move pkg config from Dockerfile to build.yml

Signed-off-by: Robin Winkelewski <[email protected]>

pkg/acpid/Dockerfile

@@ -17,6 +17,3 @@ COPY --from=mirror /out/ /
 COPY --from=mirror2 /out/etc/acpi /etc/acpi
 
 CMD ["/sbin/acpid", "-f", "-d"]
-
-LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "pid": "host"}'
-

pkg/acpid/build.yml

@@ -1 +1,5 @@
 image: acpid
+config:
+  binds:
+  - /dev:/dev
+  pid: host

pkg/binfmt/Dockerfile

@@ -22,4 +22,3 @@ COPY --from=mirror /go/bin/binfmt usr/bin/binfmt
 COPY --from=mirror /binfmt_misc /binfmt_misc/
 COPY etc/binfmt.d/00_linuxkit.conf etc/binfmt.d/00_linuxkit.conf
 CMD ["/usr/bin/binfmt", "-dir", "/etc/binfmt.d/", "-mount", "/binfmt_misc"]
-LABEL org.mobyproject.config='{"binds": ["/proc/sys/fs/binfmt_misc:/binfmt_misc"], "readonly": true, "net": "new", "ipc": "new"}'

pkg/binfmt/build.yml

@@ -1,3 +1,9 @@
 image: binfmt
 arches:
   - amd64
+config:
+  binds:
+  - /proc/sys/fs/binfmt_misc:/binfmt_misc
+  readonly: true
+  net: new
+  ipc: new

pkg/cadvisor/Dockerfile

@@ -37,4 +37,3 @@ COPY --from=build /usr/bin/cadvisor /usr/bin/cadvisor
 COPY /waitfordocker.sh /usr/bin/waitfordocker.sh
 
 ENTRYPOINT ["/usr/bin/waitfordocker.sh", "/usr/bin/cadvisor", "-logtostderr", "--disable_metrics=disk,tcp,udp"]
-LABEL org.mobyproject.config='{"pid": "host", "binds": ["/var/lib/docker:/var/lib/docker:ro", "/var/run:/var/run", "/sys:/sys:ro", "/etc/resolv.conf:/etc/resolv.conf:ro"], "capabilities": ["all"]}'

pkg/cadvisor/build.yml

@@ -3,3 +3,12 @@ network: true
 arches:
   - amd64
   - arm64
+config:
+  pid: host
+  binds:
+    - /var/lib/docker:/var/lib/docker:ro
+    - /var/run:/var/run
+    - /sys:/sys:ro
+    - /etc/resolv.conf:/etc/resolv.conf:ro
+  capabilities:
+    - all

pkg/dhcpcd/Dockerfile

@@ -16,4 +16,3 @@ WORKDIR /
 COPY --from=mirror /out/ /
 COPY /dhcpcd.conf /usr/ /
 CMD ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf"]
-LABEL org.mobyproject.config='{"binds": ["/run/resolvconf:/etc"], "capabilities": ["CAP_NET_ADMIN", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SYS_ADMIN"]}'

pkg/dhcpcd/build.yml

@@ -1 +1,9 @@
 image: dhcpcd
+config:
+  binds:
+    - /run/resolvconf:/etc
+  capabilities:
+    - CAP_NET_ADMIN
+    - CAP_NET_BIND_SERVICE
+    - CAP_NET_RAW
+    - CAP_SYS_ADMIN

pkg/extend/Dockerfile

@@ -30,4 +30,3 @@ WORKDIR /
 COPY --from=mirror /out/ /
 COPY --from=build /go/bin/extend usr/bin/extend
 CMD ["/usr/bin/extend"]
-LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}'

pkg/extend/build.yml

@@ -1 +1,9 @@
 image: extend
+config:
+  binds:
+    - /dev:/dev
+  capabilities:
+    - CAP_SYS_ADMIN
+    - CAP_MKNOD
+  net: new
+  ipc: new

pkg/format/Dockerfile

@@ -30,4 +30,3 @@ WORKDIR /
 COPY --from=mirror /out/ /
 COPY --from=build /go/bin/format usr/bin/format
 CMD ["/usr/bin/format"]
-LABEL org.mobyproject.config='{"binds": ["/dev:/dev"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}'

pkg/format/build.yml

@@ -1 +1,9 @@
 image: format
+config:
+  binds:
+    - /dev:/dev
+  capabilities:
+    - CAP_SYS_ADMIN
+    - CAP_MKNOD
+  net: new
+  ipc: new

pkg/getty/Dockerfile

@@ -32,4 +32,3 @@ COPY --from=mirror /out/ /
 COPY usr/ /usr/
 COPY etc/ /etc/
 CMD ["/usr/bin/rungetty.sh"]
-LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/var/log:/var/log","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'

pkg/getty/build.yml

@@ -1 +1,17 @@
 image: getty
+config:
+  pid: host
+  net: host
+  binds:
+    - /etc/resolv.conf:/etc/resolv.conf
+    - /run:/run
+    - /tmp:/tmp
+    - /etc:/hostroot/etc
+    - /usr/bin/ctr:/usr/bin/ctr
+    - /usr/bin/runc:/usr/bin/runc
+    - /containers:/containers
+    - /var/log:/var/log
+    - /dev:/dev
+    - /sys:/sys
+  capabilities:
+    - all

pkg/host-timesync-daemon/Dockerfile

@@ -19,4 +19,3 @@ CMD []
 WORKDIR /
 COPY --from=mirror /go/bin/host-timesync-daemon /usr/bin/host-timesync-daemon
 CMD ["/usr/bin/host-timesync-daemon", "-port", "0xf3a4"]
-LABEL org.mobyproject.config='{"binds": [ "/dev/rtc0:/dev/rtc0" ], "capabilities": ["CAP_SYS_TIME"]}'

pkg/host-timesync-daemon/build.yml

@@ -2,3 +2,8 @@ image: host-timesync-daemon
 network: true
 arches:
   - amd64
+config:
+  binds:
+    - /dev/rtc0:/dev/rtc0
+  capabilities:
+    - CAP_SYS_TIME

pkg/ip/Dockerfile

@@ -24,4 +24,3 @@ ENTRYPOINT []
 CMD []
 WORKDIR /
 COPY --from=mirror /out/ /
-LABEL org.mobyproject.config='{"capabilities": ["CAP_NET_ADMIN", "CAP_NET_RAW"]}'

pkg/ip/build.yml

@@ -1,2 +1,6 @@
 image: ip
 network: true
+config:
+  capabilities:
+    - CAP_NET_ADMIN
+    - CAP_NET_RAW

pkg/mkimage/Dockerfile

@@ -20,4 +20,3 @@ WORKDIR /
 COPY --from=mirror /out/ /
 COPY mkimage.sh /usr/bin/
 CMD ["mkimage.sh"]
-LABEL org.mobyproject.config='{"readonly": true, "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "binds": ["/dev:/dev"]}'

pkg/mkimage/build.yml

@@ -1,3 +1,10 @@
 image: mkimage
 arches:
   - amd64
+config:
+  readonly: true
+  capabilities:
+    - CAP_SYS_ADMIN
+    - CAP_MKNOD
+  binds:
+    - /dev:/dev

pkg/modprobe/Dockerfile

@@ -10,4 +10,3 @@ ENTRYPOINT []
 CMD []
 WORKDIR /
 COPY --from=mirror /out/ /
-LABEL org.mobyproject.config='{"binds": ["/lib/modules:/lib/modules", "/sys:/sys"], "capabilities": ["CAP_SYS_MODULE"]}'

pkg/modprobe/build.yml

@@ -1 +1,7 @@
 image: modprobe
+config:
+  binds:
+    - /lib/modules:/lib/modules
+    - /sys:/sys
+  capabilities:
+    - CAP_SYS_MODULE

pkg/mount/Dockerfile

@@ -24,4 +24,3 @@ WORKDIR /
 COPY --from=mirror /out/ /
 COPY --from=build /go/bin/mountie usr/bin/mountie
 CMD ["/usr/bin/mountie"]
-LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var:rshared,rbind", "/:/hostroot"], "capabilities": ["CAP_SYS_ADMIN"], "rootfsPropagation": "shared", "net": "new", "ipc": "new"}'

pkg/mount/build.yml

@@ -1 +1,11 @@
 image: mount
+config:
+  binds:
+    - /dev:/dev
+    - /var:/var:rshared,rbind
+    - /:/hostroot
+  capabilities:
+    - CAP_SYS_ADMIN
+  rootfsPropagation: shared
+  net: new
+  ipc: new

pkg/node_exporter/Dockerfile

@@ -23,5 +23,3 @@ ENTRYPOINT ["/bin/node_exporter", "--path.procfs",  "/host/proc", \
             "--path.sysfs",  "/host/sys", \
             "--collector.filesystem.ignored-mount-points", \
             "^/(sys|proc|dev|host|etc)($|/)"]
-LABEL org.mobyproject.config='{"pid": "host", "binds": ["/proc:/host/proc", "/sys:/host/sys", "/:/rootfs"], "capabilities": ["all"]}'
-

pkg/node_exporter/build.yml

@@ -1,2 +1,10 @@
 image: node_exporter
 network: true
+config:
+  pid: host
+  binds:
+    - /proc:/host/proc
+    - /sys:/host/sys
+    - /:/rootfs
+  capabilities:
+    - all

pkg/open-vm-tools/Dockerfile

@@ -15,5 +15,3 @@ WORKDIR /
 COPY --from=mirror /out/ /
 COPY scripts /etc/vmware-tools/scripts
 CMD ["/usr/bin/vmtoolsd"]
-
-LABEL org.mobyproject.config='{"pid": "host", "capabilities": ["CAP_SYS_BOOT"]}'

pkg/open-vm-tools/build.yml

@@ -1,3 +1,7 @@
 image: open-vm-tools
 arches:
   - amd64
+config:
+  pid: host
+  capabilities:
+    - CAP_SYS_BOOT

pkg/openntpd/Dockerfile

@@ -16,4 +16,3 @@ WORKDIR /
 COPY --from=mirror /out/ /
 COPY etc/ /etc/
 CMD ["/usr/sbin/ntpd", "-d", "-s"]
-LABEL org.mobyproject.config='{"binds": ["/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_SYS_TIME", "CAP_SYS_NICE", "CAP_SYS_CHROOT", "CAP_SETUID", "CAP_SETGID"]}'

pkg/openntpd/build.yml

@@ -1 +1,10 @@
 image: openntpd
+config:
+  binds:
+    - /etc/resolv.conf:/etc/resolv.conf
+  capabilities:
+    - CAP_SYS_TIME
+    - CAP_SYS_NICE
+    - CAP_SYS_CHROOT
+    - CAP_SETUID
+    - CAP_SETGID

pkg/qemu-ga/Dockerfile

@@ -10,4 +10,3 @@ WORKDIR /
 ENTRYPOINT []
 COPY --from=build /out /
 CMD ["/usr/bin/qemu-ga", "-p", "/dev/vport0p1"]
-LABEL org.mobyproject.config='{"net": "host"}'

pkg/qemu-ga/build.yml

@@ -1 +1,3 @@
 image: qemu-ga
+config:
+  net: host

pkg/rngd/Dockerfile

@@ -15,4 +15,3 @@ CMD []
 WORKDIR /
 COPY --from=mirror /go/bin/rngd /sbin/rngd
 CMD ["/sbin/rngd"]
-LABEL org.mobyproject.config='{"capabilities": ["CAP_SYS_ADMIN"], "oomScoreAdj": -800, "readonly": true, "net": "new", "ipc": "new"}'

pkg/rngd/build.yml

@@ -1 +1,8 @@
 image: rngd
+config:
+  capabilities:
+    - CAP_SYS_ADMIN
+  oomScoreAdj: -800
+  readonly: true
+  net: new
+  ipc: new

pkg/sshd/Dockerfile

@@ -22,4 +22,3 @@ COPY etc/ /etc/
 COPY usr/ /usr/
 RUN mkdir -p /etc/ssh /root/.ssh && chmod 0700 /root/.ssh
 CMD ["/sbin/tini", "/usr/bin/ssh.sh"]
-LABEL org.mobyproject.config='{"pid": "host", "binds": ["/root/.ssh:/root/.ssh", "/etc/resolv.conf:/etc/resolv.conf", "/run:/run", "/tmp:/tmp", "/etc:/hostroot/etc", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/containers:/containers","/var/log:/var/log","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'

pkg/sshd/build.yml

@@ -1 +1,17 @@
 image: sshd
+config:
+  pid: host
+  binds:
+    - /root/.ssh:/root/.ssh
+    - /etc/resolv.conf:/etc/resolv.conf
+    - /run:/run
+    - /tmp:/tmp
+    - /etc:/hostroot/etc
+    - /usr/bin/ctr:/usr/bin/ctr
+    - /usr/bin/runc:/usr/bin/runc
+    - /containers:/containers
+    - /var/log:/var/log
+    - /dev:/dev
+    - /sys:/sys
+  capabilities:
+    - all

pkg/swap/Dockerfile

@@ -16,4 +16,3 @@ WORKDIR /
 COPY --from=mirror /out/ /
 COPY /swap.sh .
 ENTRYPOINT ["swap.sh"]
-LABEL org.mobyproject.config='{"binds": ["/dev:/dev", "/var:/var"], "capabilities": ["CAP_SYS_ADMIN", "CAP_MKNOD"], "net": "new", "ipc": "new"}'

pkg/swap/build.yml

@@ -1 +1,10 @@
 image: swap
+config:
+  binds:
+    - /dev:/dev
+    - /var:/var
+  capabilities:
+    - CAP_SYS_ADMIN
+    - CAP_MKNOD
+  net: new
+  ipc: new

pkg/sysfs/Dockerfile

@@ -13,4 +13,3 @@ WORKDIR /
 COPY --from=mirror /go/bin/sysfs /usr/bin/sysfs
 COPY etc/ /etc/
 CMD ["/usr/bin/sysfs"]
-LABEL org.mobyproject.config='{"net": "new", "ipc": "new"}'

pkg/sysfs/build.yml

@@ -1 +1,4 @@
 image: sysfs
+config:
+  net: new
+  ipc: new

pkg/trim-after-delete/Dockerfile

@@ -23,4 +23,3 @@ WORKDIR /
 COPY --from=mirror /out/ /
 COPY --from=mirror /go/bin/trim-after-delete /usr/bin/trim-after-delete
 CMD ["/usr/bin/trim-after-delete", "--", "/sbin/fstrim", "/var/lib/docker"]
-LABEL org.mobyproject.config='{"binds": ["/var/run:/var/run", "/var/lib/docker:/var/lib/docker"], "capabilities": ["CAP_SYS_ADMIN"]}'

pkg/trim-after-delete/build.yml

@@ -1 +1,7 @@
 image: trim-after-delete
+config:
+  binds:
+    - /var/run:/var/run
+    - /var/lib/docker:/var/lib/docker
+  capabilities:
+    - CAP_SYS_ADMIN

pkg/tss/Dockerfile

@@ -61,4 +61,3 @@ RUN busybox chmod 0644 /etc/passwd /etc/group && \
     busybox rm /bin/busybox /bin/sh
 
 CMD ["/sbin/tcsd","-f"]
-LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/dev:/dev"], "capabilities": ["all"]}'

pkg/tss/build.yml

@@ -2,3 +2,10 @@ image: tss
 network: true
 arches:
   - amd64
+config:
+  pid: host
+  net: host
+  binds:
+    - /dev:/dev
+  capabilities:
+    - all