Fix openssl in krm-functions images

Users behind firewalls may be unable to build all the airshipctl
images as a result of OpenSSL errors stemming from certificates used
with the proxy. To address this, the images impacted have been
updated to copy the proxy certificate from airshipctl/certs into
the image and run update-ca-certificates command. This is the same
behavior that already exists in the base airshipctl image and is
simply being extended to the images in krm-functions.

Change-Id: I436d1e25fb0726ab7576fec44a7ef2f9fd20f2bd
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
This commit is contained in:
Alexander Hughes 2021-04-08 13:43:41 -04:00
parent d0df7d8e43
commit 9105c6bcd0
4 changed files with 44 additions and 2 deletions

View File

@ -1,4 +1,12 @@
FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder
# Inject custom root certificate authorities if needed
# Docker does not have a good conditional copy statement and requires that a source file exists
# to complete the copy function without error. Therefore the README.md file will be copied to
# the image every time even if there are no .crt files.
COPY ./certs/* /usr/local/share/ca-certificates/
RUN update-ca-certificates
ENV CGO_ENABLED=0 ENV CGO_ENABLED=0
WORKDIR /go/src/ WORKDIR /go/src/
COPY image/go.mod . COPY image/go.mod .

View File

@ -1,4 +1,12 @@
FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder
# Inject custom root certificate authorities if needed
# Docker does not have a good conditional copy statement and requires that a source file exists
# to complete the copy function without error. Therefore the README.md file will be copied to
# the image every time even if there are no .crt files.
COPY ./certs/* /usr/local/share/ca-certificates/
RUN update-ca-certificates
ENV CGO_ENABLED=0 ENV CGO_ENABLED=0
WORKDIR /go/src/ WORKDIR /go/src/
COPY image/go.mod . COPY image/go.mod .

View File

@ -1,4 +1,12 @@
FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder
# Inject custom root certificate authorities if needed
# Docker does not have a good conditional copy statement and requires that a source file exists
# to complete the copy function without error. Therefore the README.md file will be copied to
# the image every time even if there are no .crt files.
COPY ./certs/* /usr/local/share/ca-certificates/
RUN update-ca-certificates
ENV CGO_ENABLED=0 ENV CGO_ENABLED=0
WORKDIR /go/src/ WORKDIR /go/src/
COPY image/go.mod . COPY image/go.mod .

View File

@ -1,6 +1,15 @@
ARG RELEASE_IMAGE=scratch ARG RELEASE_IMAGE=scratch
FROM ${RELEASE_IMAGE} as kctl FROM ${RELEASE_IMAGE} as kctl
RUN apk add curl
RUN apk update && apk add curl
# Inject custom root certificate authorities if needed
# Docker does not have a good conditional copy statement and requires that a source file exists
# to complete the copy function without error. Therefore the README.md file will be copied to
# the image every time even if there are no .crt files.
COPY ./certs/* /usr/local/share/ca-certificates/
RUN update-ca-certificates
RUN curl -L "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" \ RUN curl -L "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" \
-o /kubectl -o /kubectl
RUN chmod +x /kubectl RUN chmod +x /kubectl
@ -14,7 +23,16 @@ COPY krm-functions/toolbox/main.go .
RUN /usr/local/go/bin/go build -v -o /usr/local/bin/config-function ./ RUN /usr/local/go/bin/go build -v -o /usr/local/bin/config-function ./
FROM ${RELEASE_IMAGE} as calicoctl FROM ${RELEASE_IMAGE} as calicoctl
RUN apk add curl
RUN apk update && apk add curl
# Inject custom root certificate authorities if needed
# Docker does not have a good conditional copy statement and requires that a source file exists
# to complete the copy function without error. Therefore the README.md file will be copied to
# the image every time even if there are no .crt files.
COPY ./certs/* /usr/local/share/ca-certificates/
RUN update-ca-certificates
RUN curl -L "https://github.com/projectcalico/calicoctl/releases/download/v3.18.1/calicoctl" \ RUN curl -L "https://github.com/projectcalico/calicoctl/releases/download/v3.18.1/calicoctl" \
-o /calicoctl -o /calicoctl
RUN chmod +x /calicoctl RUN chmod +x /calicoctl