Fix openssl in krm-functions images
Users behind firewalls may be unable to build all the airshipctl images as a result of OpenSSL errors stemming from certificates used with the proxy. To address this, the images impacted have been updated to copy the proxy certificate from airshipctl/certs into the image and run update-ca-certificates command. This is the same behavior that already exists in the base airshipctl image and is simply being extended to the images in krm-functions. Change-Id: I436d1e25fb0726ab7576fec44a7ef2f9fd20f2bd Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
This commit is contained in:
parent
d0df7d8e43
commit
9105c6bcd0
@ -1,4 +1,12 @@
|
|||||||
FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder
|
FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder
|
||||||
|
|
||||||
|
# Inject custom root certificate authorities if needed
|
||||||
|
# Docker does not have a good conditional copy statement and requires that a source file exists
|
||||||
|
# to complete the copy function without error. Therefore the README.md file will be copied to
|
||||||
|
# the image every time even if there are no .crt files.
|
||||||
|
COPY ./certs/* /usr/local/share/ca-certificates/
|
||||||
|
RUN update-ca-certificates
|
||||||
|
|
||||||
ENV CGO_ENABLED=0
|
ENV CGO_ENABLED=0
|
||||||
WORKDIR /go/src/
|
WORKDIR /go/src/
|
||||||
COPY image/go.mod .
|
COPY image/go.mod .
|
||||||
|
@ -1,4 +1,12 @@
|
|||||||
FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder
|
FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder
|
||||||
|
|
||||||
|
# Inject custom root certificate authorities if needed
|
||||||
|
# Docker does not have a good conditional copy statement and requires that a source file exists
|
||||||
|
# to complete the copy function without error. Therefore the README.md file will be copied to
|
||||||
|
# the image every time even if there are no .crt files.
|
||||||
|
COPY ./certs/* /usr/local/share/ca-certificates/
|
||||||
|
RUN update-ca-certificates
|
||||||
|
|
||||||
ENV CGO_ENABLED=0
|
ENV CGO_ENABLED=0
|
||||||
WORKDIR /go/src/
|
WORKDIR /go/src/
|
||||||
COPY image/go.mod .
|
COPY image/go.mod .
|
||||||
|
@ -1,4 +1,12 @@
|
|||||||
FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder
|
FROM gcr.io/gcp-runtimes/go1-builder:1.15 as builder
|
||||||
|
|
||||||
|
# Inject custom root certificate authorities if needed
|
||||||
|
# Docker does not have a good conditional copy statement and requires that a source file exists
|
||||||
|
# to complete the copy function without error. Therefore the README.md file will be copied to
|
||||||
|
# the image every time even if there are no .crt files.
|
||||||
|
COPY ./certs/* /usr/local/share/ca-certificates/
|
||||||
|
RUN update-ca-certificates
|
||||||
|
|
||||||
ENV CGO_ENABLED=0
|
ENV CGO_ENABLED=0
|
||||||
WORKDIR /go/src/
|
WORKDIR /go/src/
|
||||||
COPY image/go.mod .
|
COPY image/go.mod .
|
||||||
|
@ -1,6 +1,15 @@
|
|||||||
ARG RELEASE_IMAGE=scratch
|
ARG RELEASE_IMAGE=scratch
|
||||||
FROM ${RELEASE_IMAGE} as kctl
|
FROM ${RELEASE_IMAGE} as kctl
|
||||||
RUN apk add curl
|
|
||||||
|
RUN apk update && apk add curl
|
||||||
|
|
||||||
|
# Inject custom root certificate authorities if needed
|
||||||
|
# Docker does not have a good conditional copy statement and requires that a source file exists
|
||||||
|
# to complete the copy function without error. Therefore the README.md file will be copied to
|
||||||
|
# the image every time even if there are no .crt files.
|
||||||
|
COPY ./certs/* /usr/local/share/ca-certificates/
|
||||||
|
RUN update-ca-certificates
|
||||||
|
|
||||||
RUN curl -L "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" \
|
RUN curl -L "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" \
|
||||||
-o /kubectl
|
-o /kubectl
|
||||||
RUN chmod +x /kubectl
|
RUN chmod +x /kubectl
|
||||||
@ -14,7 +23,16 @@ COPY krm-functions/toolbox/main.go .
|
|||||||
RUN /usr/local/go/bin/go build -v -o /usr/local/bin/config-function ./
|
RUN /usr/local/go/bin/go build -v -o /usr/local/bin/config-function ./
|
||||||
|
|
||||||
FROM ${RELEASE_IMAGE} as calicoctl
|
FROM ${RELEASE_IMAGE} as calicoctl
|
||||||
RUN apk add curl
|
|
||||||
|
RUN apk update && apk add curl
|
||||||
|
|
||||||
|
# Inject custom root certificate authorities if needed
|
||||||
|
# Docker does not have a good conditional copy statement and requires that a source file exists
|
||||||
|
# to complete the copy function without error. Therefore the README.md file will be copied to
|
||||||
|
# the image every time even if there are no .crt files.
|
||||||
|
COPY ./certs/* /usr/local/share/ca-certificates/
|
||||||
|
RUN update-ca-certificates
|
||||||
|
|
||||||
RUN curl -L "https://github.com/projectcalico/calicoctl/releases/download/v3.18.1/calicoctl" \
|
RUN curl -L "https://github.com/projectcalico/calicoctl/releases/download/v3.18.1/calicoctl" \
|
||||||
-o /calicoctl
|
-o /calicoctl
|
||||||
RUN chmod +x /calicoctl
|
RUN chmod +x /calicoctl
|
||||||
|
Loading…
Reference in New Issue
Block a user