Skip to content

Instantly share code, notes, and snippets.

@afbjorklund

afbjorklund/Dockerfile

Created July 8, 2025 16:23
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save afbjorklund/2038797de772133de3c6c46dd3784779 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save afbjorklund/2038797de772133de3c6c46dd3784779 to your computer and use it in GitHub Desktop.
Download ZIP
apple container with kubernetes
Raw
Dockerfile
FROM debian:testing AS build
# log_proxy
RUN apt-get update
RUN apt-get install -y --no-install-recommends build-essential
RUN apt-get install -y pkg-config libglib2.0-dev
RUN apt-get install -y wget openssl ca-certificates
RUN wget --content-disposition https://github.com/metwork-framework/log_proxy/archive/refs/tags/v0.7.4.tar.gz \
&& tar xzf log_proxy-0.7.4.tar.gz && cd log_proxy-0.7.4 && make install STATIC=yes
FROM debian:testing
# openrc (init)
RUN apt-get update && apt-get install -y --no-install-recommends openrc && rm -rf /var/lib/apt/lists/*
RUN rm -f /etc/init.d/cgroups /etc/init.d/hwclock.sh
RUN echo 'rc_need="!sysfs !cgroups !net !localmount !mountkernfs"' >>/etc/rc.conf
ENTRYPOINT ["/sbin/openrc-init"]
# containerd runc
RUN apt-get update && apt-get install -y --no-install-recommends containerd runc && rm -rf /var/lib/apt/lists/*
ADD https://raw.githubusercontent.com/alpinelinux/aports/refs/heads/master/community/containerd/containerd.initd /etc/init.d/containerd
ADD https://raw.githubusercontent.com/alpinelinux/aports/refs/heads/master/community/containerd/containerd.confd /etc/conf.d/containerd
RUN chmod +x /etc/init.d/containerd && rc-update add containerd
COPY --from=build /usr/local/bin/log_proxy /usr/local/bin/log_proxy
RUN apt-get update && apt-get install -y --no-install-recommends containernetworking-plugins && rm -rf /var/lib/apt/lists/*
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy
RUN apt-get update && apt-get install -y wget openssl ca-certificates && rm -rf /var/lib/apt/lists/*
# buildkit nerdctl
RUN wget -nv https://github.com/moby/buildkit/releases/download/v0.17.3/buildkit-v0.17.3.linux-arm64.tar.gz \
&& tar Cxzvvf /usr buildkit-v0.17.3.linux-arm64.tar.gz && rm buildkit-v0.17.3.linux-arm64.tar.gz
ADD https://raw.githubusercontent.com/alpinelinux/aports/refs/heads/master/community/buildkit/buildkitd.initd /etc/init.d/buildkitd
ADD https://raw.githubusercontent.com/alpinelinux/aports/refs/heads/master/community/buildkit/buildkitd.confd /etc/conf.d/buildkitd
RUN sed -e 's/#\(supervisor=supervise-daemon\)/\1/' -i /etc/conf.d/buildkitd
RUN chmod +x /etc/init.d/buildkitd && rc-update add buildkitd
RUN wget -nv https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-1.7.6-linux-arm64.tar.gz \
&& tar Cxzvvf /usr/local/bin nerdctl-1.7.6-linux-arm64.tar.gz && rm nerdctl-1.7.6-linux-arm64.tar.gz
RUN apt-get update && apt-get install -y vim-tiny procps psmisc && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y apt-transport-https ca-certificates curl gnupg
RUN VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt | sed -e 's/v//' | cut -d'.' -f1-2); \
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v$VERSION/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list; \
curl -fsSL https://pkgs.k8s.io/core:/stable:/v$VERSION/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg; \
apt-get update && apt-get install -y cri-tools kubernetes-cni kubelet kubeadm kubectl && apt-mark hold kubelet kubeadm kubectl
RUN mkdir -p /etc/containerd && containerd config dump > /etc/containerd/config.toml; sed -e 's/pause:3.8/pause:3.10/' -i /etc/containerd/config.toml
RUN echo "runtime-endpoint: unix:///run/containerd/containerd.sock" >/etc/crictl.yaml
RUN mkdir -p /etc/cni/net.d && cat >/etc/cni/net.d/10-containerd-net.conflist <<EOF
{
"cniVersion": "1.0.0",
"name": "containerd-net",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"promiscMode": true,
"ipam": {
"type": "host-local",
"ranges": [
[{
"subnet": "10.88.0.0/16"
}]
],
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "::/0" }
]
}
},
{
"type": "portmap",
"capabilities": {"portMappings": true}
}
]
}
EOF
RUN mkdir -p /etc/sysctl.d && echo "net.ipv4.ip_forward = 1" | tee /etc/sysctl.d/k8s.conf
RUN ( echo "net.ipv6.conf.all.disable_ipv6=1"; echo "net.ipv6.conf.default.disable_ipv6=1" ) | tee /etc/sysctl.d/cz.conf
ADD https://raw.githubusercontent.com/alpinelinux/aports/refs/heads/master/community/kubernetes/kubelet.initd /etc/init.d/kubelet
ADD https://raw.githubusercontent.com/alpinelinux/aports/refs/heads/master/community/kubernetes/kubelet.confd /etc/conf.d/kubelet
RUN chmod +x /etc/init.d/kubelet && rc-update add kubelet default
RUN mkdir -p /var/log/kubelet
@afbjorklund
Copy link
Copy Markdown
Author

afbjorklund commented Jul 8, 2025

This container image builds on the previous one with containerd, and also adds the kubernetes installer...

You need to set the localhost and hostname in /etc/hosts, but after that it should only be to run kubeadm.

build container image with buildkit
container build -t debian-kubeadm .

start container VM in the background
container=$(container run -d -c 2 -m 2G debian-kubeadm)

open a shell in the running container
container exec -it $container bash

# echo "127.0.0.1 localhost" >/etc/hosts
# echo "$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) $(hostname)" >>/etc/hosts

# kubeadm config images pull
# kubeadm init

If you want to use more than one node, you need macOS 26 and you need to install and configure a CNI plugin...

To run applications with only one node, use: kubectl taint nodes --all node-role.kubernetes.io/control-plane-

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment