From dcb453c7a8119a1781b579bf7b1ca39fc141a730 Mon Sep 17 00:00:00 2001
From: Rodny Molina <rodny.molina@docker.com>
Date: Mon, 3 Nov 2025 03:27:44 +0000
Subject: [PATCH] Create new k8s-node image with a recent k8s release

Signed-off-by: Rodny Molina <rodny.molina@docker.com>
---
 k8s-node-test/Dockerfile   |  4 +-
 k8s-node/1.32/Dockerfile   | 85 ++++++++++++++++++++++++++++++++++++++
 k8s-node/1.32/daemon.json  |  3 ++
 k8s-node/1.32/kube-pull.sh | 39 +++++++++++++++++
 4 files changed, 129 insertions(+), 2 deletions(-)
 create mode 100644 k8s-node/1.32/Dockerfile
 create mode 100644 k8s-node/1.32/daemon.json
 create mode 100644 k8s-node/1.32/kube-pull.sh

diff --git a/k8s-node-test/Dockerfile b/k8s-node-test/Dockerfile
index 19d13f1..74c9532 100644
--- a/k8s-node-test/Dockerfile
+++ b/k8s-node-test/Dockerfile
@@ -17,9 +17,9 @@
 # $ docker buildx build --platform linux/amd64,linux/arm64 -t ghcr.io/nestybox/k8s-node-test:v1.20.2 --push .
 #
 
-FROM ghcr.io/nestybox/k8s-node:v1.21.12
+FROM ghcr.io/nestybox/k8s-node:v1.32.9
 
-ARG k8s_version=v1.21.12
+ARG k8s_version=v1.32.9
 
 # Debug/Testing utilities
 RUN apt-get update && apt-get install --no-install-recommends -y \
diff --git a/k8s-node/1.32/Dockerfile b/k8s-node/1.32/Dockerfile
new file mode 100644
index 0000000..3247f74
--- /dev/null
+++ b/k8s-node/1.32/Dockerfile
@@ -0,0 +1,85 @@
+# Sample Kubernetes (K8s) node system container image.
+#
+# Containers deployed with this image acts as K8s nodes.
+#
+# The image creates a container that includes systemd, kubeadm, docker, and all
+# k8s control plane pod images (apiserver, kubeproxy, etc.).
+#
+# You must deploy the container with the Sysbox container runtime (see below).
+#
+# NOTE: BUILDING THIS IMAGE REQUIRES CONFIGURING SYSBOX-RUNC AS DOCKER'S DEFAULT
+#       RUNTIME DURING THE BUILD.
+#
+# $ sudo more /etc/docker/daemon.json
+#{
+#    "default-runtime": "sysbox-runc",
+#    "runtimes": {
+#        "sysbox-runc": {
+#            "path": "/usr/bin/sysbox-runc"
+#        }
+#    }
+#}
+#
+# $ sudo systemctl restart docker
+# $ docker build -t nestybox/k8s-node:<k8s_version> .
+#
+# E.g.,
+#
+# $ docker build -t nestybox/k8s-node:v1.21.12 .
+#
+# Once the build completes, you can revert the default runtime config if you wish.
+#
+# Deploy k8s-node containers with:
+#
+# $ docker run --runtime=sysbox-runc --rm -d --name k8s-master nestybox/k8s-node:v1.21.12
+# $ docker run --runtime=sysbox-runc --rm -d --name k8s-worker-0 nestybox/k8s-node:v1.21.12
+# $ docker run --runtime=sysbox-runc --rm -d --name k8s-worker-1 nestybox/k8s-node:v1.21.12
+# ...
+#
+# Then run 'kubeadm init' in them just as you would on a physical host or VM.
+
+FROM ghcr.io/nestybox/ubuntu-jammy-systemd-docker:latest
+
+ARG k8s_version=v1.32.9
+
+# Requirements for subsequent steps.
+RUN apt-get update && apt-get install --no-install-recommends -y software-properties-common \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Kubeadm, Kubelet, and Kubectl.
+#
+# Using the new Kubernetes package repository (pkgs.k8s.io) which replaced the deprecated
+# apt.kubernetes.io repository. The new repository uses a versioned approach.
+# For K8s 1.32, we use the v1.32 repository.
+RUN mkdir -p /etc/apt/keyrings \
+    && curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg \
+    && echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list \
+    && apt-get update && apt-get install --no-install-recommends -y \
+    kubeadm="${k8s_version#v}"-1.1 \
+    kubelet="${k8s_version#v}"-1.1 \
+    kubectl="${k8s_version#v}"-1.1 \
+    && rm -rf /var/lib/apt/lists/*
+
+# Configure containerd for Kubernetes (containerd is already installed with Docker)
+# K8s 1.24+ requires CRI runtime; containerd needs proper config for systemd cgroups
+RUN mkdir -p /etc/containerd \
+    && containerd config default > /etc/containerd/config.toml \
+    && sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml \
+    && systemctl enable containerd
+
+# Preload k8s control plane container images into the sys container image.
+COPY kube-pull.sh /usr/bin/
+RUN chmod +x /usr/bin/kube-pull.sh && kube-pull.sh $k8s_version && rm /usr/bin/kube-pull.sh
+
+# Docker daemon config.
+COPY daemon.json /etc/docker/
+
+# bash completion
+RUN apt-get update                                                             \
+    && mkdir -p /etc/bash_completion.d                                         \
+    && apt-get install bash-completion                                         \
+    && rm -rf /var/lib/apt/lists/*                                             \
+    && echo "source /etc/profile.d/bash_completion.sh" >> /root/.bashrc        \
+    && echo "source <(kubectl completion bash)" >> /root/.bashrc               \
+    && echo "source /etc/profile.d/bash_completion.sh" >> /home/admin/.bashrc  \
+    && echo "source <(kubectl completion bash)" >> /home/admin/.bashrc
diff --git a/k8s-node/1.32/daemon.json b/k8s-node/1.32/daemon.json
new file mode 100644
index 0000000..f90c1b1
--- /dev/null
+++ b/k8s-node/1.32/daemon.json
@@ -0,0 +1,3 @@
+{
+  "exec-opts": ["native.cgroupdriver=systemd"]
+}
diff --git a/k8s-node/1.32/kube-pull.sh b/k8s-node/1.32/kube-pull.sh
new file mode 100644
index 0000000..c379dd1
--- /dev/null
+++ b/k8s-node/1.32/kube-pull.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+#
+# Runs inside the K8s node system container; requests kubeadm to pull K8s
+# control-plane components.
+#
+
+usage() {
+  echo "\nUsage: $0 <k8s-version>\n"
+  echo "E.g., $0 v1.18.2"
+}
+
+if [ "$#" -ne 1 ]; then
+    echo "Invalid number of arguments. Expect 1, got $#".
+    usage
+    exit 1
+fi
+
+k8s_version=$1
+
+# start dockerd
+dockerd > /var/log/dockerd.log 2>&1 &
+dockerd_pid=$!
+sleep 2
+
+# pull inner images
+kubeadm config images pull --kubernetes-version=$k8s_version
+# flannel cni
+docker image pull quay.io/coreos/flannel:v0.12.0-amd64
+# weaveNet cni
+docker image pull docker.io/weaveworks/weave-kube:2.8.1
+docker image pull docker.io/weaveworks/weave-npc:2.8.1
+# calico cni
+docker image pull quay.io/tigera/operator:v1.17.2
+
+# stop dockerd (remove the .pid file as otherwise it may prevent
+# dockerd from launching correctly inside the sys container)
+kill $dockerd_pid
+rm -f /var/run/docker.pid