3824cae821
+ update K8s patch version to v1.28.5 + update percona-toolkit patch version to v3.5.5 + switch to secure https postgres repository A bunch of redundant third-party packages are installed inside the images, many with security vulnerabilities. Implementing best practices should solve both problems. Change-Id: I2105fe0b6058b64ae49d2977da5f1e8bad976991
56 lines
1.9 KiB
Docker
56 lines
1.9 KiB
Docker
ARG FROM=docker.io/ubuntu:bionic
|
|
FROM ${FROM}
|
|
|
|
LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' \
|
|
org.opencontainers.image.url='https://airshipit.org' \
|
|
org.opencontainers.image.documentation='https://opendev.org/airship/porthole' \
|
|
org.opencontainers.image.source='https://opendev.org/airship/porthole' \
|
|
org.opencontainers.image.vendor='The Airship Authors' \
|
|
org.opencontainers.image.licenses='Apache-2.0'
|
|
|
|
ARG KUBE_VERSION=1.24.6
|
|
|
|
ARG DEBIAN_FRONTEND=noninteractive
|
|
|
|
RUN set -xe \
|
|
&& sed -i '/nobody/d' /etc/passwd \
|
|
&& echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd \
|
|
&& apt-get update \
|
|
&& apt-get install -y apt-transport-https \
|
|
bash \
|
|
ca-certificates \
|
|
openvswitch-switch \
|
|
curl \
|
|
gnupg \
|
|
hexedit \
|
|
iperf \
|
|
jq \
|
|
moreutils \
|
|
radosgw \
|
|
rsyslog \
|
|
s3cmd \
|
|
rsync \
|
|
sudo \
|
|
wget \
|
|
xz-utils \
|
|
python3.6 \
|
|
python3-pip \
|
|
&& pip3 install --upgrade pip \
|
|
&& pip3 install \
|
|
oslo.rootwrap==6.2.0 \
|
|
&& apt-get remove --purge -y wget apt-transport-https \
|
|
&& apt-get autoremove -y \
|
|
&& apt-get clean \
|
|
&& curl --silent -L https://dl.k8s.io/v${KUBE_VERSION}/kubernetes-client-linux-amd64.tar.gz \
|
|
| tar -zC /usr/bin --strip-components=3 --wildcards -x "*/*/*/kubectl" \
|
|
&& rm -rf \
|
|
/var/lib/apt/lists/*
|
|
|
|
RUN PYTHON_LOCATION=$(pip3 show oslo.rootwrap|grep Location|awk '{print $2}') \
|
|
&& sed -i "/rootwrap_logger.setLevel/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
|
|
&& sed -i "/handler.setFormatter/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
|
|
&& sed -i "/os.path.basename/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
|
|
&& sed -i "/rootwrap_logger.addHandler/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py
|
|
|
|
CMD ["/bin/bash"]
|