airship/porthole
Code Issues Proposed changes

Add support for k8s datastore, allow access to new calico resources

Browse Source 
Also move files related changes to Dockerfiles, change bootstrap
command in order to avoid duplicated pod log entries, updated
k8s resources API versions to be compatible with k8s 1.16, change
rootwrap filters so that 'get' command would allow querying details
about individual resources, switch to python3

Change-Id: I35fe104064b070b510ee2f1b5a4d3c709f1ab94c
This commit is contained in:
Alexander Vlasov 2019-11-05 17:01:29 -06:00
parent 9a3d182d22
commit b6392c5069
15 changed files with 167 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
charts/calicoctl-utility/templates/_functions.tpl Normal file
View File

@ -0,0 +1,24 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "calico.etcd.tls" -}}
{{- if or (or .Values.endpoints.etcd.auth.client.tls.crt .Values.endpoints.etcd.auth.client.tls.ca) .Values.endpoints.etcd.auth.client.tls.key -}}
{{- $_ := required "Must specify all or none of etcd_crt, etcd_ca, etcd_key" .Values.endpoints.etcd.auth.client.tls.crt -}}
{{- $_ := required "Must specify all or none of etcd_crt, etcd_ca, etcd_key" .Values.endpoints.etcd.auth.client.tls.ca -}}
{{- $_ := required "Must specify all or none of etcd_crt, etcd_ca, etcd_key" .Values.endpoints.etcd.auth.client.tls.key -}}
true
{{- end -}}
{{- end -}}

3
charts/calicoctl-utility/templates/bin/_bootstrap.sh.tpl
View File

@ -15,5 +15,4 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
sudo /tmp/override-oslo-rootwrap-logging.sh
exec sudo socat -d -v -s -t0 -T0 -u UNIX-RECV:/dev/log,reuseaddr stdout
exec sudo socat -d -s -t0 -T0 -u UNIX-RECV:/dev/log,reuseaddr stdout

4
charts/calicoctl-utility/templates/bin/_calicoctl-utility-rootwrap.tpl
View File

@ -1,4 +1,4 @@
#!/usr/bin/python
#!/usr/bin/python3
{{/*
Copyright 2019 The Openstack-Helm Authors.
@ -41,7 +41,7 @@ except IOError:
exit()
formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' +
os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s')
os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s\n')
handler.setFormatter(formatter)
root = logging.getLogger()
root.setLevel(log_level)

26
charts/calicoctl-utility/templates/bin/_override-oslo-rootwrap-logging.sh.tpl
View File

@ -1,26 +0,0 @@
#!/bin/sh
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{/*
These lines will disable extra handler, extra formatter, extra level to the
root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl.
These lines will get rid of duplicate logs, generated because of the formatter
attached by oslo-rootwrap.
*/}}
sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py
sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py
sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py
sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py

3
charts/calicoctl-utility/templates/bin/_utilscli-sudo.tpl
View File

@ -14,8 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
nobody ALL=SETENV: NOPASSWD: /tmp/override-oslo-rootwrap-logging.sh, \
/usr/bin/socat -d -v -s -t0 -T0 -u \
nobody ALL=SETENV: NOPASSWD: /usr/bin/socat -d -s -t0 -T0 -u \
UNIX-RECV\:/dev/log\,reuseaddr stdout, \
/usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf *, \
/usr/local/bin/calicoctl version

2
charts/calicoctl-utility/templates/bin/_version_check.sh.tpl
View File

@ -36,4 +36,4 @@ function check_version() {
fi
}
sudo calicoctl version | check_version
utilscli calicoctl version | check_version

3
charts/calicoctl-utility/templates/configmap-bin.yaml
View File

@ -25,9 +25,6 @@ data:
image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
override-oslo-rootwrap-logging.sh: |
{{ tuple "bin/_override-oslo-rootwrap-logging.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
calicoctl-utility-rootwrap: |
{{ tuple "bin/_calicoctl-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

6
charts/calicoctl-utility/templates/configmap-etc.yaml
View File

@ -33,11 +33,15 @@ data:
kind: CalicoAPIConfig
metadata:
spec:
datastoreType: "etcdv3"
datastoreType: {{ .Values.datastore }}
{{- if eq .Values.datastore "etcdv3" }}
etcdEndpoints: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
{{- if include "calico.etcd.tls" . }}
etcdCertFile: {{ .Values.endpoints.etcd.auth.client.path.crt }}
etcdCACertFile: {{ .Values.endpoints.etcd.auth.client.path.ca }}
etcdKeyFile: {{ .Values.endpoints.etcd.auth.client.path.key }}
{{- end }}
{{- end }}
---
apiVersion: v1

47
charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml
View File

@ -20,7 +20,7 @@ limitations under the License.
{{- $serviceAccountName := printf "%s" $envAll.Release.Name }}
{{ tuple $envAll "utility" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
@ -34,7 +34,7 @@ subjects:
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ $serviceAccountName }}
rules:
@ -43,18 +43,49 @@ rules:
- namespaces
- nodes
- pods
- pods/status
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups: ["extensions"]
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups: ["networking.k8s.io"]
resources:
- networkpolicies
verbs:
- watch
- list
- get
- apiGroups: ["crd.projectcalico.org"]
resources:
- globalfelixconfigs
- bgppeers
- globalbgpconfigs
- bgpconfigurations
- clusterinformations
- licensekeys
- felixconfigurations
- globalthreatfeeds
- globalnetworkpolicies
- globalnetworksets
- networksets
- remoteclusterconfigurations
- ippools
- networkpolicies
- tiers
- profiles
- clusterinformations
- hostendpoints
- ipamblocks
- blockaffinities
- ipamhandles
verbs:
- get
- list
@ -98,7 +129,7 @@ spec:
{{- if .Values.conf.utility.match_versions }}
- /usr/local/bin/version_check.sh
{{- else }}
- sudo
- utilscli
- calicoctl
- version
{{- end }}
@ -107,12 +138,13 @@ spec:
livenessProbe:
exec:
command:
- sudo
- utilscli
- calicoctl
- version
initialDelaySeconds: 5
periodSeconds: 15
volumeMounts:
{{- if and .Values.manifests.secret_certificates (include "calico.etcd.tls" .) }}
- name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }}
subPath: tls.ca
@ -125,6 +157,7 @@ spec:
mountPath: {{ .Values.endpoints.etcd.auth.client.path.key }}
subPath: tls.key
readOnly: true
{{- end }}
- name: calicoctl-utility-bin-utilscli
mountPath: /usr/local/bin/version_check.sh
subPath: version_check.sh
@ -141,10 +174,6 @@ spec:
mountPath: /usr/local/bin/calicoctl-utility-rootwrap
subPath: calicoctl-utility-rootwrap
readOnly: true
- name: calicoctl-utility-bin
mountPath: /tmp/override-oslo-rootwrap-logging.sh
subPath: override-oslo-rootwrap-logging.sh
readOnly: true
- name: calicoctl-utility-sudoers
mountPath: /etc/sudoers.d/nobody
subPath: utilscli-sudo
@ -178,8 +207,10 @@ spec:
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "etc" }}
defaultMode: 0400
{{- if .Values.manifests.secret_certificates }}
- name: calico-etcd-secrets
secret:
secretName: calico-etcd-secrets
defaultMode: 0400
{{- end }}
{{- end }}

3
charts/calicoctl-utility/templates/secret-etcd-certificates.yaml
View File

@ -17,14 +17,15 @@ limitations under the License.
{{- if .Values.manifests.secret_certificates }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: calico-etcd-secrets
data:
{{- if include "calico.etcd.tls" . }}
tls.ca: {{ .Values.endpoints.etcd.auth.client.tls.ca | default "" | b64enc }}
tls.key: {{ .Values.endpoints.etcd.auth.client.tls.key | default "" | b64enc }}
tls.crt: {{ .Values.endpoints.etcd.auth.client.tls.crt | default "" | b64enc }}
{{- end }}
{{- end }}

88
charts/calicoctl-utility/values.yaml
View File

@ -82,6 +82,10 @@ dependencies:
- endpoint: internal
service: calico-etcd
# which data store is used by calico
# allowed values are: 'kubernetes' or 'etcdv3'
datastore: kubernetes
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
@ -132,38 +136,58 @@ conf:
# Below are example command filters. access can be restricted by creating a user with less privileges
# calicoctl_00: CommandFilter, calicoctl, root
# Below are examples of RegExpFilter. This will restrict available calicoctl options even with admin user
calicoctl_help_00: RegExpFilter, calicoctl, root, calicoctl, -h
calicoctl_help_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, -h
calicoctl_get_01: RegExpFilter, calicoctl, root, calicoctl, get, .*
calicoctl_get_03: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*
calicoctl_get_04: RegExpFilter, calicoctl, root, calicoctl, get, .*, --export
calicoctl_get_05: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, --export
calicoctl_get_06: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .*
calicoctl_get_07: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .*
calicoctl_get_08: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export
calicoctl_get_09: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export
calicoctl_get_10: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*
calicoctl_get_11: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*
calicoctl_get_12: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --export
calicoctl_get_13: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --export
calicoctl_get_14: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*
calicoctl_get_15: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*
calicoctl_get_16: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export
calicoctl_get_17: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export
calicoctl_get_18: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces
calicoctl_get_19: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces
calicoctl_get_20: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export
calicoctl_get_21: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export
calicoctl_help_000: RegExpFilter, calicoctl, root, calicoctl, -h
calicoctl_help_010: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, -h
calicoctl_get_010: RegExpFilter, calicoctl, root, calicoctl, get, .*
calicoctl_get_020: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*
calicoctl_get_030: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*
calicoctl_get_040: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*
calicoctl_get_050: RegExpFilter, calicoctl, root, calicoctl, get, .*, --export
calicoctl_get_060: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, --export
calicoctl_get_070: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, --export
calicoctl_get_080: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, --export
calicoctl_get_090: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .*
calicoctl_get_100: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .*
calicoctl_get_110: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .*
calicoctl_get_120: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .*
calicoctl_get_130: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export
calicoctl_get_140: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export
calicoctl_get_150: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export
calicoctl_get_160: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename|-o|--output|-n|--namespace, .*, --export
calicoctl_get_170: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*
calicoctl_get_180: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*
calicoctl_get_190: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*
calicoctl_get_200: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*
calicoctl_get_210: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --export
calicoctl_get_220: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, --export
calicoctl_get_230: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --export
calicoctl_get_240: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, --export
calicoctl_get_250: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*
calicoctl_get_260: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*
calicoctl_get_270: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*
calicoctl_get_280: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*
calicoctl_get_290: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export
calicoctl_get_300: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export
calicoctl_get_310: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export
calicoctl_get_320: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, -n|--namespace, .*, --export
calicoctl_get_330: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces
calicoctl_get_340: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces
calicoctl_get_350: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces
calicoctl_get_360: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces
calicoctl_get_370: RegExpFilter, calicoctl, root, calicoctl, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export
calicoctl_get_380: RegExpFilter, calicoctl, root, calicoctl, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export
calicoctl_get_390: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export
calicoctl_get_400: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, get, .*, .*, -f|--filename, .*, -o|--output .*, --all-namespaces, --export
calicoctl_convert_00: RegExpFilter, calicoctl, root, calicoctl, convert, -h
calicoctl_convert_01: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .*
calicoctl_convert_02: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .*
calicoctl_convert_03: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .*, --ignore-validation
calicoctl_convert_04: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .*, --ignore-validation
calicoctl_convert_05: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .*
calicoctl_convert_06: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .*
calicoctl_convert_07: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation
calicoctl_convert_08: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation
calicoctl_convert_000: RegExpFilter, calicoctl, root, calicoctl, convert, -h
calicoctl_convert_010: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .*
calicoctl_convert_020: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .*
calicoctl_convert_030: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename|-o|--output, .*, --ignore-validation
calicoctl_convert_040: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename|-o|--output, .*, --ignore-validation
calicoctl_convert_050: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .*
calicoctl_convert_060: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .*
calicoctl_convert_070: RegExpFilter, calicoctl, root, calicoctl, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation
calicoctl_convert_080: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, convert, -f|--filename, .*, -o|--output, .*, --ignore-validation
calicoctl_ipam_00: RegExpFilter, calicoctl, root, calicoctl, ipam, show, --ip=.*
calicoctl_ipam_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, ipam, show, --ip=.*
@ -207,4 +231,4 @@ manifests:
configmap_etc_client: true
deployment_calicoctl_utility: true
job_image_repo_sync: false
secret_certificates: true
secret_certificates: false

12
images/calicoctl-utility/Dockerfile.alpine
View File

@ -21,10 +21,16 @@ RUN export DEBIAN_FRONTEND=noninteractive \
&& touch /var/lib/dpkg/status \
&& apk update \
&& apk add --update \
python python-dev py-pip build-base \
sudo screen rsyslog \
python3 python3-dev py3-pip build-base \
sudo screen \
wget curl socat \
&& pip install oslo.rootwrap
&& pip3 install oslo.rootwrap
RUN PYTHON_LOCATION=$(pip3 show oslo.rootwrap|grep Location|awk '{print $2}') \
&& sed -i "/rootwrap_logger.setLevel/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
&& sed -i "/handler.setFormatter/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
&& sed -i "/os.path.basename/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
&& sed -i "/rootwrap_logger.addHandler/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py
RUN mv /calicoctl /usr/local/bin/calicoctl \
&& chmod 0754 /usr/local/bin/calicoctl \

8
images/calicoctl-utility/Dockerfile.ubuntu_xenial Executable file → Normal file
View File

@ -24,15 +24,19 @@ RUN set -xe \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
bash \
locales \
moreutils \
sudo \
rsyslog \
python-oslo.rootwrap \
python3-oslo.rootwrap \
socat \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/*
RUN sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \
&& sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \
&& sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \
&& sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py
COPY --from=stage_calicoctl /calicoctl /usr/local/bin/calicoctl
RUN set -xe \

20
images/calicoctl-utility/Dockerfile_calicoq_calicoctl.alpine
View File

@ -1,11 +1,11 @@
ARG DOCKER_REGISTRY=quay.io
ARG CALICOQ_IMAGE_PREFIX=tigera/calicoq
ARG CALICOQ_VERSION=v2.3.1
ARG CALICOQ_VERSION=v2.5.1
ARG CALICOQ_IMAGE="${DOCKER_REGISTRY}/${CALICOQ_IMAGE_PREFIX}:${CALICOQ_VERSION}"
ARG CALICOCTL_IMAGE_PREFIX=tigera/calicoctl
ARG CALICOCTL_VERSION=v2.3.1
ARG CALICOCTL_VERSION=v2.5.1
ARG CALICOCTL_IMAGE="${DOCKER_REGISTRY}/${CALICOCTL_IMAGE_PREFIX}:${CALICOCTL_VERSION}"
@ -13,8 +13,8 @@ FROM ${CALICOQ_IMAGE} AS stage_calicoq
FROM ${CALICOCTL_IMAGE}
ARG CALICOQ_VERSION=v2.3.1
ARG CALICOCTL_VERSION=v2.3.1
ARG CALICOQ_VERSION=v2.5.1
ARG CALICOCTL_VERSION=v2.5.1
LABEL org.opencontainers.image.authors='Openstack-Helm Authors' \
org.opencontainers.image.url='https://opendev.org/airship/porthole/src/branch/master/Dockerfiles/calicoctl-utility' \
@ -32,10 +32,16 @@ RUN set -xe \
&& touch /var/lib/dpkg/status \
&& apk update \
&& apk add --update \
python python-dev py-pip build-base \
sudo vim screen rsyslog \
python3 python3-dev py3-pip build-base \
sudo screen \
wget curl socat \
&& pip install oslo.rootwrap
&& pip3 install oslo.rootwrap
RUN PYTHON_LOCATION=$(pip3 show oslo.rootwrap|grep Location|awk '{print $2}') \
&& sed -i "/rootwrap_logger.setLevel/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
&& sed -i "/handler.setFormatter/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
&& sed -i "/os.path.basename/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
&& sed -i "/rootwrap_logger.addHandler/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py
COPY --from=stage_calicoq /calicoq /usr/local/bin/calicoq

12
images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_xenial Executable file → Normal file
View File

@ -1,10 +1,10 @@
ARG FROM=docker.io/ubuntu:xenial
ARG DOCKER_REGISTRY=quay.io
ARG CALICOCTL_IMAGE_PREFIX=tigera/calicoctl
ARG CALICOCTL_VERSION=v2.3.1
ARG CALICOCTL_VERSION=v2.5.1
ARG CALICOCTL_IMAGE="${DOCKER_REGISTRY}/${CALICOCTL_IMAGE_PREFIX}:${CALICOCTL_VERSION}"
ARG CALICOQ_IMAGE_PREFIX=tigera/calicoq
ARG CALICOQ_VERSION=v2.3.1
ARG CALICOQ_VERSION=v2.5.1
ARG CALICOQ_IMAGE="${DOCKER_REGISTRY}/${CALICOQ_IMAGE_PREFIX}:${CALICOQ_VERSION}"
FROM ${CALICOCTL_IMAGE} as stage_calicoctl
@ -30,15 +30,19 @@ RUN set -xe \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
bash \
locales \
moreutils \
sudo \
rsyslog \
python-oslo.rootwrap \
python3-oslo.rootwrap \
socat \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/*
RUN sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \
&& sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \
&& sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py \
&& sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python3/dist-packages/oslo_rootwrap/wrapper.py
COPY --from=stage_calicoctl /calicoctl /usr/local/bin/calicoctl
COPY --from=stage_calicoq /calicoq /usr/local/bin/calicoq