airship/porthole
Code Issues Proposed changes
bfaeab4597
porthole/images/calicoctl-utility/Dockerfile_calicoq_calicoctl.ubuntu_bionic
diwakar thyagaraj 8cd3f18b36 [Security Fix] Upgrade Tigera to 2.6.3 
Deployments suspectible to MitM.

Ref : https://github.com/kubernetes/kubernetes/issues/91507
      https://www.projectcalico.org/security-bulletins/

Change-Id: Ib2b7bd4ffa6e4fa306902f1acacfae968a7895f7
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
2020-06-24 21:28:48 +00:00

60 lines
2.2 KiB
Plaintext
Raw Blame History

ARG FROM=docker.io/ubuntu:bionic
ARG DOCKER_REGISTRY=quay.io
ARG CALICOCTL_IMAGE_PREFIX=tigera/calicoctl
ARG CALICOCTL_VERSION=v2.6.3
ARG CALICOCTL_IMAGE="${DOCKER_REGISTRY}/${CALICOCTL_IMAGE_PREFIX}:${CALICOCTL_VERSION}"
ARG CALICOQ_IMAGE_PREFIX=tigera/calicoq
ARG CALICOQ_VERSION=v2.6.3
ARG CALICOQ_IMAGE="${DOCKER_REGISTRY}/${CALICOQ_IMAGE_PREFIX}:${CALICOQ_VERSION}"
FROM ${CALICOCTL_IMAGE} as stage_calicoctl
FROM ${CALICOQ_IMAGE} as stage_calicoq
FROM ${FROM}
ARG CALICOCTL_VERSION
ARG CALICOQ_VERSION
LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' \
org.opencontainers.image.url='https://airshipit.org' \
org.opencontainers.image.documentation='https://opendev.org/airship/porthole' \
org.opencontainers.image.source='https://opendev.org/airship/porthole' \
org.opencontainers.image.vendor='The Airship Authors' \
org.opencontainers.image.licenses='Apache-2.0' \
io.tigera.calicoctl.version="${CALICOCTL_VERSION}" \
io.tigera.calicoq.version="${CALICOQ_VERSION}"
RUN set -xe \
&& sed -i '/nobody/d' /etc/passwd \
&& echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
bash \
locales \
moreutils \
sudo \
socat \
python3.6 \
python3-pip \
&& pip3 install \
oslo.rootwrap==5.8.0 \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/*
RUN sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
&& sed -i "/handler.setFormatter/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
&& sed -i "/os.path.basename/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
&& sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py
COPY --from=stage_calicoctl /calicoctl /usr/local/bin/calicoctl
COPY --from=stage_calicoq /calicoq /usr/local/bin/calicoq
RUN set -xe \
&& chmod 0754 /usr/local/bin/calicoctl \
&& chmod 0754 /usr/local/bin/calicoq \
&& chmod 0754 /usr/bin/socat
WORKDIR /tmp
CMD ["/bin/bash"]
View Git Blame Copy Permalink