Adding checksum verification kubectl (#9963)
* Adding checksum verification kubectl Added checksum check of binary file, added PYTHONDONTWRITEBYTECODE variable to improve stability of pip after installing packages and deleting cache, added --no-compile switch to pip package installation to improve performance after deleting cache. * Update Dockerfilepull/9971/head
parent
6c30b3f263
commit
107cb7f549
27
Dockerfile
27
Dockerfile
|
@ -5,9 +5,8 @@ FROM ubuntu:focal-20220531
|
||||||
# (and potentially other packages)
|
# (and potentially other packages)
|
||||||
# See: https://github.com/pypa/pip/issues/10219
|
# See: https://github.com/pypa/pip/issues/10219
|
||||||
ENV LANG=C.UTF-8 \
|
ENV LANG=C.UTF-8 \
|
||||||
DEBIAN_FRONTEND=noninteractive
|
DEBIAN_FRONTEND=noninteractive \
|
||||||
ARG ARCH=amd64
|
PYTHONDONTWRITEBYTECODE=1
|
||||||
|
|
||||||
WORKDIR /kubespray
|
WORKDIR /kubespray
|
||||||
COPY *yml .
|
COPY *yml .
|
||||||
COPY roles ./roles
|
COPY roles ./roles
|
||||||
|
@ -16,10 +15,16 @@ COPY inventory ./inventory
|
||||||
COPY library ./library
|
COPY library ./library
|
||||||
COPY extra_playbooks ./extra_playbooks
|
COPY extra_playbooks ./extra_playbooks
|
||||||
|
|
||||||
RUN apt update && apt install -y --no-install-recommends \
|
RUN apt update -q \
|
||||||
curl python3 python3-pip sshpass vim rsync openssh-client \
|
&& apt install -yq --no-install-recommends \
|
||||||
&& rm -rf /var/lib/apt/lists/* /var/log/* \
|
curl \
|
||||||
&& pip install --no-cache-dir \
|
python3 \
|
||||||
|
python3-pip \
|
||||||
|
sshpass \
|
||||||
|
vim \
|
||||||
|
rsync \
|
||||||
|
openssh-client \
|
||||||
|
&& pip install --no-compile --no-cache-dir \
|
||||||
ansible==5.7.1 \
|
ansible==5.7.1 \
|
||||||
ansible-core==2.12.5 \
|
ansible-core==2.12.5 \
|
||||||
cryptography==3.4.8 \
|
cryptography==3.4.8 \
|
||||||
|
@ -28,7 +33,9 @@ RUN apt update && apt install -y --no-install-recommends \
|
||||||
jmespath==1.0.1 \
|
jmespath==1.0.1 \
|
||||||
MarkupSafe==1.1.1 \
|
MarkupSafe==1.1.1 \
|
||||||
ruamel.yaml==0.17.21 \
|
ruamel.yaml==0.17.21 \
|
||||||
&& find / -type d -name '*__pycache__' -prune -exec rm -rf {} \; \
|
|
||||||
&& KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \
|
&& KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \
|
||||||
&& curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$ARCH/kubectl -o /usr/local/bin/kubectl \
|
&& curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
|
||||||
&& chmod a+x /usr/local/bin/kubectl
|
&& echo $(curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
|
||||||
|
&& chmod a+x /usr/local/bin/kubectl \
|
||||||
|
&& rm -rf /var/lib/apt/lists/* /var/log/* \
|
||||||
|
&& find / -type d -name '*__pycache__' -prune -exec rm -rf {} \;
|
||||||
|
|
Loading…
Reference in New Issue