Adding checksum verification kubectl (#9963)

* Adding checksum verification kubectl

Added checksum check of binary file, added PYTHONDONTWRITEBYTECODE variable to improve stability of pip after installing packages and deleting cache, added --no-compile switch to pip package installation to improve performance after deleting cache.

* Update Dockerfile
pull/9971/head
Aleksey Karpov 2023-04-11 12:47:18 +03:00 committed by GitHub
parent 6c30b3f263
commit 107cb7f549
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 18 deletions

View File

@ -5,9 +5,8 @@ FROM ubuntu:focal-20220531
# (and potentially other packages) # (and potentially other packages)
# See: https://github.com/pypa/pip/issues/10219 # See: https://github.com/pypa/pip/issues/10219
ENV LANG=C.UTF-8 \ ENV LANG=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive DEBIAN_FRONTEND=noninteractive \
ARG ARCH=amd64 PYTHONDONTWRITEBYTECODE=1
WORKDIR /kubespray WORKDIR /kubespray
COPY *yml . COPY *yml .
COPY roles ./roles COPY roles ./roles
@ -16,10 +15,16 @@ COPY inventory ./inventory
COPY library ./library COPY library ./library
COPY extra_playbooks ./extra_playbooks COPY extra_playbooks ./extra_playbooks
RUN apt update && apt install -y --no-install-recommends \ RUN apt update -q \
curl python3 python3-pip sshpass vim rsync openssh-client \ && apt install -yq --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* /var/log/* \ curl \
&& pip install --no-cache-dir \ python3 \
python3-pip \
sshpass \
vim \
rsync \
openssh-client \
&& pip install --no-compile --no-cache-dir \
ansible==5.7.1 \ ansible==5.7.1 \
ansible-core==2.12.5 \ ansible-core==2.12.5 \
cryptography==3.4.8 \ cryptography==3.4.8 \
@ -28,7 +33,9 @@ RUN apt update && apt install -y --no-install-recommends \
jmespath==1.0.1 \ jmespath==1.0.1 \
MarkupSafe==1.1.1 \ MarkupSafe==1.1.1 \
ruamel.yaml==0.17.21 \ ruamel.yaml==0.17.21 \
&& find / -type d -name '*__pycache__' -prune -exec rm -rf {} \; \
&& KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \ && KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \
&& curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$ARCH/kubectl -o /usr/local/bin/kubectl \ && curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
&& chmod a+x /usr/local/bin/kubectl && echo $(curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
&& chmod a+x /usr/local/bin/kubectl \
&& rm -rf /var/lib/apt/lists/* /var/log/* \
&& find / -type d -name '*__pycache__' -prune -exec rm -rf {} \;