diff --git a/charts/calicoctl-utility/templates/_functions.tpl b/charts/calicoctl-utility/templates/_functions.tpl new file mode 100644 index 00000000..2203ea77 --- /dev/null +++ b/charts/calicoctl-utility/templates/_functions.tpl @@ -0,0 +1,24 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "calico.etcd.tls" -}} +{{- if or (or .Values.endpoints.etcd.auth.client.tls.crt .Values.endpoints.etcd.auth.client.tls.ca) .Values.endpoints.etcd.auth.client.tls.key -}} +{{- $_ := required "Must specify all or none of etcd_crt, etcd_ca, etcd_key" .Values.endpoints.etcd.auth.client.tls.crt -}} +{{- $_ := required "Must specify all or none of etcd_crt, etcd_ca, etcd_key" .Values.endpoints.etcd.auth.client.tls.ca -}} +{{- $_ := required "Must specify all or none of etcd_crt, etcd_ca, etcd_key" .Values.endpoints.etcd.auth.client.tls.key -}} +true +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/calicoctl-utility/templates/bin/_bootstrap.sh.tpl b/charts/calicoctl-utility/templates/bin/_bootstrap.sh.tpl index 4fc85940..3985fa94 100644 --- a/charts/calicoctl-utility/templates/bin/_bootstrap.sh.tpl +++ b/charts/calicoctl-utility/templates/bin/_bootstrap.sh.tpl @@ -15,5 +15,4 @@ See the License for the specific language governing permissions and limitations under the License. */}} -sudo /tmp/override-oslo-rootwrap-logging.sh -exec sudo socat -d -v -s -t0 -T0 -u UNIX-RECV:/dev/log,reuseaddr stdout +exec sudo socat -d -s -t0 -T0 -u UNIX-RECV:/dev/log,reuseaddr stdout diff --git a/charts/calicoctl-utility/templates/bin/_calicoctl-utility-rootwrap.tpl b/charts/calicoctl-utility/templates/bin/_calicoctl-utility-rootwrap.tpl index d1d3c7b0..d93269c8 100644 --- a/charts/calicoctl-utility/templates/bin/_calicoctl-utility-rootwrap.tpl +++ b/charts/calicoctl-utility/templates/bin/_calicoctl-utility-rootwrap.tpl @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/python3 {{/* Copyright 2019 The Openstack-Helm Authors. @@ -41,7 +41,7 @@ except IOError: exit() formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' + - os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s') + os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s\n') handler.setFormatter(formatter) root = logging.getLogger() root.setLevel(log_level) diff --git a/charts/calicoctl-utility/templates/bin/_override-oslo-rootwrap-logging.sh.tpl b/charts/calicoctl-utility/templates/bin/_override-oslo-rootwrap-logging.sh.tpl deleted file mode 100644 index ffb7a12f..00000000 --- a/charts/calicoctl-utility/templates/bin/_override-oslo-rootwrap-logging.sh.tpl +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -{{/* -Copyright 2019 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} -{{/* -These lines will disable extra handler, extra formatter, extra level to the -root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl. -These lines will get rid of duplicate logs, generated because of the formatter -attached by oslo-rootwrap. -*/}} -sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py -sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py -sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py -sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py \ No newline at end of file diff --git a/charts/calicoctl-utility/templates/bin/_utilscli-sudo.tpl b/charts/calicoctl-utility/templates/bin/_utilscli-sudo.tpl index 37c18de2..bfe5bf74 100644 --- a/charts/calicoctl-utility/templates/bin/_utilscli-sudo.tpl +++ b/charts/calicoctl-utility/templates/bin/_utilscli-sudo.tpl @@ -14,8 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -nobody ALL=SETENV: NOPASSWD: /tmp/override-oslo-rootwrap-logging.sh, \ - /usr/bin/socat -d -v -s -t0 -T0 -u \ +nobody ALL=SETENV: NOPASSWD: /usr/bin/socat -d -s -t0 -T0 -u \ UNIX-RECV\:/dev/log\,reuseaddr stdout, \ /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf *, \ /usr/local/bin/calicoctl version diff --git a/charts/calicoctl-utility/templates/bin/_version_check.sh.tpl b/charts/calicoctl-utility/templates/bin/_version_check.sh.tpl index fb12c52a..285f10c0 100644 --- a/charts/calicoctl-utility/templates/bin/_version_check.sh.tpl +++ b/charts/calicoctl-utility/templates/bin/_version_check.sh.tpl @@ -36,4 +36,4 @@ function check_version() { fi } -sudo calicoctl version | check_version +utilscli calicoctl version | check_version diff --git a/charts/calicoctl-utility/templates/configmap-bin.yaml b/charts/calicoctl-utility/templates/configmap-bin.yaml index b0e8a9af..43295b71 100644 --- a/charts/calicoctl-utility/templates/configmap-bin.yaml +++ b/charts/calicoctl-utility/templates/configmap-bin.yaml @@ -25,9 +25,6 @@ data: image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} - override-oslo-rootwrap-logging.sh: | -{{ tuple "bin/_override-oslo-rootwrap-logging.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - calicoctl-utility-rootwrap: | {{ tuple "bin/_calicoctl-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/charts/calicoctl-utility/templates/configmap-etc.yaml b/charts/calicoctl-utility/templates/configmap-etc.yaml index 044926a9..18dea1e8 100644 --- a/charts/calicoctl-utility/templates/configmap-etc.yaml +++ b/charts/calicoctl-utility/templates/configmap-etc.yaml @@ -33,11 +33,15 @@ data: kind: CalicoAPIConfig metadata: spec: - datastoreType: "etcdv3" + datastoreType: {{ .Values.datastore }} +{{- if eq .Values.datastore "etcdv3" }} etcdEndpoints: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- if include "calico.etcd.tls" . }} etcdCertFile: {{ .Values.endpoints.etcd.auth.client.path.crt }} etcdCACertFile: {{ .Values.endpoints.etcd.auth.client.path.ca }} etcdKeyFile: {{ .Values.endpoints.etcd.auth.client.path.key }} +{{- end }} +{{- end }} --- apiVersion: v1 diff --git a/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml b/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml index 85db5a4b..1e21c97a 100644 --- a/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml +++ b/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml @@ -20,7 +20,7 @@ limitations under the License. {{- $serviceAccountName := printf "%s" $envAll.Release.Name }} {{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ $serviceAccountName }} @@ -34,7 +34,7 @@ subjects: namespace: {{ .Release.Namespace }} --- kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ $serviceAccountName }} rules: @@ -43,18 +43,49 @@ rules: - namespaces - nodes - pods + - pods/status + - serviceaccounts verbs: - get - list + - watch + - apiGroups: ["extensions"] + resources: + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + - get - apiGroups: ["crd.projectcalico.org"] resources: + - globalfelixconfigs - bgppeers + - globalbgpconfigs - bgpconfigurations - clusterinformations + - licensekeys - felixconfigurations + - globalthreatfeeds - globalnetworkpolicies + - globalnetworksets + - networksets + - remoteclusterconfigurations - ippools - networkpolicies + - tiers + - profiles + - clusterinformations + - hostendpoints + - ipamblocks + - blockaffinities + - ipamhandles verbs: - get - list @@ -98,7 +129,7 @@ spec: {{- if .Values.conf.utility.match_versions }} - /usr/local/bin/version_check.sh {{- else }} - - sudo + - utilscli - calicoctl - version {{- end }} @@ -107,12 +138,13 @@ spec: livenessProbe: exec: command: - - sudo + - utilscli - calicoctl - version initialDelaySeconds: 5 periodSeconds: 15 volumeMounts: +{{- if and .Values.manifests.secret_certificates (include "calico.etcd.tls" .) }} - name: calico-etcd-secrets mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} subPath: tls.ca @@ -125,6 +157,7 @@ spec: mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} subPath: tls.key readOnly: true +{{- end }} - name: calicoctl-utility-bin-utilscli mountPath: /usr/local/bin/version_check.sh subPath: version_check.sh @@ -141,10 +174,6 @@ spec: mountPath: /usr/local/bin/calicoctl-utility-rootwrap subPath: calicoctl-utility-rootwrap readOnly: true - - name: calicoctl-utility-bin - mountPath: /tmp/override-oslo-rootwrap-logging.sh - subPath: override-oslo-rootwrap-logging.sh - readOnly: true - name: calicoctl-utility-sudoers mountPath: /etc/sudoers.d/nobody subPath: utilscli-sudo @@ -178,8 +207,10 @@ spec: configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" }} defaultMode: 0400 +{{- if .Values.manifests.secret_certificates }} - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets defaultMode: 0400 {{- end }} +{{- end }} diff --git a/charts/calicoctl-utility/templates/secret-etcd-certificates.yaml b/charts/calicoctl-utility/templates/secret-etcd-certificates.yaml index df631c06..0dc776f0 100644 --- a/charts/calicoctl-utility/templates/secret-etcd-certificates.yaml +++ b/charts/calicoctl-utility/templates/secret-etcd-certificates.yaml @@ -17,14 +17,15 @@ limitations under the License. {{- if .Values.manifests.secret_certificates }} {{- $envAll := . }} --- - apiVersion: v1 kind: Secret type: kubernetes.io/tls metadata: name: calico-etcd-secrets data: +{{- if include "calico.etcd.tls" . }} tls.ca: {{ .Values.endpoints.etcd.auth.client.tls.ca | default "" | b64enc }} tls.key: {{ .Values.endpoints.etcd.auth.client.tls.key | default "" | b64enc }} tls.crt: {{ .Values.endpoints.etcd.auth.client.tls.crt | default "" | b64enc }} {{- end }} +{{- end }} diff --git a/charts/calicoctl-utility/values.yaml b/charts/calicoctl-utility/values.yaml index ab0fcfb8..a24035d8 100644 --- a/charts/calicoctl-utility/values.yaml +++ b/charts/calicoctl-utility/values.yaml @@ -82,6 +82,10 @@ dependencies: - endpoint: internal service: calico-etcd +# which data store is used by calico +# allowed values are: 'kubernetes' or 'etcdv3' +datastore: kubernetes + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -132,38 +136,58 @@ conf: # Below are example command filters. access can be restricted by creating a user with less privileges # calicoctl_00: CommandFilter, calicoctl, root # Below are examples of RegExpFilter. This will restrict available calicoctl options even with admin user - calicoctl_help_00: RegExpFilter, calicoctl, root, calicoctl, -h - calicoctl_help_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, -h - calicoctl_get_01: RegExpFilter, calicoctl, root, calicoctl, get, .* - calicoctl_get_03: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .* - calicoctl_get_04: RegExpFilter, calicoctl, root, calicoctl, get, .*, --export - calicoctl_get_05: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, --export - calicoctl_get_06: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .* - calicoctl_get_07: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .* - calicoctl_get_08: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export - calicoctl_get_09: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export - calicoctl_get_10: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .* - calicoctl_get_11: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .* - calicoctl_get_12: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --export - calicoctl_get_13: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --export - calicoctl_get_14: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* - calicoctl_get_15: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* - calicoctl_get_16: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export - calicoctl_get_17: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export - calicoctl_get_18: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces - calicoctl_get_19: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces - calicoctl_get_20: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export - calicoctl_get_21: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export + calicoctl_help_000: RegExpFilter, calicoctl, root, calicoctl, -h + calicoctl_help_010: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, -h + calicoctl_get_010: RegExpFilter, calicoctl, root, calicoctl, get, .* + calicoctl_get_020: RegExpFilter, calicoctl, root, calicoctl, get, .*, .* + calicoctl_get_030: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .* + calicoctl_get_040: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .* + calicoctl_get_050: RegExpFilter, calicoctl, root, calicoctl, get, .*, --export + calicoctl_get_060: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, --export + calicoctl_get_070: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, --export + calicoctl_get_080: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, --export + calicoctl_get_090: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .* + calicoctl_get_100: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .* + calicoctl_get_110: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .* + calicoctl_get_120: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .* + calicoctl_get_130: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export + calicoctl_get_140: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export + calicoctl_get_150: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export + calicoctl_get_160: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export + calicoctl_get_170: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .* + calicoctl_get_180: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .* + calicoctl_get_190: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .* + calicoctl_get_200: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .* + calicoctl_get_210: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --export + calicoctl_get_220: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, --export + calicoctl_get_230: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --export + calicoctl_get_240: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, --export + calicoctl_get_250: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* + calicoctl_get_260: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* + calicoctl_get_270: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* + calicoctl_get_280: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* + calicoctl_get_290: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export + calicoctl_get_300: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export + calicoctl_get_310: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export + calicoctl_get_320: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export + calicoctl_get_330: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces + calicoctl_get_340: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces + calicoctl_get_350: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces + calicoctl_get_360: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces + calicoctl_get_370: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export + calicoctl_get_380: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export + calicoctl_get_390: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export + calicoctl_get_400: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export - calicoctl_convert_00: RegExpFilter, calicoctl, root, calicoctl, convert, -h - calicoctl_convert_01: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .* - calicoctl_convert_02: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .* - calicoctl_convert_03: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .*, --ignore-validation - calicoctl_convert_04: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .*, --ignore-validation - calicoctl_convert_05: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .* - calicoctl_convert_06: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .* - calicoctl_convert_07: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation - calicoctl_convert_08: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation + calicoctl_convert_000: RegExpFilter, calicoctl, root, calicoctl, convert, -h + calicoctl_convert_010: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .* + calicoctl_convert_020: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .* + calicoctl_convert_030: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .*, --ignore-validation + calicoctl_convert_040: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .*, --ignore-validation + calicoctl_convert_050: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .* + calicoctl_convert_060: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .* + calicoctl_convert_070: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation + calicoctl_convert_080: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation calicoctl_ipam_00: RegExpFilter, calicoctl, root, calicoctl, ipam, show, --ip=.* calicoctl_ipam_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, ipam, show, --ip=.* @@ -207,4 +231,4 @@ manifests: configmap_etc_client: true deployment_calicoctl_utility: true job_image_repo_sync: false - secret_certificates: true + secret_certificates: false diff --git a/images/calicoctl-utility/Dockerfile.alpine b/images/calicoctl-utility/Dockerfile.alpine index e3bd739e..5f52703d 100644 --- a/images/calicoctl-utility/Dockerfile.alpine +++ b/images/calicoctl-utility/Dockerfile.alpine @@ -21,10 +21,16 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && touch /var/lib/dpkg/status \ && apk update \ && apk add --update \ - python python-dev py-pip build-base \ - sudo screen rsyslog \ + python3 python3-dev py3-pip build-base \ + sudo screen \ wget curl socat \ - && pip install oslo.rootwrap + && pip3 install oslo.rootwrap + +RUN PYTHON_LOCATION=$(pip3 show oslo.rootwrap|grep Location|awk '{print $2}') \ + && sed -i "/rootwrap_logger.setLevel/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/handler.setFormatter/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/os.path.basename/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py RUN mv /calicoctl /usr/local/bin/calicoctl \ && chmod 0754 /usr/local/bin/calicoctl \ diff --git a/images/calicoctl-utility/Dockerfile.ubuntu_xenial b/images/calicoctl-utility/Dockerfile.ubuntu_xenial old mode 100755 new mode 100644 index e8b7fd36..14755abe --- a/images/calicoctl-utility/Dockerfile.ubuntu_xenial +++ b/images/calicoctl-utility/Dockerfile.ubuntu_xenial @@ -24,15 +24,19 @@ RUN set -xe \ && apt-get update \ && apt-get install -y --no-install-recommends \ bash \ + locales \ moreutils \ sudo \ - rsyslog \ - python-oslo.rootwrap \ python3-oslo.rootwrap \ socat \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* +RUN sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py + COPY --from=stage_calicoctl /calicoctl /usr/local/bin/calicoctl RUN set -xe \ diff --git a/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.alpine b/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.alpine index d21cd588..76fa88a4 100644 --- a/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.alpine +++ b/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.alpine @@ -1,11 +1,11 @@ ARG DOCKER_REGISTRY=quay.io ARG CALICOQ_IMAGE_PREFIX=tigera/calicoq -ARG CALICOQ_VERSION=v2.3.1 +ARG CALICOQ_VERSION=v2.5.1 ARG CALICOQ_IMAGE="${DOCKER_REGISTRY}/${CALICOQ_IMAGE_PREFIX}:${CALICOQ_VERSION}" ARG CALICOCTL_IMAGE_PREFIX=tigera/calicoctl -ARG CALICOCTL_VERSION=v2.3.1 +ARG CALICOCTL_VERSION=v2.5.1 ARG CALICOCTL_IMAGE="${DOCKER_REGISTRY}/${CALICOCTL_IMAGE_PREFIX}:${CALICOCTL_VERSION}" @@ -13,8 +13,8 @@ FROM ${CALICOQ_IMAGE} AS stage_calicoq FROM ${CALICOCTL_IMAGE} -ARG CALICOQ_VERSION=v2.3.1 -ARG CALICOCTL_VERSION=v2.3.1 +ARG CALICOQ_VERSION=v2.5.1 +ARG CALICOCTL_VERSION=v2.5.1 LABEL org.opencontainers.image.authors='Openstack-Helm Authors' \ org.opencontainers.image.url='https://opendev.org/airship/porthole/src/branch/master/Dockerfiles/calicoctl-utility' \ @@ -32,10 +32,16 @@ RUN set -xe \ && touch /var/lib/dpkg/status \ && apk update \ && apk add --update \ - python python-dev py-pip build-base \ - sudo vim screen rsyslog \ + python3 python3-dev py3-pip build-base \ + sudo screen \ wget curl socat \ - && pip install oslo.rootwrap + && pip3 install oslo.rootwrap + +RUN PYTHON_LOCATION=$(pip3 show oslo.rootwrap|grep Location|awk '{print $2}') \ + && sed -i "/rootwrap_logger.setLevel/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/handler.setFormatter/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/os.path.basename/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py COPY --from=stage_calicoq /calicoq /usr/local/bin/calicoq diff --git a/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_xenial b/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_xenial old mode 100755 new mode 100644 index bed610bd..f2f9f375 --- a/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_xenial +++ b/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_xenial @@ -1,10 +1,10 @@ ARG FROM=docker.io/ubuntu:xenial ARG DOCKER_REGISTRY=quay.io ARG CALICOCTL_IMAGE_PREFIX=tigera/calicoctl -ARG CALICOCTL_VERSION=v2.3.1 +ARG CALICOCTL_VERSION=v2.5.1 ARG CALICOCTL_IMAGE="${DOCKER_REGISTRY}/${CALICOCTL_IMAGE_PREFIX}:${CALICOCTL_VERSION}" ARG CALICOQ_IMAGE_PREFIX=tigera/calicoq -ARG CALICOQ_VERSION=v2.3.1 +ARG CALICOQ_VERSION=v2.5.1 ARG CALICOQ_IMAGE="${DOCKER_REGISTRY}/${CALICOQ_IMAGE_PREFIX}:${CALICOQ_VERSION}" FROM ${CALICOCTL_IMAGE} as stage_calicoctl @@ -30,15 +30,19 @@ RUN set -xe \ && apt-get update \ && apt-get install -y --no-install-recommends \ bash \ + locales \ moreutils \ sudo \ - rsyslog \ - python-oslo.rootwrap \ python3-oslo.rootwrap \ socat \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* +RUN sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py + COPY --from=stage_calicoctl /calicoctl /usr/local/bin/calicoctl COPY --from=stage_calicoq /calicoq /usr/local/bin/calicoq