RKE2 Dockerfile

Dockerfile

# syntax=docker/dockerfile:1.3-labs

FROM ubuntu:22.04 AS curl
RUN <<EOF
  export DEBIAN_FRONTEND=noninteractive
  apt-get -y update
  apt-get -y install curl ca-certificates
EOF

FROM curl AS install
ARG TAG=
ARG COMMIT=
ARG PR=
ARG TOKEN=
RUN <<EOF
#!/bin/bash -x
  ln -s /bin/true /usr/bin/systemctl
  mkdir -p /opt/rke2-agent/images
  export GITHUB_TOKEN=${TOKEN}
  export INSTALL_RKE2_COMMIT=${COMMIT}
  export INSTALL_RKE2_PR=${PR}
  export INSTALL_RKE2_VERSION=${TAG/-rke2/+rke2}
  export INSTALL_RKE2_METHOD=tar
  export INSTALL_RKE2_TAR_PREFIX=/opt/rke2
  export INSTALL_RKE2_AGENT_IMAGES_DIR=/opt/rke2-agent/images
  curl -ksL https://get.rke2.io | sh -
EOF

FROM curl
VOLUME /var/lib/rancher/rke2
VOLUME /var/lib/kubelet
VOLUME /var/lib/cni
VOLUME /var/log

# use rke2 bundled binaries
ENV PATH=/var/lib/rancher/rke2/bin:$PATH
# for kubectl
ENV KUBECONFIG=/etc/rancher/rke2/rke2.yaml
# for crictl
ENV CONTAINER_RUNTIME_ENDPOINT="unix:///run/k3s/containerd/containerd.sock"

RUN <<EOF
  mkdir -p /run/containerd
  ln -s /run/k3s/containerd/containerd.sock /run/containerd/containerd.sock
  
  # for go dns bug
  mkdir -p /etc
  echo 'hosts: files dns' > /etc/nsswitch.conf
  
  # for conformance testing
  chmod 1777 /tmp
  
  # for cis profiles
  useradd -r -c "etcd user" -s /sbin/nologin -M etcd -U

  set -x
  export DEBIAN_FRONTEND=noninteractive
  apt-get -y install \
    bash-completion \
    iproute2 \
    net-tools \
    conntrack \
    ebtables \
    ethtool \
    iptables \
    jq \
    less \
    socat \
    vim
EOF

ENTRYPOINT ["/usr/local/bin/rke2"]
CMD ["server"]

COPY --from=install /opt/rke2 /usr/local
COPY --from=install /opt/rke2-agent /var/lib/rancher/rke2/agent