FROM debian:buster-slim

# > cni.go:364] [...] exec: "iptables": executable file not found in $PATH
# > docker_sandbox.go:394] failed to read pod IP from plugin/docker: networkPlugin cni [...]: unexpected command output nsenter: failed to execute ip: No such file or directory
# > portforward.go:400] [...] unable to do port forwarding: socat not found
# https://github.com/kubernetes/kubernetes/blob/v1.17.0/pkg/kubelet/dockershim/docker_streaming_others.go#L42
RUN apt-get update && apt-get install --yes --no-install-recommends \
    ca-certificates \
    curl \
    iproute2 \
    iptables \
    socat `# kubectl port-forward` \
    util-linux `# nsenter`

# k8s.gcr.io/kube-proxy:v1.17.0 uses legacy iptables
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy

# https://github.com/kubernetes/kubernetes/blob/v1.17.0/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go#L88
ARG CNI_PLUGINS_VERSION=v0.8.5
ARG CNI_BIN_DIR=/opt/cni/bin
ARG CNI_PLUGINS="\
    ./bridge \
    ./host-local \
    ./loopback \
    "
RUN mkdir --parents $CNI_BIN_DIR \
    && curl --location https://github.com/containernetworking/plugins/releases/download/$CNI_PLUGINS_VERSION/cni-plugins-linux-amd64-$CNI_PLUGINS_VERSION.tgz \
        | tar --ungzip --extract --verbose --directory=$CNI_BIN_DIR -- $CNI_PLUGINS \
    && ls -l --human-readable --all $CNI_BIN_DIR

ARG KUBERNETES_VERSION=v1.17.0
RUN curl --location https://dl.k8s.io/$KUBERNETES_VERSION/kubernetes-node-linux-amd64.tar.gz \
    | tar --ungzip --extract --verbose --directory=/usr/local/bin --strip-components=3 kubernetes/node/bin/kubelet

#RUN apt-get install --yes --no-install-recommends strace
#ENTRYPOINT ["strace", "-f"]

# --healthz-port
HEALTHCHECK CMD [ "$(curl --silent --show-error http://localhost:10248/healthz)" = "ok" ] || exit 1