Add calico Dockerfile to install felix and typha

.circleci/config.yml

@@ -107,6 +107,9 @@ workflows:
       - build:
           name: bird
           container-image: bird
+      - build:
+          name: calico
+          container-image: calico
       - build:
           name: cert-manager
           container-image: cert-manager

calico/.dockerignore

@@ -0,0 +1 @@
+*

calico/BRANCH

@@ -0,0 +1 @@
+3.7

calico/Dockerfile

@@ -0,0 +1,69 @@
+# calico container
+
+# Stage1: build from source
+FROM quay.io/cybozu/golang:1.12-bionic AS build
+
+ARG CALICO_VERSION=3.7.2
+
+RUN mkdir -p /go/src/github.com/projectcalico && \
+    curl -sSLf https://github.com/projectcalico/node/archive/v${CALICO_VERSION}.tar.gz | \
+      tar zxf - -C /go/src/github.com/projectcalico/ && \
+    mv /go/src/github.com/projectcalico/node-${CALICO_VERSION} /go/src/github.com/projectcalico/node && \
+    curl -sSLf https://github.com/projectcalico/typha/archive/v${CALICO_VERSION}.tar.gz | \
+      tar zxf - -C /go/src/github.com/projectcalico/ && \
+    mv /go/src/github.com/projectcalico/typha-${CALICO_VERSION} /go/src/github.com/projectcalico/typha
+
+RUN mkdir -p /go/bin
+RUN curl https://glide.sh/get | sh
+
+WORKDIR /go/src/github.com/projectcalico/node
+RUN glide install -strip-vendor
+RUN GO111MODULE=on CGO_ENABLED=0 go install -mod=vendor ./cmd/calico-node
+
+WORKDIR /go/src/github.com/projectcalico/typha
+RUN glide install -strip-vendor
+RUN GO111MODULE=on CGO_ENABLED=0 go install -mod=vendor ./cmd/calico-typha
+
+
+# Stage2: setup runtime container
+FROM quay.io/cybozu/ubuntu:18.04
+
+# Install remaining runtime deps required for felix from the global repository
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    iptables \
+    iproute2 \
+    ipset \
+    iputils-arping \
+    iputils-ping \
+    iputils-tracepath \
+    # Need arp
+    net-tools \
+    conntrack \
+    runit \
+    # Need kmod to ensure ip6tables-save works correctly
+    kmod \
+    # Need netbase in order for ipset to work correctly
+    # See https://github.com/kubernetes/kubernetes/issues/68703
+    netbase \
+    # Also needed (provides utilities for browsing procfs like ps)
+    procps \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy in the filesystem - this contains felix, calico-bgp-daemon etc...
+COPY --from=build /go/src/github.com/projectcalico/node/filesystem/ /
+
+# Copy in the calico-node binary
+COPY --from=build /go/bin/calico-node /usr/local/calico/bin/calico-node
+COPY --from=build /go/bin/calico-typha /usr/local/calico/bin/calico-typha
+COPY --from=build /go/src/github.com/projectcalico/node/LICENSE /usr/local/calico/LICENSE
+
+# For typha
+COPY --from=build /go/src/github.com/projectcalico/typha/docker-image/typha.cfg /etc/calico/typha.cfg
+
+# Since our binary isn't designed to run as PID 1, run it via the tini init daemon.
+ENV TINI_VERSION v0.18.0
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static-amd64 /usr/local/calico/bin/tini
+RUN chmod +x /usr/local/calico/bin/tini
+
+ENV PATH=/usr/local/calico/bin:"$PATH"
+USER 10000:10000

calico/README.md

@@ -0,0 +1,28 @@
+[![Docker Repository on Quay](https://quay.io/repository/cybozu/calico/status "Docker Repository on Quay")](https://quay.io/repository/cybozu/calico)
+
+calico container
+================
+
+This directory provides a Dockerfile to build a Docker container that contains
+[calico-node](https://github.com/projectcalico/node) and [calico-typha](https://github.com/projectcalico/typha)
+to enable `NetworkPolicy` on Kubernetes cluster, and it is not originally included [BIRD][] and [confd][] for dynamic IP routing.
+
+Usage
+-----
+
+### Start `calico`
+
+Run the container
+
+```console
+# Run as calico-node
+$ docker run -d --read-only --name=calico \
+    quay.io/cybozu/calico:3.7.2 start_runit
+
+# Run as calico-typha
+$ docker run -d --read-only --name=calico --entrypoint="tini --"\
+    quay.io/cybozu/calico:3.7.2 calico-typha
+```
+
+[BIRD]: https://github.com/projectcalico/bird
+[confd]: https://github.com/projectcalico/confd

calico/TAG

@@ -0,0 +1 @@
+3.7.2.1