tighten up Dockerfile

Dockerfile

@@ -16,8 +16,8 @@ FROM python:3.6
 
 ENV CNI_VERSION=v0.5.2 \
     HELM_VERSION=v2.4.2 \
-    KUBECTL_VERSION=v1.6.2 \
-    KUBELET_VERSION=v1.6.2
+    KUBECTL_VERSION=v1.6.4 \
+    KUBELET_VERSION=v1.6.4
 
 VOLUME /etc/promenade
 VOLUME /target
@@ -28,30 +28,23 @@ WORKDIR /promenade
 RUN set -ex \
     && export BIN_DIR=/assets/usr/local/bin \
     && mkdir -p $BIN_DIR \
-    && curl -sLo $BIN_DIR/kubelet http://storage.googleapis.com/kubernetes-release/release/$KUBELET_VERSION/bin/linux/amd64/kubelet \
-    && curl -sLo $BIN_DIR/kubectl http://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl \
+    && curl -sLo $BIN_DIR/kubelet https://storage.googleapis.com/kubernetes-release/release/$KUBELET_VERSION/bin/linux/amd64/kubelet \
+    && curl -sLo $BIN_DIR/kubectl https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl \
     && chmod 555 $BIN_DIR/kubelet \
     && chmod 555 $BIN_DIR/kubectl \
     && mkdir -p /assets/opt/cni/bin \
     && curl -sL https://github.com/containernetworking/cni/releases/download/$CNI_VERSION/cni-amd64-$CNI_VERSION.tgz | tar -zxv -C /assets/opt/cni/bin/ \
     && curl -sL https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv -C /tmp linux-amd64/helm \
     && mv /tmp/linux-amd64/helm $BIN_DIR/helm \
-    && chmod 555 $BIN_DIR/helm
-
-RUN set -ex \
+    && chmod 555 $BIN_DIR/helm \
+    && curl -sLo /usr/local/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 \
+    && chmod 555 /usr/local/bin/cfssl \
     && apt-get update -qq \
     && apt-get install --no-install-recommends -y \
         libyaml-dev \
-        openssl \
         rsync \
     && rm -rf /var/lib/apt/lists/*
 
-RUN set -ex \
-    && curl -sLo /usr/local/bin/cfssl https://pkg.cfssl.org/R1.1/cfssl_linux-amd64 \
-    && chmod 555 /usr/local/bin/cfssl \
-    && curl -sLo /usr/local/bin/cfssljson https://pkg.cfssl.org/R1.1/cfssljson_linux-amd64 \
-    && chmod 555 /usr/local/bin/cfssljson
-
 COPY requirements-frozen.txt /promenade
 RUN pip install --no-cache-dir -r requirements-frozen.txt
 

promenade/templates/common/etc/kubernetes/kubelet/manifests/kube-proxy.yaml

@@ -12,7 +12,7 @@ metadata:
 spec:
   containers:
     - name: kube-proxy
-      image: gcr.io/google_containers/hyperkube-amd64:v1.6.2
+      image: gcr.io/google_containers/hyperkube-amd64:v1.6.4
       command:
         - /hyperkube
         - proxy

promenade/templates/genesis/etc/kubernetes/kubelet/manifests/asset-loader.yaml

@@ -12,7 +12,7 @@ spec:
   hostNetwork: true
   containers:
     - name: loader
-      image: gcr.io/google_containers/hyperkube-amd64:v1.6.2
+      image: gcr.io/google_containers/hyperkube-amd64:v1.6.4
       command:
         - /bin/bash
         - -c

promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-apiserver.yaml

@@ -13,7 +13,7 @@ spec:
   hostNetwork: true
   containers:
     - name: kube-apiserver
-      image: gcr.io/google_containers/hyperkube-amd64:v1.6.2
+      image: gcr.io/google_containers/hyperkube-amd64:v1.6.4
       command:
         - /hyperkube
         - apiserver

promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-controller-manager.yaml

@@ -14,7 +14,7 @@ spec:
   dnsPolicy: Default # Don't use cluster DNS.
   containers:
     - name: kube-controller-manager
-      image: gcr.io/google_containers/hyperkube-amd64:v1.6.2
+      image: gcr.io/google_containers/hyperkube-amd64:v1.6.4
       command:
       - ./hyperkube
       - controller-manager

promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-scheduler.yaml

@@ -13,7 +13,7 @@ spec:
   hostNetwork: true
   containers:
     - name: kube-scheduler
-      image: gcr.io/google_containers/hyperkube-amd64:v1.6.2
+      image: gcr.io/google_containers/hyperkube-amd64:v1.6.4
       command:
       - ./hyperkube
       - scheduler