openstack-helm-infra/tools/images/kubeadm-aio/Dockerfile
Andrii Ostapenko a0ca4a3bb9
Fix ALLOW_UNAUTHENTICATED for bionic kubeadm-AIO
Change-Id: I6bf1f483999a10322362aa18bd43bc09cef7ffe9
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2020-07-08 14:12:34 -05:00

119 lines
4.1 KiB
Docker

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM docker.io/ubuntu:bionic
MAINTAINER pete.birley@att.com
ARG UBUNTU_URL=http://archive.ubuntu.com/ubuntu/
ARG ALLOW_UNAUTHENTICATED=false
ARG PIP_INDEX_URL=https://pypi.python.org/simple/
ARG PIP_TRUSTED_HOST=pypi.python.org
ENV PIP_INDEX_URL=${PIP_INDEX_URL}
ENV PIP_TRUSTED_HOST=${PIP_TRUSTED_HOST}
COPY ./tools/images/kubeadm-aio/sources.list /etc/apt/
RUN sed -i \
-e "s|%%UBUNTU_URL%%|${UBUNTU_URL}|g" \
/etc/apt/sources.list ;\
echo "APT::Get::AllowUnauthenticated \"${ALLOW_UNAUTHENTICATED}\";\n\
Acquire::AllowInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";\n\
Acquire::AllowDowngradeToInsecureRepositories \"${ALLOW_UNAUTHENTICATED}\";" \
>> /etc/apt/apt.conf.d/allow-unathenticated
ARG GOOGLE_KUBERNETES_REPO_URL=https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64
ENV GOOGLE_KUBERNETES_REPO_URL ${GOOGLE_KUBERNETES_REPO_URL}
ARG GOOGLE_HELM_REPO_URL=https://storage.googleapis.com/kubernetes-helm
ENV GOOGLE_HELM_REPO_URL ${GOOGLE_HELM_REPO_URL}
ARG KUBE_VERSION="v1.16.2"
ENV KUBE_VERSION ${KUBE_VERSION}
ARG CNI_VERSION="v0.6.0"
ENV CNI_VERSION ${CNI_VERSION}
ARG CNI_REPO_URL=https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION
ENV CNI_REPO_URL ${CNI_REPO_URL}
ARG HELM_VERSION="v2.14.1"
ENV HELM_VERSION ${HELM_VERSION}
ARG CHARTS="calico,flannel,tiller,kube-dns,kubernetes-keystone-webhook"
ENV CHARTS ${CHARTS}
ARG HTTP_PROXY=""
ENV HTTP_PROXY ${HTTP_PROXY}
ENV http_proxy ${HTTP_PROXY}
ARG HTTPS_PROXY=""
ENV HTTPS_PROXY ${HTTPS_PROXY}
ENV https_proxy ${HTTPS_PROXY}
ARG NO_PROXY="127.0.0.1,localhost,.svc.cluster.local"
ENV NO_PROXY ${NO_PROXY}
ENV no_proxy ${NO_PROXY}
ENV container="docker" \
DEBIAN_FRONTEND="noninteractive" \
CNI_BIN_DIR="/opt/cni/bin"
RUN set -ex ;\
apt-get update ;\
apt-get upgrade -y ;\
apt-get install -y --no-install-recommends \
bash \
ca-certificates \
curl \
jq \
python3-pip \
gawk ;\
pip3 --no-cache-dir install --upgrade pip==18.1 ;\
hash -r ;\
pip3 --no-cache-dir install --upgrade setuptools ;\
# NOTE(srwilkers): Pinning ansible to 2.5.5, as pip installs 2.6 by default.
# 2.6 introduces a new command flag (init) for the docker_container module
# that is incompatible with what we have currently. 2.5.5 ensures we match
# what's deployed in the gates
pip3 --no-cache-dir install --upgrade \
requests \
kubernetes \
"ansible==2.5.5" ;\
for BINARY in kubectl kubeadm; do \
curl -sSL -o /usr/bin/${BINARY} \
${GOOGLE_KUBERNETES_REPO_URL}/${BINARY} ;\
chmod +x /usr/bin/${BINARY} ;\
done ;\
mkdir -p /opt/assets/usr/bin ;\
curl -sSL -o /opt/assets/usr/bin/kubelet \
${GOOGLE_KUBERNETES_REPO_URL}/kubelet ;\
chmod +x /opt/assets/usr/bin/kubelet ;\
mkdir -p /opt/assets${CNI_BIN_DIR} ;\
curl -sSL ${CNI_REPO_URL}/cni-plugins-amd64-$CNI_VERSION.tgz | \
tar -zxv --strip-components=1 -C /opt/assets${CNI_BIN_DIR} ;\
TMP_DIR=$(mktemp -d) ;\
curl -sSL ${GOOGLE_HELM_REPO_URL}/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR} ;\
mv ${TMP_DIR}/helm /usr/bin/helm ;\
rm -rf ${TMP_DIR} ;\
apt-get purge -y --auto-remove \
curl ;\
rm -rf /var/lib/apt/lists/* /tmp/* /root/.cache
COPY ./ /tmp/source
RUN set -ex ;\
cp -rfav /tmp/source/tools/images/kubeadm-aio/assets/* / ;\
IFS=','; for CHART in $CHARTS; do \
mv -v /tmp/source/${CHART} /opt/charts/; \
done ;\
rm -rf /tmp/source
ENTRYPOINT ["/entrypoint.sh"]