airship/armada
Code Issues Proposed changes

Libyaml install from apt

Browse Source 
This PS is to install libyaml from apt instead of
building it from source. Also we upgrade the Helm
version to 3.17.3 because of CVE.

In order to decrease the image size *-dev libs are
installed only when needed to build/install Python
packages.

Change-Id: Ie9d2f82eba1285d2b6956bc46c437b84f1e95ed4
This commit is contained in:
Sergiy Markin
2025-04-24 16:22:59 +00:00
parent 951670b45f
commit 238b1d4f2f
5 changed files with 33 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.zuul.yaml
View File

@@ -146,7 +146,7 @@
flannel_version: v0.25.4
metallb_setup: false
metallb_version: "0.13.12"
helm_version: "v3.14.0"
helm_version: "v3.17.3"
crictl_version: "v1.30.1"
zuul_osh_infra_relative_path: ../openstack-helm
gate_scripts_relative_path: ../openstack-helm
@@ -160,7 +160,7 @@
parent: armada-base
vars:
site: airskiff
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz
HTK_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
OSH_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
CLONE_ARMADA: false

2
Makefile
View File

@@ -35,7 +35,7 @@ IMAGE_ALIAS := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${I
UBUNTU_BASE_IMAGE ?=
# Helm binary download url
HELM_ARTIFACT_URL ?= https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
HELM_ARTIFACT_URL ?= https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz
# VERSION INFO
GIT_COMMIT = $(shell git rev-parse HEAD)

1
bindep.txt
View File

@@ -7,4 +7,5 @@ libpq-dev [platform:dpkg]
libsasl2-dev [platform:dpkg]
libssl-dev [platform:dpkg]
libre2-dev [platform:dpkg]
libyaml-dev [platform:dpkg]
ethtool [platform:dpkg]

66
images/armada/Dockerfile.ubuntu_jammy
View File

@@ -27,7 +27,6 @@ RUN set -ex && \
apt-get -y install \
ca-certificates \
curl \
git \
netbase \
python3-dev \
python3-setuptools \
@@ -55,45 +54,36 @@ COPY requirements-frozen.txt ./
ENV LD_LIBRARY_PATH=/usr/local/lib
ARG HELM_ARTIFACT_URL
ARG LIBYAML_VERSION=0.2.5
# Build
RUN set -ex \
&& buildDeps=' \
automake \
gcc \
libssl-dev \
libtool \
make \
python3-pip \
' \
&& apt-get -qq update \
# Keep git separate so it's not removed below
&& apt-get install -y $buildDeps git --no-install-recommends \
&& git clone https://github.com/yaml/libyaml.git \
&& cd libyaml \
&& git checkout $LIBYAML_VERSION \
&& ./bootstrap \
&& ./configure \
&& make \
&& make install \
&& cd .. \
&& rm -fr libyaml \
&& python3 -m pip install -U pip \
&& pip3 install -r requirements-frozen.txt --no-cache-dir \
&& curl -fSSL -O ${HELM_ARTIFACT_URL} \
&& tar -xvf $(basename ${HELM_ARTIFACT_URL}) \
&& mv linux-amd64/helm /usr/local/bin \
&& apt-get purge -y --auto-remove $buildDeps \
&& apt-get autoremove -yqq --purge \
&& apt-get clean \
&& rm -rf \
/var/lib/apt/lists/* \
/tmp/* \
/var/tmp/* \
/usr/share/man \
/usr/share/doc \
/usr/share/doc-base
&& buildDeps=' \
automake \
gcc \
libssl-dev \
libyaml-dev \
libtool \
make \
python3-pip \
' \
&& apt-get -qq update \
# Keep git separate so it's not removed below
&& apt-get install -y $buildDeps git --no-install-recommends \
&& python3 -m pip install -U pip \
&& pip3 install -r requirements-frozen.txt --no-cache-dir \
&& curl -fSSL -O ${HELM_ARTIFACT_URL} \
&& tar -xvf $(basename ${HELM_ARTIFACT_URL}) \
&& mv linux-amd64/helm /usr/local/bin \
&& apt-get purge -y --auto-remove $buildDeps \
&& apt-get autoremove -yqq --purge \
&& apt-get clean \
&& rm -rf \
/var/lib/apt/lists/* \
/tmp/* \
/var/tmp/* \
/usr/share/man \
/usr/share/doc \
/usr/share/doc-base
COPY . ./
COPY --from=armada_go /usr/local/bin/armada /usr/local/bin/armada-go

2
tools/helm_install.sh
View File

@@ -17,7 +17,7 @@
set -x
HELM=$1
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz"}
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz"}
function install_helm_binary {