From b6392c506953ba9e643e5392a11057be94e1a510 Mon Sep 17 00:00:00 2001 From: Alexander Vlasov Date: Tue, 5 Nov 2019 17:01:29 -0600 Subject: [PATCH] Add support for k8s datastore, allow access to new calico resources Also move files related changes to Dockerfiles, change bootstrap command in order to avoid duplicated pod log entries, updated k8s resources API versions to be compatible with k8s 1.16, change rootwrap filters so that 'get' command would allow querying details about individual resources, switch to python3 Change-Id: I35fe104064b070b510ee2f1b5a4d3c709f1ab94c --- .../templates/_functions.tpl | 24 +++++ .../templates/bin/_bootstrap.sh.tpl | 3 +- .../bin/_calicoctl-utility-rootwrap.tpl | 4 +- .../_override-oslo-rootwrap-logging.sh.tpl | 26 ------ .../templates/bin/_utilscli-sudo.tpl | 3 +- .../templates/bin/_version_check.sh.tpl | 2 +- .../templates/configmap-bin.yaml | 3 - .../templates/configmap-etc.yaml | 6 +- .../deployment-calicoctl-utility.yaml | 47 ++++++++-- .../templates/secret-etcd-certificates.yaml | 3 +- charts/calicoctl-utility/values.yaml | 88 ++++++++++++------- images/calicoctl-utility/Dockerfile.alpine | 12 ++- .../Dockerfile.ubuntu_xenial | 8 +- .../Dockerfile_calicoq_calicoctl.alpine | 20 +++-- ...Dockerfile_calicoq_calicoctl.ubuntu_xenial | 12 ++- 15 files changed, 167 insertions(+), 94 deletions(-) create mode 100644 charts/calicoctl-utility/templates/_functions.tpl delete mode 100644 charts/calicoctl-utility/templates/bin/_override-oslo-rootwrap-logging.sh.tpl mode change 100755 => 100644 images/calicoctl-utility/Dockerfile.ubuntu_xenial mode change 100755 => 100644 images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_xenial diff --git a/charts/calicoctl-utility/templates/_functions.tpl b/charts/calicoctl-utility/templates/_functions.tpl new file mode 100644 index 00000000..2203ea77 --- /dev/null +++ b/charts/calicoctl-utility/templates/_functions.tpl @@ -0,0 +1,24 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "calico.etcd.tls" -}} +{{- if or (or .Values.endpoints.etcd.auth.client.tls.crt .Values.endpoints.etcd.auth.client.tls.ca) .Values.endpoints.etcd.auth.client.tls.key -}} +{{- $_ := required "Must specify all or none of etcd_crt, etcd_ca, etcd_key" .Values.endpoints.etcd.auth.client.tls.crt -}} +{{- $_ := required "Must specify all or none of etcd_crt, etcd_ca, etcd_key" .Values.endpoints.etcd.auth.client.tls.ca -}} +{{- $_ := required "Must specify all or none of etcd_crt, etcd_ca, etcd_key" .Values.endpoints.etcd.auth.client.tls.key -}} +true +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/calicoctl-utility/templates/bin/_bootstrap.sh.tpl b/charts/calicoctl-utility/templates/bin/_bootstrap.sh.tpl index 4fc85940..3985fa94 100644 --- a/charts/calicoctl-utility/templates/bin/_bootstrap.sh.tpl +++ b/charts/calicoctl-utility/templates/bin/_bootstrap.sh.tpl @@ -15,5 +15,4 @@ See the License for the specific language governing permissions and limitations under the License. */}} -sudo /tmp/override-oslo-rootwrap-logging.sh -exec sudo socat -d -v -s -t0 -T0 -u UNIX-RECV:/dev/log,reuseaddr stdout +exec sudo socat -d -s -t0 -T0 -u UNIX-RECV:/dev/log,reuseaddr stdout diff --git a/charts/calicoctl-utility/templates/bin/_calicoctl-utility-rootwrap.tpl b/charts/calicoctl-utility/templates/bin/_calicoctl-utility-rootwrap.tpl index d1d3c7b0..d93269c8 100644 --- a/charts/calicoctl-utility/templates/bin/_calicoctl-utility-rootwrap.tpl +++ b/charts/calicoctl-utility/templates/bin/_calicoctl-utility-rootwrap.tpl @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/python3 {{/* Copyright 2019 The Openstack-Helm Authors. @@ -41,7 +41,7 @@ except IOError: exit() formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' + - os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s') + os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s\n') handler.setFormatter(formatter) root = logging.getLogger() root.setLevel(log_level) diff --git a/charts/calicoctl-utility/templates/bin/_override-oslo-rootwrap-logging.sh.tpl b/charts/calicoctl-utility/templates/bin/_override-oslo-rootwrap-logging.sh.tpl deleted file mode 100644 index ffb7a12f..00000000 --- a/charts/calicoctl-utility/templates/bin/_override-oslo-rootwrap-logging.sh.tpl +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -{{/* -Copyright 2019 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} -{{/* -These lines will disable extra handler, extra formatter, extra level to the -root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl. -These lines will get rid of duplicate logs, generated because of the formatter -attached by oslo-rootwrap. -*/}} -sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py -sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py -sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py -sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py \ No newline at end of file diff --git a/charts/calicoctl-utility/templates/bin/_utilscli-sudo.tpl b/charts/calicoctl-utility/templates/bin/_utilscli-sudo.tpl index 37c18de2..bfe5bf74 100644 --- a/charts/calicoctl-utility/templates/bin/_utilscli-sudo.tpl +++ b/charts/calicoctl-utility/templates/bin/_utilscli-sudo.tpl @@ -14,8 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -nobody ALL=SETENV: NOPASSWD: /tmp/override-oslo-rootwrap-logging.sh, \ - /usr/bin/socat -d -v -s -t0 -T0 -u \ +nobody ALL=SETENV: NOPASSWD: /usr/bin/socat -d -s -t0 -T0 -u \ UNIX-RECV\:/dev/log\,reuseaddr stdout, \ /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf *, \ /usr/local/bin/calicoctl version diff --git a/charts/calicoctl-utility/templates/bin/_version_check.sh.tpl b/charts/calicoctl-utility/templates/bin/_version_check.sh.tpl index fb12c52a..285f10c0 100644 --- a/charts/calicoctl-utility/templates/bin/_version_check.sh.tpl +++ b/charts/calicoctl-utility/templates/bin/_version_check.sh.tpl @@ -36,4 +36,4 @@ function check_version() { fi } -sudo calicoctl version | check_version +utilscli calicoctl version | check_version diff --git a/charts/calicoctl-utility/templates/configmap-bin.yaml b/charts/calicoctl-utility/templates/configmap-bin.yaml index b0e8a9af..43295b71 100644 --- a/charts/calicoctl-utility/templates/configmap-bin.yaml +++ b/charts/calicoctl-utility/templates/configmap-bin.yaml @@ -25,9 +25,6 @@ data: image-repo-sync.sh: | {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} - override-oslo-rootwrap-logging.sh: | -{{ tuple "bin/_override-oslo-rootwrap-logging.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - calicoctl-utility-rootwrap: | {{ tuple "bin/_calicoctl-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/charts/calicoctl-utility/templates/configmap-etc.yaml b/charts/calicoctl-utility/templates/configmap-etc.yaml index 044926a9..18dea1e8 100644 --- a/charts/calicoctl-utility/templates/configmap-etc.yaml +++ b/charts/calicoctl-utility/templates/configmap-etc.yaml @@ -33,11 +33,15 @@ data: kind: CalicoAPIConfig metadata: spec: - datastoreType: "etcdv3" + datastoreType: {{ .Values.datastore }} +{{- if eq .Values.datastore "etcdv3" }} etcdEndpoints: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- if include "calico.etcd.tls" . }} etcdCertFile: {{ .Values.endpoints.etcd.auth.client.path.crt }} etcdCACertFile: {{ .Values.endpoints.etcd.auth.client.path.ca }} etcdKeyFile: {{ .Values.endpoints.etcd.auth.client.path.key }} +{{- end }} +{{- end }} --- apiVersion: v1 diff --git a/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml b/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml index 85db5a4b..1e21c97a 100644 --- a/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml +++ b/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml @@ -20,7 +20,7 @@ limitations under the License. {{- $serviceAccountName := printf "%s" $envAll.Release.Name }} {{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ $serviceAccountName }} @@ -34,7 +34,7 @@ subjects: namespace: {{ .Release.Namespace }} --- kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ $serviceAccountName }} rules: @@ -43,18 +43,49 @@ rules: - namespaces - nodes - pods + - pods/status + - serviceaccounts verbs: - get - list + - watch + - apiGroups: ["extensions"] + resources: + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + - get - apiGroups: ["crd.projectcalico.org"] resources: + - globalfelixconfigs - bgppeers + - globalbgpconfigs - bgpconfigurations - clusterinformations + - licensekeys - felixconfigurations + - globalthreatfeeds - globalnetworkpolicies + - globalnetworksets + - networksets + - remoteclusterconfigurations - ippools - networkpolicies + - tiers + - profiles + - clusterinformations + - hostendpoints + - ipamblocks + - blockaffinities + - ipamhandles verbs: - get - list @@ -98,7 +129,7 @@ spec: {{- if .Values.conf.utility.match_versions }} - /usr/local/bin/version_check.sh {{- else }} - - sudo + - utilscli - calicoctl - version {{- end }} @@ -107,12 +138,13 @@ spec: livenessProbe: exec: command: - - sudo + - utilscli - calicoctl - version initialDelaySeconds: 5 periodSeconds: 15 volumeMounts: +{{- if and .Values.manifests.secret_certificates (include "calico.etcd.tls" .) }} - name: calico-etcd-secrets mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} subPath: tls.ca @@ -125,6 +157,7 @@ spec: mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }} subPath: tls.key readOnly: true +{{- end }} - name: calicoctl-utility-bin-utilscli mountPath: /usr/local/bin/version_check.sh subPath: version_check.sh @@ -141,10 +174,6 @@ spec: mountPath: /usr/local/bin/calicoctl-utility-rootwrap subPath: calicoctl-utility-rootwrap readOnly: true - - name: calicoctl-utility-bin - mountPath: /tmp/override-oslo-rootwrap-logging.sh - subPath: override-oslo-rootwrap-logging.sh - readOnly: true - name: calicoctl-utility-sudoers mountPath: /etc/sudoers.d/nobody subPath: utilscli-sudo @@ -178,8 +207,10 @@ spec: configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" }} defaultMode: 0400 +{{- if .Values.manifests.secret_certificates }} - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets defaultMode: 0400 {{- end }} +{{- end }} diff --git a/charts/calicoctl-utility/templates/secret-etcd-certificates.yaml b/charts/calicoctl-utility/templates/secret-etcd-certificates.yaml index df631c06..0dc776f0 100644 --- a/charts/calicoctl-utility/templates/secret-etcd-certificates.yaml +++ b/charts/calicoctl-utility/templates/secret-etcd-certificates.yaml @@ -17,14 +17,15 @@ limitations under the License. {{- if .Values.manifests.secret_certificates }} {{- $envAll := . }} --- - apiVersion: v1 kind: Secret type: kubernetes.io/tls metadata: name: calico-etcd-secrets data: +{{- if include "calico.etcd.tls" . }} tls.ca: {{ .Values.endpoints.etcd.auth.client.tls.ca | default "" | b64enc }} tls.key: {{ .Values.endpoints.etcd.auth.client.tls.key | default "" | b64enc }} tls.crt: {{ .Values.endpoints.etcd.auth.client.tls.crt | default "" | b64enc }} {{- end }} +{{- end }} diff --git a/charts/calicoctl-utility/values.yaml b/charts/calicoctl-utility/values.yaml index 07946d7f..2b249d22 100644 --- a/charts/calicoctl-utility/values.yaml +++ b/charts/calicoctl-utility/values.yaml @@ -82,6 +82,10 @@ dependencies: - endpoint: internal service: calico-etcd +# which data store is used by calico +# allowed values are: 'kubernetes' or 'etcdv3' +datastore: kubernetes + endpoints: cluster_domain_suffix: cluster.local local_image_registry: @@ -132,38 +136,58 @@ conf: # Below are example command filters. access can be restricted by creating a user with less privileges # calicoctl_00: CommandFilter, calicoctl, root # Below are examples of RegExpFilter. This will restrict available calicoctl options even with admin user - calicoctl_help_00: RegExpFilter, calicoctl, root, calicoctl, -h - calicoctl_help_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, -h - calicoctl_get_01: RegExpFilter, calicoctl, root, calicoctl, get, .* - calicoctl_get_03: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .* - calicoctl_get_04: RegExpFilter, calicoctl, root, calicoctl, get, .*, --export - calicoctl_get_05: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, --export - calicoctl_get_06: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .* - calicoctl_get_07: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .* - calicoctl_get_08: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export - calicoctl_get_09: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export - calicoctl_get_10: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .* - calicoctl_get_11: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .* - calicoctl_get_12: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --export - calicoctl_get_13: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --export - calicoctl_get_14: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* - calicoctl_get_15: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* - calicoctl_get_16: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export - calicoctl_get_17: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export - calicoctl_get_18: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces - calicoctl_get_19: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces - calicoctl_get_20: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export - calicoctl_get_21: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export + calicoctl_help_000: RegExpFilter, calicoctl, root, calicoctl, -h + calicoctl_help_010: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, -h + calicoctl_get_010: RegExpFilter, calicoctl, root, calicoctl, get, .* + calicoctl_get_020: RegExpFilter, calicoctl, root, calicoctl, get, .*, .* + calicoctl_get_030: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .* + calicoctl_get_040: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .* + calicoctl_get_050: RegExpFilter, calicoctl, root, calicoctl, get, .*, --export + calicoctl_get_060: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, --export + calicoctl_get_070: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, --export + calicoctl_get_080: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, --export + calicoctl_get_090: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .* + calicoctl_get_100: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .* + calicoctl_get_110: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .* + calicoctl_get_120: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .* + calicoctl_get_130: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export + calicoctl_get_140: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export + calicoctl_get_150: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export + calicoctl_get_160: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export + calicoctl_get_170: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .* + calicoctl_get_180: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .* + calicoctl_get_190: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .* + calicoctl_get_200: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .* + calicoctl_get_210: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --export + calicoctl_get_220: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, --export + calicoctl_get_230: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --export + calicoctl_get_240: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, --export + calicoctl_get_250: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* + calicoctl_get_260: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* + calicoctl_get_270: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* + calicoctl_get_280: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .* + calicoctl_get_290: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export + calicoctl_get_300: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export + calicoctl_get_310: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export + calicoctl_get_320: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export + calicoctl_get_330: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces + calicoctl_get_340: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces + calicoctl_get_350: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces + calicoctl_get_360: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces + calicoctl_get_370: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export + calicoctl_get_380: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export + calicoctl_get_390: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export + calicoctl_get_400: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export - calicoctl_convert_00: RegExpFilter, calicoctl, root, calicoctl, convert, -h - calicoctl_convert_01: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .* - calicoctl_convert_02: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .* - calicoctl_convert_03: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .*, --ignore-validation - calicoctl_convert_04: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .*, --ignore-validation - calicoctl_convert_05: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .* - calicoctl_convert_06: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .* - calicoctl_convert_07: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation - calicoctl_convert_08: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation + calicoctl_convert_000: RegExpFilter, calicoctl, root, calicoctl, convert, -h + calicoctl_convert_010: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .* + calicoctl_convert_020: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .* + calicoctl_convert_030: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .*, --ignore-validation + calicoctl_convert_040: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .*, --ignore-validation + calicoctl_convert_050: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .* + calicoctl_convert_060: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .* + calicoctl_convert_070: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation + calicoctl_convert_080: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation calicoctl_ipam_00: RegExpFilter, calicoctl, root, calicoctl, ipam, show, --ip=.* calicoctl_ipam_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, ipam, show, --ip=.* @@ -207,4 +231,4 @@ manifests: configmap_etc_client: true deployment_calicoctl_utility: true job_image_repo_sync: false - secret_certificates: true + secret_certificates: false diff --git a/images/calicoctl-utility/Dockerfile.alpine b/images/calicoctl-utility/Dockerfile.alpine index e3bd739e..5f52703d 100644 --- a/images/calicoctl-utility/Dockerfile.alpine +++ b/images/calicoctl-utility/Dockerfile.alpine @@ -21,10 +21,16 @@ RUN export DEBIAN_FRONTEND=noninteractive \ && touch /var/lib/dpkg/status \ && apk update \ && apk add --update \ - python python-dev py-pip build-base \ - sudo screen rsyslog \ + python3 python3-dev py3-pip build-base \ + sudo screen \ wget curl socat \ - && pip install oslo.rootwrap + && pip3 install oslo.rootwrap + +RUN PYTHON_LOCATION=$(pip3 show oslo.rootwrap|grep Location|awk '{print $2}') \ + && sed -i "/rootwrap_logger.setLevel/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/handler.setFormatter/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/os.path.basename/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py RUN mv /calicoctl /usr/local/bin/calicoctl \ && chmod 0754 /usr/local/bin/calicoctl \ diff --git a/images/calicoctl-utility/Dockerfile.ubuntu_xenial b/images/calicoctl-utility/Dockerfile.ubuntu_xenial old mode 100755 new mode 100644 index e8b7fd36..14755abe --- a/images/calicoctl-utility/Dockerfile.ubuntu_xenial +++ b/images/calicoctl-utility/Dockerfile.ubuntu_xenial @@ -24,15 +24,19 @@ RUN set -xe \ && apt-get update \ && apt-get install -y --no-install-recommends \ bash \ + locales \ moreutils \ sudo \ - rsyslog \ - python-oslo.rootwrap \ python3-oslo.rootwrap \ socat \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* +RUN sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py + COPY --from=stage_calicoctl /calicoctl /usr/local/bin/calicoctl RUN set -xe \ diff --git a/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.alpine b/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.alpine index d21cd588..76fa88a4 100644 --- a/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.alpine +++ b/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.alpine @@ -1,11 +1,11 @@ ARG DOCKER_REGISTRY=quay.io ARG CALICOQ_IMAGE_PREFIX=tigera/calicoq -ARG CALICOQ_VERSION=v2.3.1 +ARG CALICOQ_VERSION=v2.5.1 ARG CALICOQ_IMAGE="${DOCKER_REGISTRY}/${CALICOQ_IMAGE_PREFIX}:${CALICOQ_VERSION}" ARG CALICOCTL_IMAGE_PREFIX=tigera/calicoctl -ARG CALICOCTL_VERSION=v2.3.1 +ARG CALICOCTL_VERSION=v2.5.1 ARG CALICOCTL_IMAGE="${DOCKER_REGISTRY}/${CALICOCTL_IMAGE_PREFIX}:${CALICOCTL_VERSION}" @@ -13,8 +13,8 @@ FROM ${CALICOQ_IMAGE} AS stage_calicoq FROM ${CALICOCTL_IMAGE} -ARG CALICOQ_VERSION=v2.3.1 -ARG CALICOCTL_VERSION=v2.3.1 +ARG CALICOQ_VERSION=v2.5.1 +ARG CALICOCTL_VERSION=v2.5.1 LABEL org.opencontainers.image.authors='Openstack-Helm Authors' \ org.opencontainers.image.url='https://opendev.org/airship/porthole/src/branch/master/Dockerfiles/calicoctl-utility' \ @@ -32,10 +32,16 @@ RUN set -xe \ && touch /var/lib/dpkg/status \ && apk update \ && apk add --update \ - python python-dev py-pip build-base \ - sudo vim screen rsyslog \ + python3 python3-dev py3-pip build-base \ + sudo screen \ wget curl socat \ - && pip install oslo.rootwrap + && pip3 install oslo.rootwrap + +RUN PYTHON_LOCATION=$(pip3 show oslo.rootwrap|grep Location|awk '{print $2}') \ + && sed -i "/rootwrap_logger.setLevel/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/handler.setFormatter/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/os.path.basename/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \ + && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py COPY --from=stage_calicoq /calicoq /usr/local/bin/calicoq diff --git a/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_xenial b/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_xenial old mode 100755 new mode 100644 index bed610bd..f2f9f375 --- a/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_xenial +++ b/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_xenial @@ -1,10 +1,10 @@ ARG FROM=docker.io/ubuntu:xenial ARG DOCKER_REGISTRY=quay.io ARG CALICOCTL_IMAGE_PREFIX=tigera/calicoctl -ARG CALICOCTL_VERSION=v2.3.1 +ARG CALICOCTL_VERSION=v2.5.1 ARG CALICOCTL_IMAGE="${DOCKER_REGISTRY}/${CALICOCTL_IMAGE_PREFIX}:${CALICOCTL_VERSION}" ARG CALICOQ_IMAGE_PREFIX=tigera/calicoq -ARG CALICOQ_VERSION=v2.3.1 +ARG CALICOQ_VERSION=v2.5.1 ARG CALICOQ_IMAGE="${DOCKER_REGISTRY}/${CALICOQ_IMAGE_PREFIX}:${CALICOQ_VERSION}" FROM ${CALICOCTL_IMAGE} as stage_calicoctl @@ -30,15 +30,19 @@ RUN set -xe \ && apt-get update \ && apt-get install -y --no-install-recommends \ bash \ + locales \ moreutils \ sudo \ - rsyslog \ - python-oslo.rootwrap \ python3-oslo.rootwrap \ socat \ && apt-get clean -y \ && rm -rf /var/lib/apt/lists/* +RUN sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \ + && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py + COPY --from=stage_calicoctl /calicoctl /usr/local/bin/calicoctl COPY --from=stage_calicoq /calicoq /usr/local/bin/calicoq