Restart=on-failure +RestartSec=10s +TimeoutStartSec=0 +LimitNOFILE=40000 + +Environment="ETCD_IMAGE_TAG=v3.0.10" +Environment="ETCD_NAME=%m" +Environment="ETCD_USER=etcd" +Environment="ETCD_DATA_DIR=/var/lib/etcd" +Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/etcd-member-wrapper.uuid" + +ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos +ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid +ExecStart=/usr/lib/coreos/etcd-wrapper $ETCD_OPTS +ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper old mode 100644 new mode 100755 index d56fded9c8..6a84dbc258 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper @@ -1,76 +1,80 @@ #!/usr/bin/bash -e # Wrapper for launching etcd via rkt. +# +# Make sure to set ETCD_IMAGE_TAG to an image tag published here: +# https://quay.io/repository/coreos/etcd?tab=tags Alternatively, +# override ETCD_IMAGE to a custom image. function require_ev_all() { - for rev in $@ ; do - if [[ -z ${!rev} ]]; then - echo ${rev} is not set - exit 1 - fi - done + for rev in $@ ; do + if [[ -z "${!rev}" ]]; then + echo ${rev} is not set + exit 1 + fi + done } function require_ev_one() { - for rev in $@ ; do - if [[ ! -z ${!rev} ]]; then - return - fi - done - echo One of $@ must be set - exit 1 + for rev in $@ ; do + if [[ ! -z "${!rev}" ]]; then + return + fi + done + echo One of $@ must be set + exit 1 } -require_ev_one ETCD_IMG ETCD_TAG -require_ev_all ETCD_IMG_USER ETCD_DATA_DIR +require_ev_one ETCD_IMAGE ETCD_IMAGE_TAG +require_ev_all ETCD_USER ETCD_DATA_DIR -if [[ ! -z ${ETCD_TAG} ]]; then - ETCD_IMG="${ETCD_IMG:-coreos.com/etcd:${ETCD_TAG}}" - RKT_RUN_ARGS="${RKT_RUN_ARGS} \ - --trust-keys-from-https - " +ETCD_IMAGE_URL="${ETCD_IMAGE_URL:-quay.io/coreos/etcd}" +ETCD_IMAGE="${ETCD_IMAGE:-${ETCD_IMAGE_URL}:${ETCD_IMAGE_TAG}}" + +if [[ "${ETCD_IMAGE%%/*}" == "quay.io" ]]; then + RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https" fi -if [[ ! -e ${ETCD_DATA_DIR} ]]; then - mkdir -p ${ETCD_DATA_DIR} - chown ${ETCD_IMG_USER} ${ETCD_DATA_DIR} +if [[ ! -e "${ETCD_DATA_DIR}" ]]; then + mkdir --parents "${ETCD_DATA_DIR}" + chown "${ETCD_USER}" "${ETCD_DATA_DIR}" fi -SYSTEMD_SYSTEM_DIR_SRC=${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system} -if [[ -d ${SYSTEMD_SYSTEM_DIR_SRC} ]]; then - RKT_RUN_ARGS="${RKT_RUN_ARGS} \ - --mount volume=systemd-dir,target=/run/systemd/system \ - --volume systemd-dir,kind=host,source=${SYSTEMD_SYSTEM_DIR_SRC},readOnly=true \ - " +ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/certs}" + +SYSTEMD_SYSTEM_DIR_SRC="${SYSTEMD_SYSTEM_DIR_SRC:-/run/systemd/system}" +if [[ -d "${SYSTEMD_SYSTEM_DIR_SRC}" ]]; then + RKT_RUN_ARGS="${RKT_RUN_ARGS} \ + --mount volume=systemd-dir,target=/run/systemd/system \ + --volume systemd-dir,kind=host,source=${SYSTEMD_SYSTEM_DIR_SRC},readOnly=true \ + " fi - -if [[ -S ${NOTIFY_SOCKET} ]]; then - RKT_RUN_ARGS="${RKT_RUN_ARGS} \ - --mount volume=notify,target=/run/systemd/notify \ - --volume notify,kind=host,source=${NOTIFY_SOCKET} \ - --set-env=NOTIFY_SOCKET=/run/systemd/notify \ - " +if [[ -S "${NOTIFY_SOCKET}" ]]; then + RKT_RUN_ARGS="${RKT_RUN_ARGS} \ + --mount volume=notify,target=/run/systemd/notify \ + --volume notify,kind=host,source=${NOTIFY_SOCKET} \ + --set-env=NOTIFY_SOCKET=/run/systemd/notify \ + " fi -SSL_CERTS_SRC=${SSL_CERTS_SRC:-/etc/ssl/certs} -ETC_HOSTS_SRC=${ETC_HOSTS_SRC:-/etc/hosts} -ETCD_IMG_EXEC=${ETCD_IMG_EXEC:-/etcd} - -RKT=${RKT:-/usr/bin/rkt} -RKT_STAGE1_ARG=${RKT_STAGE1_ARG:-"--stage1-from-dir=stage1-fly.aci"} +RKT="${RKT:-/usr/bin/rkt}" +RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}" set -x exec ${RKT} ${RKT_GLOBAL_ARGS} \ - run ${RKT_RUN_ARGS} \ - --volume data-dir,kind=host,source=${ETCD_DATA_DIR} \ - \ - --mount volume=etc-ssl-certs,target=/etc/ssl/certs \ - --volume etc-ssl-certs,kind=host,source=${SSL_CERTS_SRC} \ - \ - --mount volume=etc-hosts,target=/etc/hosts \ - --volume etc-hosts,kind=host,source=${ETC_HOSTS_SRC} \ - \ - ${RKT_STAGE1_ARG} \ - ${ETCD_IMG} ${ETCD_IMG_ARGS} \ - --user=$(id -u ${ETCD_IMG_USER}) \ - --exec=${ETCD_IMG_EXEC} -- \ - "$@" + run ${RKT_RUN_ARGS} \ + --volume data-dir,kind=host,source="${ETCD_DATA_DIR}",readOnly=false \ + --volume etc-ssl-certs,kind=host,source="${ETCD_SSL_DIR}",readOnly=true \ + --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ + --volume etc-hosts,kind=host,source=/etc/hosts,readOnly=true \ + --volume etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true \ + --mount volume=data-dir,target=/var/lib/etcd \ + --mount volume=etc-ssl-certs,target=/etc/ssl/certs \ + --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ + --mount volume=etc-hosts,target=/etc/hosts \ + --mount volume=etc-resolv,target=/etc/resolv.conf \ + --inherit-env \ + ${RKT_STAGE1_ARG} \ + ${ETCD_IMAGE} \ + ${ETCD_IMAGE_ARGS} \ + --user=$(id -u "${ETCD_USER}") \ + -- "$@" diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service b/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service deleted file mode 100644 index 85dabc4e8c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/etcd-wrapper/files/etcd-wrapper.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=etcd (System Application Container) -Conflicts=etcd.service -Conflicts=etcd2.service - -[Service] -Type=notify -Environment=ETCD_NAME=%m -Environment=ETCD_IMG_USER=etcd -Environment=ETCD_DATA_DIR=/var/lib/etcd -Environment=ETCD_TAG= -ExecStart=/usr/bin/etcd-wrapper $ETCD_OPTS -Restart=always -RestartSec=10s -LimitNOFILE=40000 -TimeoutStartSec=0 - -[Install] -WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.network b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.network new file mode 100644 index 0000000000..c0e4e0e6da --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/50-flannel.network @@ -0,0 +1,4 @@ +[Match] +Name=flannel* + +[Network] diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-docker-opts.service b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-docker-opts.service new file mode 100644 index 0000000000..c089910c91 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-docker-opts.service @@ -0,0 +1,23 @@ +[Unit] +Description=flannel docker export service - Network fabric for containers (System Application Container) +Documentation=https://github.com/coreos/flannel +After=flannel.service +PartOf=flannel.service +Before=docker.service + +[Service] +Type=simple +Restart=on-failure +RestartSec=10 +TimeoutStartSec=60 + +Environment="FLANNEL_IMAGE_TAG=v0.6.2" +Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper2.uuid" +Environment="FLANNEL_IMAGE_ARGS=--exec=/opt/bin/mk-docker-opts.sh" + +ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/flannel-wrapper2.uuid +ExecStart=/usr/lib/coreos/flannel-wrapper -d /run/flannel/flannel_docker_opts.env -i +ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/flannel-wrapper2.uuid + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-wrapper b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-wrapper new file mode 100755 index 0000000000..689c23afd2 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flannel-wrapper @@ -0,0 +1,84 @@ +#!/bin/bash -e +# Wrapper for launching flannel via rkt. +# +# Make sure to set FLANNEL_IMAGE_TAG to an image tag published here: +# https://quay.io/repository/coreos/flannel?tab=tags Alternatively, +# override FLANNEL_IMAGE to a custom image. + +function require_ev_all() { + for rev in $@ ; do + if [[ -z "${!rev}" ]]; then + echo "${rev}" is not set + exit 1 + fi + done +} + +function require_ev_one() { + for rev in $@ ; do + if [[ ! -z "${!rev}" ]]; then + return + fi + done + echo One of $@ must be set + exit 1 +} + +if [[ -n "${FLANNEL_VER}" ]]; then + echo FLANNEL_VER environment variable is deprecated, please use FLANNEL_IMAGE_TAG instead +fi + +if [[ -n "${FLANNEL_IMG}" ]]; then + echo FLANNEL_IMG environment variable is deprecated, please use FLANNEL_IMAGE_URL instead +fi + +FLANNEL_IMAGE_TAG="${FLANNEL_IMAGE_TAG:-${FLANNEL_VER}}" + +require_ev_one FLANNEL_IMAGE FLANNEL_IMAGE_TAG + +FLANNEL_IMAGE_URL="${FLANNEL_IMAGE_URL:-${FLANNEL_IMG:-quay.io/coreos/flannel}}" +FLANNEL_IMAGE="${FLANNEL_IMAGE:-${FLANNEL_IMAGE_URL}:${FLANNEL_IMAGE_TAG}}" + +if [[ "${FLANNEL_IMAGE%%/*}" == "quay.io" ]]; then + RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https" +fi + +ETCD_SSL_DIR="${ETCD_SSL_DIR:-/etc/ssl/etcd}" +if [[ -d "${ETCD_SSL_DIR}" ]]; then + RKT_RUN_ARGS="${RKT_RUN_ARGS} \ + --volume ssl,kind=host,source=${ETCD_SSL_DIR},readOnly=true \ + --mount volume=ssl,target=${ETCD_SSL_DIR} \ + " +fi + +if [[ -S "${NOTIFY_SOCKET}" ]]; then + RKT_RUN_ARGS="${RKT_RUN_ARGS} \ + --mount volume=notify,target=/run/systemd/notify \ + --volume notify,kind=host,source=${NOTIFY_SOCKET} \ + --set-env=NOTIFY_SOCKET=/run/systemd/notify \ + " +fi + +mkdir --parents /run/flannel + +RKT="${RKT:-/usr/bin/rkt}" +RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}" +set -x +exec ${RKT} ${RKT_GLOBAL_ARGS} \ + run ${RKT_RUN_ARGS} \ + --net=host \ + --volume run-flannel,kind=host,source=/run/flannel,readOnly=false \ + --volume etc-ssl-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ + --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ + --volume etc-hosts,kind=host,source=/etc/hosts,readOnly=true \ + --volume etc-resolv,kind=host,source=/etc/resolv.conf,readOnly=true \ + --mount volume=run-flannel,target=/run/flannel \ + --mount volume=etc-ssl-certs,target=/etc/ssl/certs \ + --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ + --mount volume=etc-hosts,target=/etc/hosts \ + --mount volume=etc-resolv,target=/etc/resolv.conf \ + --inherit-env \ + ${RKT_STAGE1_ARG} \ + ${FLANNEL_IMAGE} \ + ${FLANNEL_IMAGE_ARGS} \ + -- "$@" diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flanneld.service b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flanneld.service new file mode 100644 index 0000000000..c059ab61c5 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/files/flanneld.service @@ -0,0 +1,27 @@ +[Unit] +Description=flannel - Network fabric for containers (System Application Container) +Documentation=https://github.com/coreos/flannel +After=etcd.service etcd2.service etcd-member.service +Before=docker.service flannel-docker-opts.service +Requires=flannel-docker-opts.service + +[Service] +Type=notify +Restart=always +RestartSec=10s +LimitNOFILE=40000 +LimitNPROC=1048576 + +Environment="FLANNEL_IMAGE_TAG=v0.6.2" +Environment="FLANNEL_OPTS=--ip-masq=true" +Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper.uuid" +EnvironmentFile=-/run/flannel/options.env + +ExecStartPre=/sbin/modprobe ip_tables +ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos /run/flannel +ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/flannel-wrapper.uuid +ExecStart=/usr/lib/coreos/flannel-wrapper $FLANNEL_OPTS +ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/flannel-wrapper.uuid + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/flannel-wrapper-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/flannel-wrapper-0.0.1.ebuild new file mode 100644 index 0000000000..9d4cb7e6eb --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/flannel-wrapper/flannel-wrapper-0.0.1.ebuild @@ -0,0 +1,34 @@ +# Copyright (c) 2014 CoreOS, Inc.. All rights reserved. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd + +DESCRIPTION="flannel (System Application Container)" +HOMEPAGE="https://github.com/coreos/flannel" + +KEYWORDS="amd64" +SRC_URI="" + +LICENSE="Apache-2.0" +SLOT="0" +IUSE="" + +RDEPEND=" + !app-admin/flannel + >=app-emulation/rkt-1.9.1[rkt_stage1_fly] +" + +S="$WORKDIR" + +src_install() { + exeinto /usr/lib/coreos + doexe "${FILESDIR}"/flannel-wrapper + + systemd_dounit "${FILESDIR}"/flanneld.service + systemd_dounit "${FILESDIR}"/flannel-docker-opts.service + + insinto /usr/lib/systemd/network + doins "${FILESDIR}"/50-flannel.network +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper b/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper old mode 100644 new mode 100755 index 3526b4b9f7..94a160bb3f --- a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper @@ -1,39 +1,82 @@ #!/bin/bash -# Wrapper for launching kubelet via rkt-fly stage1. +# Wrapper for launching kubelet via rkt-fly. # -# Make sure to set KUBELET_VERSION to an image tag published here: +# Make sure to set KUBELET_IMAGE_TAG to an image tag published here: # https://quay.io/repository/coreos/hyperkube?tab=tags Alternatively, -# override $KUBELET_ACI to a custom location. +# override KUBELET_IMAGE to a custom image. set -e -if [ -z "${KUBELET_VERSION}" ]; then - echo "ERROR: must set KUBELET_VERSION" - exit 1 +function require_ev_all() { + for rev in $@ ; do + if [[ -z "${!rev}" ]]; then + echo "${rev}" is not set + exit 1 + fi + done +} + +function require_ev_one() { + for rev in $@ ; do + if [[ ! -z "${!rev}" ]]; then + return + fi + done + echo One of $@ must be set + exit 1 +} + +if [[ -n "${KUBELET_VERSION}" ]]; then + echo KUBELET_VERSION environment variable is deprecated, please use KUBELET_IMAGE_TAG instead fi -KUBELET_ACI="${KUBELET_ACI:-quay.io/coreos/hyperkube}" +if [[ -n "${KUBELET_ACI}" ]]; then + echo KUBELET_ACI environment variable is deprecated, please use the KUBELET_IMAGE_URL instead +fi + +if [[ -n "${RKT_OPTS}" ]]; then + echo RKT_OPTS environment variable is deprecated, please use the RKT_RUN_ARGS instead +fi + +KUBELET_IMAGE_TAG="${KUBELET_IMAGE_TAG:-${KUBELET_VERSION}}" + +require_ev_one KUBELET_IMAGE KUBELET_IMAGE_TAG + +KUBELET_IMAGE_URL="${KUBELET_IMAGE_URL:-${KUBELET_ACI:-quay.io/coreos/hyperkube}}" +KUBELET_IMAGE="${KUBELET_IMAGE:-${KUBELET_IMAGE_URL}:${KUBELET_IMAGE_TAG}}" + +RKT_RUN_ARGS="${RKT_RUN_ARGS} ${RKT_OPTS}" + +if [[ "${KUBELET_IMAGE%%/*}" == "quay.io" ]]; then + RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https" +fi mkdir --parents /etc/kubernetes mkdir --parents /var/lib/docker mkdir --parents /var/lib/kubelet mkdir --parents /run/kubelet -exec /usr/bin/rkt run \ - --volume etc-kubernetes,kind=host,source=/etc/kubernetes \ - --volume etc-ssl-certs,kind=host,source=/usr/share/ca-certificates \ - --volume var-lib-docker,kind=host,source=/var/lib/docker \ - --volume var-lib-kubelet,kind=host,source=/var/lib/kubelet \ - --volume os-release,kind=host,source=/usr/lib/os-release \ - --volume run,kind=host,source=/run \ - --mount volume=etc-kubernetes,target=/etc/kubernetes \ - --mount volume=etc-ssl-certs,target=/etc/ssl/certs \ - --mount volume=var-lib-docker,target=/var/lib/docker \ - --mount volume=var-lib-kubelet,target=/var/lib/kubelet \ - --mount volume=os-release,target=/etc/os-release \ - --mount volume=run,target=/run \ - --trust-keys-from-https \ - $RKT_OPTS \ - --stage1-from-dir=stage1-fly.aci \ - ${KUBELET_ACI}:${KUBELET_VERSION} --exec=/kubelet -- "$@" - +RKT="${RKT:-/usr/bin/rkt}" +RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}" +KUBELET_IMAGE_ARGS=${KUBELET_IMAGE_ARGS:---exec=/kubelet} +set -x +exec ${RKT} ${RKT_GLOBAL_ARGS} \ + run ${RKT_RUN_ARGS} \ + --volume etc-kubernetes,kind=host,source=/etc/kubernetes,readOnly=false \ + --volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \ + --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \ + --volume var-lib-docker,kind=host,source=/var/lib/docker,readOnly=false \ + --volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \ + --volume os-release,kind=host,source=/usr/lib/os-release,readOnly=true \ + --volume run,kind=host,source=/run,readOnly=false \ + --mount volume=etc-kubernetes,target=/etc/kubernetes \ + --mount volume=etc-ssl-certs,target=/etc/ssl/certs \ + --mount volume=usr-share-certs,target=/usr/share/ca-certificates \ + --mount volume=var-lib-docker,target=/var/lib/docker \ + --mount volume=var-lib-kubelet,target=/var/lib/kubelet \ + --mount volume=os-release,target=/etc/os-release \ + --mount volume=run,target=/run \ + ${RKT_STAGE1_ARG} \ + ${KUBELET_IMAGE} \ + ${KUBELET_IMAGE_ARGS} \ + -- "$@" diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.1-r5.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.2.ebuild similarity index 87% rename from sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.1-r5.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.2.ebuild index 5041ad02dc..baeaa4162d 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.1-r5.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.2.ebuild @@ -4,7 +4,7 @@ # $Header:$ # -EAPI=5 +EAPI=6 DESCRIPTION="Kubernetes Container Manager" HOMEPAGE="http://kubernetes.io/" @@ -14,7 +14,7 @@ LICENSE="Apache-2.0" SLOT="0" IUSE="" -RDEPEND=app-emulation/rkt +RDEPEND=">=app-emulation/rkt-1.9.1[rkt_stage1_fly]" # work around ${WORKDIR}/${P} not existing S=${WORKDIR} diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r4.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r3.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.12.1-r4.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service index 3b283f1205..88b5eba55b 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service @@ -6,7 +6,7 @@ Requires=docker.socket early-docker.target [Service] Type=notify -EnvironmentFile=-/run/flannel_docker_opts.env +EnvironmentFile=-/run/flannel/flannel_docker_opts.env MountFlags=slave # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r274.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r275.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r274.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r275.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild index ecde96a394..561e487038 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild @@ -98,10 +98,10 @@ RDEPEND="${RDEPEND} app-emulation/xenstore sys-auth/realmd sys-auth/sssd + app-admin/flannel-wrapper )" RDEPEND="${RDEPEND} - app-admin/flannel app-admin/fleet app-admin/locksmith app-admin/mayday