kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding checksum verification kubectl (#9963) 

* Adding checksum verification kubectl

Added checksum check of binary file, added PYTHONDONTWRITEBYTECODE variable to improve stability of pip after installing packages and deleting cache, added --no-compile switch to pip package installation to improve performance after deleting cache.

* Update Dockerfile
pull/9971/head
Aleksey Karpov 2023-04-11 12:47:18 +03:00 committed by GitHub
parent 6c30b3f263
commit 107cb7f549
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
Dockerfile
View File

@ -5,9 +5,8 @@ FROM ubuntu:focal-20220531
# (and potentially other packages) # (and potentially other packages)
# See: https://github.com/pypa/pip/issues/10219 # See: https://github.com/pypa/pip/issues/10219
ENV LANG=C.UTF-8 \ ENV LANG=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive DEBIAN_FRONTEND=noninteractive \
ARG ARCH=amd64 PYTHONDONTWRITEBYTECODE=1
WORKDIR /kubespray WORKDIR /kubespray
COPY *yml . COPY *yml .
COPY roles ./roles COPY roles ./roles
@ -16,19 +15,27 @@ COPY inventory ./inventory
COPY library ./library COPY library ./library
COPY extra_playbooks ./extra_playbooks COPY extra_playbooks ./extra_playbooks
RUN apt update && apt install -y --no-install-recommends \ RUN apt update -q \
curl python3 python3-pip sshpass vim rsync openssh-client \ && apt install -yq --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* /var/log/* \ curl \
&& pip install --no-cache-dir \ python3 \
ansible==5.7.1 \ python3-pip \
ansible-core==2.12.5 \ sshpass \
cryptography==3.4.8 \ vim \
jinja2==2.11.3 \ rsync \
netaddr==0.7.19 \ openssh-client \
jmespath==1.0.1 \ && pip install --no-compile --no-cache-dir \
MarkupSafe==1.1.1 \ ansible==5.7.1 \
ruamel.yaml==0.17.21 \ ansible-core==2.12.5 \
&& find / -type d -name '*__pycache__' -prune -exec rm -rf {} \; \ cryptography==3.4.8 \
jinja2==2.11.3 \
netaddr==0.7.19 \
jmespath==1.0.1 \
MarkupSafe==1.1.1 \
ruamel.yaml==0.17.21 \
&& KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \ && KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \
&& curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$ARCH/kubectl -o /usr/local/bin/kubectl \ && curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
&& chmod a+x /usr/local/bin/kubectl && echo $(curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
&& chmod a+x /usr/local/bin/kubectl \
&& rm -rf /var/lib/apt/lists/* /var/log/* \
&& find / -type d -name '*__pycache__' -prune -exec rm -rf {} \;