Complete the fork of kindbase by copy/paste

Base kicbase directly on ubuntu, without kindbase

Move all the files that are still copied and used

Avoid installing software only to be deleted later

The entrypoint had already been forked since earlier

Makefile

@@ -20,7 +20,6 @@ RAW_VERSION=$(VERSION_MAJOR).$(VERSION_MINOR).$(VERSION_BUILD)
 VERSION ?= v$(RAW_VERSION)
 
 KUBERNETES_VERSION ?= $(shell egrep "DefaultKubernetesVersion =" pkg/minikube/constants/constants.go | cut -d \" -f2)
-KIND_VERSION ?= v20200430-2c0eee40
 KIC_VERSION ?= $(shell egrep "Version =" pkg/drivers/kic/types.go | cut -d \" -f2)
 
 # Default to .0 for higher cache hit rates, as build increments typically don't require new ISO versions
@@ -48,7 +47,6 @@ BUILD_IMAGE 	?= us.gcr.io/k8s-artifacts-prod/build-image/kube-cross:v$(GO_VERSIO
 ISO_BUILD_IMAGE ?= $(REGISTRY)/buildroot-image
 KVM_BUILD_IMAGE ?= $(REGISTRY)/kvm-build-image:$(GO_VERSION)
 
-KIND_BASE_IMAGE_GCR ?= $(REGISTRY)/kindbase:$(KIND_VERSION)
 KIC_BASE_IMAGE_GCR ?= $(REGISTRY)/kicbase:$(KIC_VERSION)
 KIC_BASE_IMAGE_GH ?= $(REGISTRY_GH)/kicbase:$(KIC_VERSION)
 KIC_BASE_IMAGE_HUB ?= kicbase/stable:$(KIC_VERSION)
@@ -578,15 +576,8 @@ endif
 storage-provisioner-image: out/storage-provisioner-$(GOARCH) ## Build storage-provisioner docker image
 	docker build -t $(STORAGE_PROVISIONER_IMAGE) -f deploy/storage-provisioner/Dockerfile  --build-arg arch=$(GOARCH) .
 
-.PHONY: kind-base-image
-kind-base-image: ## builds the base image used for kind.
-	docker rmi -f $(KIND_BASE_IMAGE_GCR)-snapshot || true
-	docker build -f ./deploy/kindbase/Dockerfile -t local/kindbase:$(KIND_VERSION)-snapshot ./deploy/kindbase
-	docker tag local/kindbase:$(KIND_VERSION)-snapshot $(KIND_BASE_IMAGE_GCR)-snapshot
-	docker tag local/kindbase:$(KIND_VERSION)-snapshot $(KIND_BASE_IMAGE_GCR)
-
 .PHONY: kic-base-image
-kic-base-image: kind-base-image ## builds the base image used for kic.
+kic-base-image: ## builds the base image used for kic.
 	docker rmi -f $(KIC_BASE_IMAGE_GCR)-snapshot || true
 	docker build -f ./deploy/kicbase/Dockerfile -t local/kicbase:$(KIC_VERSION)-snapshot  --build-arg COMMIT_SHA=${VERSION}-$(COMMIT) --cache-from $(KIC_BASE_IMAGE_GCR) --target base ./deploy/kicbase
 	docker tag local/kicbase:$(KIC_VERSION)-snapshot $(KIC_BASE_IMAGE_GCR)-snapshot

deploy/kicbase/Dockerfile

@@ -1,25 +1,92 @@
+# Copyright 2018 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# kind node base image
+#
+# For systemd + docker configuration used below, see the following references:
+# https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
+
+# start from ubuntu 20.04, this image is reasonably small as a starting point
+# for a kubernetes node image, it doesn't contain much we don't need
+FROM ubuntu:focal-20200423
+
+# copy in static files (configs, scripts)
+COPY 10-network-security.conf /etc/sysctl.d/10-network-security.conf
+COPY clean-install /usr/local/bin/clean-install
+COPY entrypoint /usr/local/bin/entrypoint
+
+# Install dependencies, first from apt, then from release tarballs.
+# NOTE: we use one RUN to minimize layers.
+#
+# First we must ensure that our util scripts are executable.
+#
+# The base image already has: ssh, apt, snapd, but we need to install more packages.
+# Packages installed are broken down into (each on a line):
+# - packages needed to run services (systemd)
+# - packages needed for kubernetes components
+# - packages needed by the container runtime
+# - misc packages kind uses itself
+# After installing packages we cleanup by:
+# - removing unwanted systemd services
+# - disabling kmsg in journald (these log entries would be confusing)
+#
+# Next we ensure the /etc/kubernetes/manifests directory exists. Normally
+# a kubeadm debain / rpm package would ensure that this exists but we install
+# freshly built binaries directly when we build the node image.
+#
+# Finally we adjust tempfiles cleanup to be 1 minute after "boot" instead of 15m
+# This is plenty after we've done initial setup for a node, but before we are
+# likely to try to export logs etc.
+RUN echo "Ensuring scripts are executable ..." \
+    && chmod +x /usr/local/bin/clean-install /usr/local/bin/entrypoint \
+ && echo "Installing Packages ..." \
+    && DEBIAN_FRONTEND=noninteractive clean-install \
+      systemd \
+      conntrack iptables iproute2 ethtool socat util-linux mount ebtables udev kmod \
+      libseccomp2 \
+      bash ca-certificates curl rsync \
+    && find /lib/systemd/system/sysinit.target.wants/ -name "systemd-tmpfiles-setup.service" -delete \
+    && rm -f /lib/systemd/system/multi-user.target.wants/* \
+    && rm -f /etc/systemd/system/*.wants/* \
+    && rm -f /lib/systemd/system/local-fs.target.wants/* \
+    && rm -f /lib/systemd/system/sockets.target.wants/*udev* \
+    && rm -f /lib/systemd/system/sockets.target.wants/*initctl* \
+    && rm -f /lib/systemd/system/basic.target.wants/* \
+    && echo "ReadKMsg=no" >> /etc/systemd/journald.conf \
+    && ln -s "$(which systemd)" /sbin/init \
+ && echo "Ensuring /etc/kubernetes/manifests" \
+    && mkdir -p /etc/kubernetes/manifests \
+ && echo "Adjusting systemd-tmpfiles timer" \
+    && sed -i /usr/lib/systemd/system/systemd-tmpfiles-clean.timer -e 's#OnBootSec=.*#OnBootSec=1min#' \
+ && echo "Modifying /etc/nsswitch.conf to prefer hosts" \
+    && sed -i /etc/nsswitch.conf -re 's#^(hosts:\s*).*#\1dns files#'
+
+# tell systemd that it is in docker (it will check for the container env)
+# https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
+ENV container docker
+# systemd exits on SIGRTMIN+3, not SIGTERM (which re-executes it)
+# https://bugzilla.redhat.com/show_bug.cgi?id=1201657
+STOPSIGNAL SIGRTMIN+3
+# NOTE: this is *only* for documentation, the entrypoint is overridden later
+ENTRYPOINT [ "/usr/local/bin/entrypoint", "/sbin/init" ]
+
 ARG COMMIT_SHA
-# using base image created by kind https://github.com/kubernetes-sigs/kind/blob/v0.8.1/images/base/Dockerfile
+# using base image created by kind https://github.com/kubernetes-sigs/kind/blob/2c0eee40/images/base/Dockerfile
 # which is an ubuntu 20.04 with an entry-point that helps running systemd
 # could be changed to any debian that can run systemd
-FROM gcr.io/k8s-minikube/kindbase:v20200430-2c0eee40 as base
 USER root
 
-# remove files that were installed by kind, replaced by packages
-RUN rm \
-    /etc/crictl.yaml \
-    /etc/systemd/system/multi-user.target.wants/containerd.service \
-    /opt/cni/bin/host-local \
-    /opt/cni/bin/loopback \
-    /opt/cni/bin/portmap \
-    /opt/cni/bin/ptp \
-    /usr/local/bin/containerd \
-    /usr/local/bin/containerd-shim \
-    /usr/local/bin/containerd-shim-runc-v2 \
-    /usr/local/bin/crictl \
-    /usr/local/bin/ctr \
-    /usr/local/sbin/runc
-
 # install system requirements from the regular distro repositories
 RUN clean-install \
     lz4 \
@@ -53,7 +120,6 @@ RUN sh -c "echo 'deb https://dl.bintray.com/afbjorklund/podman focal main' > /et
 
 RUN mkdir -p /usr/lib/cri-o-runc/sbin && cp /usr/sbin/runc /usr/lib/cri-o-runc/sbin/runc
 
-COPY entrypoint /usr/local/bin/entrypoint
 # automount service
 COPY automount/minikube-automount /usr/sbin/minikube-automount
 COPY automount/minikube-automount.service /usr/lib/systemd/system/minikube-automount.service