From 17639bf0948aa0d9eddcec3fd13580bb6fc0be4d Mon Sep 17 00:00:00 2001
From: Ivan Shvedunov <ishvedunov@mirantis.com>
Date: Wed, 5 Oct 2016 20:20:31 +0300
Subject: [PATCH] Optimize docker images.

Make it possible to pre-pull base dind image using DIND_PREPULL_BASE.
Don't build socat from source because Ubuntu 16.04 has socat that's
fresh enough.
---
 dind-up-cluster.sh     |  2 +-
 image/Dockerfile       | 35 +----------------------------
 image/base/Dockerfile  | 50 ++++++++++++++++++++++++++++++++++++++++++
 image/build.sh         | 24 +++++++++++++-------
 image/socat/Dockerfile | 29 ------------------------
 5 files changed, 68 insertions(+), 72 deletions(-)
 create mode 100644 image/base/Dockerfile
 delete mode 100644 image/socat/Dockerfile

diff --git a/dind-up-cluster.sh b/dind-up-cluster.sh
index b641bb2..89a4c90 100755
--- a/dind-up-cluster.sh
+++ b/dind-up-cluster.sh
@@ -289,4 +289,4 @@ if [ $(basename "$0") = dind-up-cluster.sh ]; then
 elif [ $(basename "$0") = dind-down-cluster.sh ]; then
   source "${DIND_ROOT}/config.sh"
   dind::kube-down
-fi
\ No newline at end of file
+fi
diff --git a/image/Dockerfile b/image/Dockerfile
index 5583f75..e940ee1 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -12,39 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM ubuntu:16.04
-
-RUN apt-get update -qq && \
-    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qqy \
-        apt-transport-https \
-        ca-certificates \
-        wget \
-        curl \
-        lxc \
-        iptables \
-        ipcalc \
-        ethtool \
-        dmsetup \
-        iproute2 \
-        net-tools \
-        iputils-ping \
-        tcpdump \
-        && \
-    apt-get clean
-
-# Install specific Docker version
-ENV DOCKER_VERSION 1.11.2-0~xenial
-#ENV DOCKER_VERSION 1.12.1-0~xenial
-RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D && \
-    mkdir -p /etc/apt/sources.list.d && \
-    echo deb https://apt.dockerproject.org/repo ubuntu-xenial main > /etc/apt/sources.list.d/docker.list && \
-    apt-get update -qq && \
-    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qqy \
-        docker-engine=${DOCKER_VERSION} \
-        && \
-    apt-get clean
-
-RUN curl -o- https://raw.githubusercontent.com/karlkfi/resolveip/v1.0.2/install.sh | bash
+FROM kubernetes-dind-base:v1
 
 COPY ./bin/* /usr/local/bin/
-RUN mkdir -p /var/lib/kubelet/manifests
diff --git a/image/base/Dockerfile b/image/base/Dockerfile
new file mode 100644
index 0000000..a363fb8
--- /dev/null
+++ b/image/base/Dockerfile
@@ -0,0 +1,50 @@
+# Copyright 2016 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM ubuntu:16.04
+
+RUN apt-get update -qq && \
+    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qqy \
+        apt-transport-https \
+        ca-certificates \
+        wget \
+        curl \
+        lxc \
+        iptables \
+        ipcalc \
+        ethtool \
+        dmsetup \
+        iproute2 \
+        net-tools \
+        iputils-ping \
+        tcpdump \
+        socat \
+        && \
+    apt-get clean
+
+# Install specific Docker version
+ENV DOCKER_VERSION 1.11.2-0~xenial
+#ENV DOCKER_VERSION 1.12.1-0~xenial
+RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D && \
+    mkdir -p /etc/apt/sources.list.d && \
+    echo deb https://apt.dockerproject.org/repo ubuntu-xenial main > /etc/apt/sources.list.d/docker.list && \
+    apt-get update -qq && \
+    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qqy \
+        docker-engine=${DOCKER_VERSION} \
+        && \
+    apt-get clean
+
+RUN curl -o- https://raw.githubusercontent.com/karlkfi/resolveip/v1.0.2/install.sh | bash
+
+RUN mkdir -p /var/lib/kubelet/manifests
diff --git a/image/build.sh b/image/build.sh
index ac7d972..4911d2d 100755
--- a/image/build.sh
+++ b/image/build.sh
@@ -39,6 +39,20 @@ find-binary() {
   echo -n "${bin}"
 }
 
+pull-or-build() {
+    local image="$1"
+    local dir="$2"
+    local prepull="$3"
+    if docker images "${image}" | grep -q "${image/:*/}"; then
+        return 0
+    elif [ -n "${prepull}" ]; then
+        docker pull "${prepull}"
+        docker tag "${prepull}" "${image}"
+    else
+        docker build -t "${image}" "${dir}"
+    fi
+}
+
 hyperkube_path=$(find-binary hyperkube linux/amd64)
 if [ -z "$hyperkube_path" ]; then
   echo "Failed to find hyperkube binary for linux/amd64" 1>&2
@@ -46,18 +60,13 @@ if [ -z "$hyperkube_path" ]; then
 fi
 kube_bin_path=$(dirname ${hyperkube_path})
 
-# possibly build socat container
-SOCAT_IMG=kubernetes-socat:v1
-if ! docker images ${SOCAT_IMG} | grep -q ${SOCAT_IMG}; then
-  docker build -t ${SOCAT_IMG} "${script_dir}/socat"
-fi
+pull-or-build kubernetes-dind-base:v1 "${script_dir}/base" "${DIND_PREPULL_BASE:-}"
 
-# download nsenter and socat
+# download nsenter
 overlay_dir=${DOCKER_IN_DOCKER_OVERLAY_DIR:-${script_dir}/overlay}
 mkdir -p "${overlay_dir}"
 ! which selinuxenabled &>/dev/null || ! selinuxenabled 2>&1 || sudo chcon -Rt svirt_sandbox_file_t -l s0 "${overlay_dir}"
 docker run --rm -v "${overlay_dir}:/target" jpetazzo/nsenter
-docker run --rm -v "${overlay_dir}:/target" ${SOCAT_IMG}
 
 # create temp workspace to place compiled binaries with image-specific scripts
 # create temp workspace dir in KUBE_ROOT to avoid permission issues of TMPDIR on mac os x
@@ -79,7 +88,6 @@ mkdir -p "${workspace}/bin"
 cp -a "${script_dir}/wrapdocker"* "${workspace}/bin/"
 cp -a "${kube_bin_path}/hyperkube" "${workspace}/bin/"
 cp -a "${overlay_dir}/nsenter" "${workspace}/bin"
-cp -a "${overlay_dir}/socat" "${workspace}/bin"
 
 # docker
 cp "${script_dir}/Dockerfile" "${workspace}/"
diff --git a/image/socat/Dockerfile b/image/socat/Dockerfile
deleted file mode 100644
index 53aa361..0000000
--- a/image/socat/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-# Copyright 2016 The Kubernetes Authors All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM ubuntu:14.04.3
-
-RUN apt-get update -qq && \
-    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qqy \
-        build-essential curl \
-        && \
-    apt-get clean
-
-RUN mkdir -p /src
-WORKDIR /src
-RUN curl -f -osocat-1.7.2.4.tar.bz2 http://www.dest-unreach.org/socat/download/socat-1.7.2.4.tar.bz2
-RUN tar -xjvf socat-1.7.2.4.tar.bz2 && cd socat-1.7.2.4 && ./configure --disable-openssl && LDFLAGS=-static make
-
-VOLUME ["/target"]
-CMD ["cp", "/src/socat-1.7.2.4/socat", "/target"]