From b77780ebf7cf1e54ced7791c1096a00ebd5c2279 Mon Sep 17 00:00:00 2001
From: Aleksey Karpov <86011874+alekseyolg@users.noreply.github.com>
Date: Wed, 12 Apr 2023 12:04:32 +0300
Subject: [PATCH] Adding checksum verification kubectl (#9971)
---
pipeline.Dockerfile | 54 ++++++++++++++++++++++++++++-----------------
1 file changed, 34 insertions(+), 20 deletions(-)
diff --git a/pipeline.Dockerfile b/pipeline.Dockerfile
index fb66b8112..129a19289 100644
--- a/pipeline.Dockerfile
+++ b/pipeline.Dockerfile
@@ -1,43 +1,57 @@
# Use imutable image tags rather than mutable tags (like ubuntu:20.04)
FROM ubuntu:focal-20220531
-
-ARG ARCH=amd64
-
# Some tools like yamllint need this
# Pip needs this as well at the moment to install ansible
# (and potentially other packages)
# See: https://github.com/pypa/pip/issues/10219
ENV VAGRANT_VERSION=2.3.4 \
VAGRANT_DEFAULT_PROVIDER=libvirt \
- VAGRANT_ANSIBLE_TAGS=facts \
+ VAGRANT_ANSIBLE_TAGS=facts \
LANG=C.UTF-8 \
- DEBIAN_FRONTEND=noninteractive
-
-RUN apt update && apt install -y \
- libssl-dev python3-dev python3-pip sshpass apt-transport-https jq moreutils libvirt-dev openssh-client rsync git \
- ca-certificates curl gnupg2 software-properties-common unzip \
+ DEBIAN_FRONTEND=noninteractive \
+ PYTHONDONTWRITEBYTECODE=1
+
+RUN apt update -q \
+ && apt install -yq \
+ libssl-dev \
+ python3-dev \
+ python3-pip \
+ sshpass \
+ apt-transport-https \
+ jq \
+ moreutils \
+ libvirt-dev \
+ openssh-client \
+ rsync \
+ git \
+ ca-certificates \
+ curl \
+ gnupg2 \
+ software-properties-common \
+ unzip \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
- && add-apt-repository "deb [arch=$ARCH] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
- && apt update && apt install --no-install-recommends -y docker-ce \
- && apt autoremove -yqq --purge && apt clean && rm -rf /var/lib/apt/lists/*
+ && add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
+ && apt update -q \
+ && apt install --no-install-recommends -yq docker-ce \
+ && apt autoremove -yqq --purge && apt clean && rm -rf /var/lib/apt/lists/* /var/log/*
WORKDIR /kubespray
-
COPY . .
RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
- && pip install --no-cache-dir pip -U \
- && pip install --no-cache-dir -r tests/requirements.txt -r requirements.txt \
+ && pip install --no-compile --no-cache-dir pip -U \
+ && pip install --no-compile --no-cache-dir -r tests/requirements.txt -r requirements.txt \
&& KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \
- && curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$ARCH/kubectl -o /usr/local/bin/kubectl\
+ && curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
+ && echo $(curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
&& chmod a+x /usr/local/bin/kubectl \
# Install Vagrant
- && curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_amd64.deb \
- && dpkg -i vagrant_${VAGRANT_VERSION}-1_amd64.deb \
- && rm vagrant_${VAGRANT_VERSION}-1_amd64.deb \
+ && curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \
+ && dpkg -i vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \
+ && rm vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \
&& vagrant plugin install vagrant-libvirt \
# Install Kubernetes collections
- && pip install --no-cache-dir kubernetes \
+ && pip install --no-compile --no-cache-dir kubernetes \
&& ansible-galaxy collection install kubernetes.core \
# Clean cache python
&& find / -type d -name '*__pycache__' -prune -exec rm -rf {} \;
--
GitLab