Initial commit

Author: smarterclayton

.gitignore

@@ -0,0 +1 @@
+/image-build-daemon

Makefile

@@ -0,0 +1,22 @@
+
+build:
+	go build ./cmd/image-build-daemon
+.PHONY: build
+
+check:
+	go test ./...
+.PHONY: check
+
+deps:
+	glide update -v --skip-test
+.PHONY: deps
+
+fake:
+	docker run --name daemon-test -d -v /var/run/docker \
+		-l io.kubernetes.pod.uid=123 \
+		-l io.kubernetes.pod.namespace=test \
+		-l io.kubernetes.pod.name=daemon \
+		-l io.kubernetes.container.name=sleep \
+		--cgroup-parent system.slice \
+		centos:7 /bin/bash -c 'exec sleep 10000'
+.PHONY: fake

README.md

@@ -0,0 +1,62 @@
+image-build-daemon
+==================
+
+This project is in early `alpha` and may change significantly in the
+future.
+
+The image-build-daemon acts as a Kubernetes-aware Docker build endpoint
+that limits what operations clients can perform to a safe subset and
+ensures the resources those clients consume are charged back to their
+pod. It automatically injects a Docker-API compatible unix domain socket
+into any pod that mounts a read-write emptydir to `/var/run/docker/`,
+and then accepts the following Docker API calls:
+
+* `build`: Perform Docker builds that are placed into the calling pod's
+  cgroup
+* `tag`: Tag an image that was created by a build with a different name
+* `list-images`: List any images built by this pod
+* `remove-image`: Remove an image created by this pod
+* `push`: Push an image created by this pod
+
+The daemon performs cleanup, quota, and scoping to the calling pod,
+ensuring that resources consumed by a build pod are fairly used. The
+normal Docker CLI or API client can create operations, although not all
+parameters are supported.
+
+The daemon also supports multiple backends with the future goal of
+removing the need for a Docker daemon on the host, specified with
+`--mode`:
+
+* `passthrough` - Use the host's Docker socket to perform operations
+* `imagebuilder` - Use the
+  [imagebuilder](https://github.com/openshift/imagebuilder) library to
+perform more efficient builds
+* FUTURE: `buildah` - Avoid using a shared daemon and instead execute
+  builds under the calling pod's context.
+
+## Trying it out
+
+Clone the source into your GOPATH and build with:
+
+    make
+
+To test locally without a running Kubernetes server, start your Docker 
+daemon and then run:
+
+    ./image-build-daemon -v=5 --bind-local=/tmp &
+
+To start the daemon running in the background. Then launch a fake
+Kubernetes container with
+
+    make fake
+
+The container named `daemon-test` will be started, and 
+`image-build-daemon` will create `/tmp/docker.sock` (due to 
+`--bind-local` being passed).
+
+To test against the daemon, run 
+
+    export DOCKER_HOST=unix:///tmp/docker.sock 
+    docker build vendor/github.com/openshift/imagebuilder/dockerclient/testdata/volume/
+
+And you should see a build created.

cmd/image-build-daemon/main.go

@@ -0,0 +1,26 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"math/rand"
+	"os"
+	"time"
+
+	"github.com/openshift/image-build-daemon/pkg/cmd"
+	"github.com/openshift/image-build-daemon/pkg/logs"
+)
+
+func main() {
+	logs.InitLogs()
+	defer logs.FlushLogs()
+
+	rand.Seed(time.Now().UTC().UnixNano())
+
+	command := cmd.New("")
+	command.PersistentFlags().AddGoFlag(flag.Lookup("v"))
+	if err := command.Execute(); err != nil {
+		fmt.Fprintf(os.Stderr, "error: %v\n", err)
+		os.Exit(1)
+	}
+}

contrib/docker-daemon.yaml

@@ -0,0 +1,49 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: build-daemon
+spec:
+  selector:
+    matchLabels:
+      app: build-daemon
+  template:
+    metadata:
+      labels:
+        app: build-daemon
+    spec:
+      containers:
+      - name: docker
+        image: openshift/origin-custom-docker-builder:latest
+        imagePullPolicy: IfNotPresent
+        command:
+        - /bin/bash
+        - -c
+        - |
+          #!/bin/bash
+          set -o errexit
+          rm -rf /usr/libexec/oci/hooks.d/*
+          exec dockerd-current --iptables=false --storage-driver=overlay2 --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --exec-opt native.cgroupdriver=systemd
+        securityContext:
+          runAsUser: 0
+          privileged: true
+        volumeMounts:
+        - mountPath: /run/systemd
+          name: host-run-systemd
+        - mountPath: /var/run/dbus
+          name: host-var-run-dbus
+        - mountPath: /sys/fs/cgroup
+          name: host-sys-fs-cgroup
+        - mountPath: /var/lib/docker
+          name: storage
+      volumes:
+      - name: host-run-systemd
+        hostPath:
+          path: /run/systemd
+      - name: host-var-run-dbus
+        hostPath:
+          path: /var/run/dbus
+      - name: host-sys-fs-cgroup
+        hostPath:
+          path: /sys/fs/cgroup
+      - name: storage
+        emptyDir: {}

doc.go

@@ -0,0 +1,9 @@
+// package daemon implements a Docker build daemon that can answer requests
+// via the Docker engine build, push, commit, and tag API for containerized
+// callers to use safely.
+//
+// Clients request a domain socket be placed into their container at a
+// pre-arranged location by creating an appropriate volume mount. A socket
+// emulating the Docker engine API for a limited set of operations and
+// imposing additional restrictions will respond to that container.
+package daemon

glide.lock

@@ -0,0 +1,28 @@
+package: github.com/openshift/image-build-daemon
+import:
+- package: github.com/MakeNowJust/heredoc
+- package: github.com/davecgh/go-spew
+  subpackages:
+  - spew
+- package: github.com/docker/docker
+  version: b68221c37ee597950364788204546f9c9d0e46a1
+  subpackages:
+  - api
+  - builder/dockerfile/parser
+  - pkg/archive
+  - pkg/homedir
+- package: github.com/fsouza/go-dockerclient
+  repo:    [email protected]:openshift/go-dockerclient
+  version: openshift-3.9
+- package: github.com/golang/glog
+- package: github.com/gorilla/context
+- package: github.com/openshift/imagebuilder
+  version: master
+  subpackages:
+  - dockerclient
+- package: github.com/spf13/cobra
+- package: github.com/spf13/pflag
+testImport:
+- package: github.com/stretchr/testify
+  subpackages:
+  - assert