Vendor in lots of kubernetes stuff to shrink image size

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #554
Approved by: mheon

2 files changed, 174 insertions, 0 deletions

diff --git a/vendor/k8s.io/kubernetes/pkg/util/nsenter/nsenter.go b/vendor/k8s.io/kubernetes/pkg/util/nsenter/nsenter.go
new file mode 100644
index 000000000..32fbc0848
--- /dev/null
+++ b/vendor/k8s.io/kubernetes/pkg/util/nsenter/nsenter.go
@@ -0,0 +1,124 @@
+// +build linux
+
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package nsenter
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"k8s.io/utils/exec"
+
+	"github.com/golang/glog"
+)
+
+const (
+	hostRootFsPath = "/rootfs"
+	// hostProcMountNsPath is the default mount namespace for rootfs
+	hostProcMountNsPath = "/rootfs/proc/1/ns/mnt"
+	// nsenterPath is the default nsenter command
+	nsenterPath = "nsenter"
+)
+
+// Nsenter is part of experimental support for running the kubelet
+// in a container.
+//
+// Nsenter requires:
+//
+// 1.  Docker >= 1.6 due to the dependency on the slave propagation mode
+//     of the bind-mount of the kubelet root directory in the container.
+//     Docker 1.5 used a private propagation mode for bind-mounts, so mounts
+//     performed in the host's mount namespace do not propagate out to the
+//     bind-mount in this docker version.
+// 2.  The host's root filesystem must be available at /rootfs
+// 3.  The nsenter binary must be on the Kubelet process' PATH in the container's
+//     filesystem.
+// 4.  The Kubelet process must have CAP_SYS_ADMIN (required by nsenter); at
+//     the present, this effectively means that the kubelet is running in a
+//     privileged container.
+// 5.  The volume path used by the Kubelet must be the same inside and outside
+//     the container and be writable by the container (to initialize volume)
+//     contents. TODO: remove this requirement.
+// 6.  The host image must have "mount", "findmnt", "umount", "stat", "touch",
+//     "mkdir", "ls", "sh" and "chmod" binaries in /bin, /usr/sbin, or /usr/bin
+// 7.  The host image should have systemd-run in /bin, /usr/sbin, or /usr/bin
+// For more information about mount propagation modes, see:
+//   https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
+type Nsenter struct {
+	// a map of commands to their paths on the host filesystem
+	paths map[string]string
+}
+
+// NewNsenter constructs a new instance of Nsenter
+func NewNsenter() *Nsenter {
+	ne := &Nsenter{
+		paths: map[string]string{
+			"mount":       "",
+			"findmnt":     "",
+			"umount":      "",
+			"systemd-run": "",
+			"stat":        "",
+			"touch":       "",
+			"mkdir":       "",
+			"ls":          "",
+			"sh":          "",
+			"chmod":       "",
+		},
+	}
+	// search for the required commands in other locations besides /usr/bin
+	for binary := range ne.paths {
+		// default to root
+		ne.paths[binary] = filepath.Join("/", binary)
+		for _, path := range []string{"/bin", "/usr/sbin", "/usr/bin"} {
+			binPath := filepath.Join(path, binary)
+			if _, err := os.Stat(filepath.Join(hostRootFsPath, binPath)); err != nil {
+				continue
+			}
+			ne.paths[binary] = binPath
+			break
+		}
+		// TODO: error, so that the kubelet can stop if the paths don't exist
+		// (don't forget that systemd-run is optional)
+	}
+	return ne
+}
+
+// Exec executes nsenter commands in hostProcMountNsPath mount namespace
+func (ne *Nsenter) Exec(cmd string, args []string) exec.Cmd {
+	fullArgs := append([]string{fmt.Sprintf("--mount=%s", hostProcMountNsPath), "--"},
+		append([]string{ne.AbsHostPath(cmd)}, args...)...)
+	glog.V(5).Infof("Running nsenter command: %v %v", nsenterPath, fullArgs)
+	exec := exec.New()
+	return exec.Command(nsenterPath, fullArgs...)
+}
+
+// AbsHostPath returns the absolute runnable path for a specified command
+func (ne *Nsenter) AbsHostPath(command string) string {
+	path, ok := ne.paths[command]
+	if !ok {
+		return command
+	}
+	return path
+}
+
+// SupportsSystemd checks whether command systemd-run exists
+func (ne *Nsenter) SupportsSystemd() (string, bool) {
+	systemdRunPath, hasSystemd := ne.paths["systemd-run"]
+	return systemdRunPath, hasSystemd
+}
diff --git a/vendor/k8s.io/kubernetes/pkg/util/nsenter/nsenter_unsupported.go b/vendor/k8s.io/kubernetes/pkg/util/nsenter/nsenter_unsupported.go
new file mode 100644
index 000000000..9c2130cb6
--- /dev/null
+++ b/vendor/k8s.io/kubernetes/pkg/util/nsenter/nsenter_unsupported.go
@@ -0,0 +1,50 @@
+// +build !linux
+
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package nsenter
+
+import (
+	"k8s.io/utils/exec"
+)
+
+// Nsenter is part of experimental support for running the kubelet
+// in a container.
+type Nsenter struct {
+	// a map of commands to their paths on the host filesystem
+	Paths map[string]string
+}
+
+// NewNsenter constructs a new instance of Nsenter
+func NewNsenter() *Nsenter {
+	return &Nsenter{}
+}
+
+// Exec executes nsenter commands in hostProcMountNsPath mount namespace
+func (ne *Nsenter) Exec(cmd string, args []string) exec.Cmd {
+	return nil
+}
+
+// AbsHostPath returns the absolute runnable path for a specified command
+func (ne *Nsenter) AbsHostPath(command string) string {
+	return ""
+}
+
+// SupportsSystemd checks whether command systemd-run exists
+func (ne *Nsenter) SupportsSystemd() (string, bool) {
+	return "", false
+}