27bab79096
Obtain binaries from encrypted source when we're unable to check for their signatures. This should provide better security than downloading the files over HTTP but does not replace signature verification or file integrity check. Related-Bug: #1791674 Change-Id: I7d6eed9ab14ceb130ea4f5f03d893ddaaa0a7acd
78 lines
2.4 KiB
Django/Jinja
78 lines
2.4 KiB
Django/Jinja
FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
|
|
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
|
|
|
|
{% block helm_repository_version %}
|
|
ENV helm_version=2.3.0 \
|
|
helm_port=8879 \
|
|
helm_address=0.0.0.0
|
|
{% endblock %}
|
|
|
|
{% block helm_repository_header %}{% endblock %}
|
|
|
|
{% set os_client_config='/usr/lib/python2.7/site-packages/os_client_config/defaults.json' %}
|
|
|
|
{% import "macros.j2" as macros with context %}
|
|
|
|
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
|
|
{% set helm_repo_packages = [
|
|
'git',
|
|
'jq',
|
|
'python2-pip'
|
|
] %}
|
|
|
|
{% elif base_distro in ['debian', 'ubuntu'] %}
|
|
{% set helm_repo_packages = [
|
|
'git',
|
|
'jq',
|
|
'python-pip'
|
|
] %}
|
|
|
|
{% if base_distro == 'debian' %}
|
|
{% set os_client_config='/usr/local/lib/python2.7/dist-packages/os_client_config/defaults.json' %}
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
{{ macros.install_packages(helm_repo_packages | customizable("packages")) }}
|
|
|
|
{% block helm_repository_source_install_python_pip %}
|
|
RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
|
|
&& python get-pip.py \
|
|
&& rm get-pip.py
|
|
{% endblock %}
|
|
|
|
{% set helm_repository_pip_packages = [
|
|
'pyyaml'
|
|
] %}
|
|
|
|
RUN {{ macros.install_pip(helm_repository_pip_packages | customizable("pip_packages"), constraints = false) }}
|
|
|
|
{% if base_arch == 'x86_64' %}
|
|
ENV helm_arch=amd64
|
|
{% elif base_arch == 'aarch64' %}
|
|
ENV helm_arch=arm64
|
|
{% else %}
|
|
ENV helm_arch={{ base_arch }}
|
|
{% endif %}
|
|
|
|
{% block helm_repository_install_kubernetes_helm %}
|
|
# TODO(mandre) check for file integrity instead of downloading from an HTTPS source
|
|
RUN curl -Lo /tmp/helm-v${helm_version}-linux-${helm_arch}.tar.gz https://storage.googleapis.com/kubernetes-helm/helm-v${helm_version}-linux-${helm_arch}.tar.gz \
|
|
&& sudo tar --strip-components 1 -C /usr/bin linux-${helm_arch}/helm -zxvf /tmp/helm-v${helm_version}-linux-${helm_arch}.tar.gz \
|
|
&& sudo chmod 755 /usr/bin/helm \
|
|
&& rm /tmp/helm-v${helm_version}-linux-${helm_arch}.tar.gz
|
|
{% endblock %}
|
|
|
|
RUN useradd --user-group --create-home --home-dir /home/helm helm \
|
|
&& sudo mkdir /helm-repo \
|
|
&& sudo chmod 755 /helm-repo \
|
|
&& sudo chown -R helm: /helm-repo/
|
|
|
|
USER helm
|
|
|
|
RUN helm init --client-only
|
|
|
|
CMD helm serve --address $helm_address:$helm_port --repo-path /helm-repo
|
|
|
|
{% block helm_repository_footer %}{% endblock %}
|
|
{% block footer %}{% endblock %}
|