debian: docker-in-docker: override --mtu

Docker-in-docker pod doesn't work in some k8s environments because it
always assumes MTU=1500, even when k8s container network's MTU is
smaller than that. This causes downloads to fail intermittently in
containers that run within the internal docker.

Solution: allow option to override MTU in docker helm chart & the stx
tool.

Also: remove explicit reference to dockerd entry point script from the
helm chart because its name may change in future docker image versions.

TESTS
=======================================
Make sure "--mtu" is passed or omitted when starting docker daemon
depending on whether STX_CONTAINER_MTU is defined.

Story: 2010055
Task: 45691

Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: Iaee08ee8d568d28fe9e8cdc11f0308aa9ff32d42

import-stx

@@ -53,6 +53,11 @@
 #     SSL certificate validation. Only affects docker running in builder pods.
 #     Requires pod restart when changed.
 #
+#   STX_CONTAINER_MTU
+#     Assume container network's MTU is this value. Currently this will be
+#     passed to docker-in-docker's command line. This must be <= to the k8s
+#     container network's MTU.
+#
 
 notice_warn () {
     local tty_on tty_off

stx/lib/stx/config.py

@@ -81,6 +81,8 @@ class Config:
         else:
             self._insecure_docker_reg_list = []
 
+        self._container_mtu = os.getenv('STX_CONTAINER_MTU')
+
     def load(self):
         """Load stx.conf"""
         self.data = stx_configparser.STXConfigParser(self.config_filename)
@@ -118,6 +120,11 @@ class Config:
         """List of insecure docker registries we are allowed to access"""
         return self._insecure_docker_reg_list
 
+    @property
+    def container_mtu(self):
+        """Container network MTU value"""
+        return self._container_mtu
+
     def _init_kubectl_cmd(self):
         # helm
         self.helm_cmd = 'helm'

stx/lib/stx/stx_control.py

@@ -208,6 +208,9 @@ stx-pkgbuilder/configmap/')
         for reg_index, reg in enumerate(self.config.insecure_docker_reg_list):
             cmd += f' --set stx-docker.insecureRegistries[{reg_index}]={reg}'
 
+        if self.config.container_mtu:
+            cmd += f' --set stx-docker.mtu={self.config.container_mtu}'
+
         self.logger.debug('Execute the helm start command: %s', cmd)
         helm_status = self.k8s.helm_release_exists(self.projectname)
         if helm_status:

stx/stx-build-tools-chart/stx-builder/dependency_chart/stx-docker/templates/deployment.yaml

@@ -37,11 +37,13 @@ spec:
           env:
           - name: DOCKER_TLS_CERTDIR
             value: ""
-          command:
-          - "/usr/local/bin/dockerd-entrypoint.sh"
+          args:
           {{- range .Values.insecureRegistries }}
           - "--insecure-registry={{ . }}"
           {{- end }}
+          {{- if .Values.mtu }}
+          - "--mtu={{ .Values.mtu }}"
+          {{- end }}
           volumeMounts:
           - name: shared-workspace
             mountPath: {{ .Values.volumes.sharedWorkspace.mountPath }}

stx/stx-build-tools-chart/stx-builder/dependency_chart/stx-docker/values.yaml

@@ -32,6 +32,10 @@ dnsConfig:
 insecureRegistries:
 #  - "registry.address:port"
 
+# Pass --mtu to docker daemon
+# mtu: "1410"
+mtu:
+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""