From b77780ebf7cf1e54ced7791c1096a00ebd5c2279 Mon Sep 17 00:00:00 2001 From: Aleksey Karpov <86011874+alekseyolg@users.noreply.github.com> Date: Wed, 12 Apr 2023 12:04:32 +0300 Subject: [PATCH] Adding checksum verification kubectl (#9971) --- pipeline.Dockerfile | 54 ++++++++++++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 20 deletions(-) diff --git a/pipeline.Dockerfile b/pipeline.Dockerfile index fb66b8112..129a19289 100644 --- a/pipeline.Dockerfile +++ b/pipeline.Dockerfile @@ -1,43 +1,57 @@ # Use imutable image tags rather than mutable tags (like ubuntu:20.04) FROM ubuntu:focal-20220531 - -ARG ARCH=amd64 - # Some tools like yamllint need this # Pip needs this as well at the moment to install ansible # (and potentially other packages) # See: https://github.com/pypa/pip/issues/10219 ENV VAGRANT_VERSION=2.3.4 \ VAGRANT_DEFAULT_PROVIDER=libvirt \ - VAGRANT_ANSIBLE_TAGS=facts \ + VAGRANT_ANSIBLE_TAGS=facts \ LANG=C.UTF-8 \ - DEBIAN_FRONTEND=noninteractive - -RUN apt update && apt install -y \ - libssl-dev python3-dev python3-pip sshpass apt-transport-https jq moreutils libvirt-dev openssh-client rsync git \ - ca-certificates curl gnupg2 software-properties-common unzip \ + DEBIAN_FRONTEND=noninteractive \ + PYTHONDONTWRITEBYTECODE=1 + +RUN apt update -q \ + && apt install -yq \ + libssl-dev \ + python3-dev \ + python3-pip \ + sshpass \ + apt-transport-https \ + jq \ + moreutils \ + libvirt-dev \ + openssh-client \ + rsync \ + git \ + ca-certificates \ + curl \ + gnupg2 \ + software-properties-common \ + unzip \ && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \ - && add-apt-repository "deb [arch=$ARCH] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \ - && apt update && apt install --no-install-recommends -y docker-ce \ - && apt autoremove -yqq --purge && apt clean && rm -rf /var/lib/apt/lists/* + && add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \ + && apt update -q \ + && apt install --no-install-recommends -yq docker-ce \ + && apt autoremove -yqq --purge && apt clean && rm -rf /var/lib/apt/lists/* /var/log/* WORKDIR /kubespray - COPY . . RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \ - && pip install --no-cache-dir pip -U \ - && pip install --no-cache-dir -r tests/requirements.txt -r requirements.txt \ + && pip install --no-compile --no-cache-dir pip -U \ + && pip install --no-compile --no-cache-dir -r tests/requirements.txt -r requirements.txt \ && KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \ - && curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$ARCH/kubectl -o /usr/local/bin/kubectl\ + && curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \ + && echo $(curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \ && chmod a+x /usr/local/bin/kubectl \ # Install Vagrant - && curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_amd64.deb \ - && dpkg -i vagrant_${VAGRANT_VERSION}-1_amd64.deb \ - && rm vagrant_${VAGRANT_VERSION}-1_amd64.deb \ + && curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \ + && dpkg -i vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \ + && rm vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \ && vagrant plugin install vagrant-libvirt \ # Install Kubernetes collections - && pip install --no-cache-dir kubernetes \ + && pip install --no-compile --no-cache-dir kubernetes \ && ansible-galaxy collection install kubernetes.core \ # Clean cache python && find / -type d -name '*__pycache__' -prune -exec rm -rf {} \;