Adding checksum verification kubectl (#9963)
* Adding checksum verification kubectl Added checksum check of binary file, added PYTHONDONTWRITEBYTECODE variable to improve stability of pip after installing packages and deleting cache, added --no-compile switch to pip package installation to improve performance after deleting cache. * Update Dockerfilepull/9971/head
parent
6c30b3f263
commit
107cb7f549
43
Dockerfile
43
Dockerfile
|
@ -5,9 +5,8 @@ FROM ubuntu:focal-20220531
|
|||
# (and potentially other packages)
|
||||
# See: https://github.com/pypa/pip/issues/10219
|
||||
ENV LANG=C.UTF-8 \
|
||||
DEBIAN_FRONTEND=noninteractive
|
||||
ARG ARCH=amd64
|
||||
|
||||
DEBIAN_FRONTEND=noninteractive \
|
||||
PYTHONDONTWRITEBYTECODE=1
|
||||
WORKDIR /kubespray
|
||||
COPY *yml .
|
||||
COPY roles ./roles
|
||||
|
@ -16,19 +15,27 @@ COPY inventory ./inventory
|
|||
COPY library ./library
|
||||
COPY extra_playbooks ./extra_playbooks
|
||||
|
||||
RUN apt update && apt install -y --no-install-recommends \
|
||||
curl python3 python3-pip sshpass vim rsync openssh-client \
|
||||
&& rm -rf /var/lib/apt/lists/* /var/log/* \
|
||||
&& pip install --no-cache-dir \
|
||||
ansible==5.7.1 \
|
||||
ansible-core==2.12.5 \
|
||||
cryptography==3.4.8 \
|
||||
jinja2==2.11.3 \
|
||||
netaddr==0.7.19 \
|
||||
jmespath==1.0.1 \
|
||||
MarkupSafe==1.1.1 \
|
||||
ruamel.yaml==0.17.21 \
|
||||
&& find / -type d -name '*__pycache__' -prune -exec rm -rf {} \; \
|
||||
RUN apt update -q \
|
||||
&& apt install -yq --no-install-recommends \
|
||||
curl \
|
||||
python3 \
|
||||
python3-pip \
|
||||
sshpass \
|
||||
vim \
|
||||
rsync \
|
||||
openssh-client \
|
||||
&& pip install --no-compile --no-cache-dir \
|
||||
ansible==5.7.1 \
|
||||
ansible-core==2.12.5 \
|
||||
cryptography==3.4.8 \
|
||||
jinja2==2.11.3 \
|
||||
netaddr==0.7.19 \
|
||||
jmespath==1.0.1 \
|
||||
MarkupSafe==1.1.1 \
|
||||
ruamel.yaml==0.17.21 \
|
||||
&& KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \
|
||||
&& curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$ARCH/kubectl -o /usr/local/bin/kubectl \
|
||||
&& chmod a+x /usr/local/bin/kubectl
|
||||
&& curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
|
||||
&& echo $(curl -L https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
|
||||
&& chmod a+x /usr/local/bin/kubectl \
|
||||
&& rm -rf /var/lib/apt/lists/* /var/log/* \
|
||||
&& find / -type d -name '*__pycache__' -prune -exec rm -rf {} \;
|
||||
|
|
Loading…
Reference in New Issue