From 107cb7f5499c59fff8a456f11c3ee539c6026262 Mon Sep 17 00:00:00 2001 From: Aleksey Karpov <86011874+alekseyolg@users.noreply.github.com> Date: Tue, 11 Apr 2023 12:47:18 +0300 Subject: [PATCH] Adding checksum verification kubectl (#9963) * Adding checksum verification kubectl Added checksum check of binary file, added PYTHONDONTWRITEBYTECODE variable to improve stability of pip after installing packages and deleting cache, added --no-compile switch to pip package installation to improve performance after deleting cache. * Update Dockerfile --- Dockerfile | 43 +++++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 45b89a750..51b0bf8b5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,9 +5,8 @@ FROM ubuntu:focal-20220531 # (and potentially other packages) # See: https://github.com/pypa/pip/issues/10219 ENV LANG=C.UTF-8 \ - DEBIAN_FRONTEND=noninteractive -ARG ARCH=amd64 - + DEBIAN_FRONTEND=noninteractive \ + PYTHONDONTWRITEBYTECODE=1 WORKDIR /kubespray COPY *yml . COPY roles ./roles @@ -16,19 +15,27 @@ COPY inventory ./inventory COPY library ./library COPY extra_playbooks ./extra_playbooks -RUN apt update && apt install -y --no-install-recommends \ - curl python3 python3-pip sshpass vim rsync openssh-client \ - && rm -rf /var/lib/apt/lists/* /var/log/* \ - && pip install --no-cache-dir \ - ansible==5.7.1 \ - ansible-core==2.12.5 \ - cryptography==3.4.8 \ - jinja2==2.11.3 \ - netaddr==0.7.19 \ - jmespath==1.0.1 \ - MarkupSafe==1.1.1 \ - ruamel.yaml==0.17.21 \ - && find / -type d -name '*__pycache__' -prune -exec rm -rf {} \; \ +RUN apt update -q \ + && apt install -yq --no-install-recommends \ + curl \ + python3 \ + python3-pip \ + sshpass \ + vim \ + rsync \ + openssh-client \ + && pip install --no-compile --no-cache-dir \ + ansible==5.7.1 \ + ansible-core==2.12.5 \ + cryptography==3.4.8 \ + jinja2==2.11.3 \ + netaddr==0.7.19 \ + jmespath==1.0.1 \ + MarkupSafe==1.1.1 \ + ruamel.yaml==0.17.21 \ && KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \ - && curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$ARCH/kubectl -o /usr/local/bin/kubectl \ - && chmod a+x /usr/local/bin/kubectl + && curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \ + && echo $(curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \ + && chmod a+x /usr/local/bin/kubectl \ + && rm -rf /var/lib/apt/lists/* /var/log/* \ + && find / -type d -name '*__pycache__' -prune -exec rm -rf {} \;