From 2fcd497ea8d4fec9aafc38af2118c7ba782f868b Mon Sep 17 00:00:00 2001 From: chjmil Date: Thu, 5 Dec 2024 17:32:57 -0500 Subject: [PATCH 1/5] feat: (PSKD-881) update skopeo installation Signed-off-by: chjmil --- Dockerfile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2be237f8..7fea94de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,6 +15,12 @@ WORKDIR /build RUN curl -sLO https://dl.k8s.io/release/v$kubectl_version/bin/linux/amd64/kubectl && chmod 755 ./kubectl +FROM golang:1.23 AS golang +ARG SKOPEO_VERSION=release-1.16 +RUN apt-get update && apt-get install --no-install-recommends -y libgpgme-dev libassuan-dev libbtrfs-dev pkg-config \ + && git clone https://github.com/containers/skopeo.git -b release-1.16 \ + && DISABLE_DOCS=1 make -C skopeo/ + # Installation FROM baseline ARG helm_version=3.16.2 @@ -22,7 +28,7 @@ ARG aws_cli_version=2.17.58 ARG gcp_cli_version=496.0.0-0 # Add extra packages -RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git jq ssh sshpass skopeo rsync \ +RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git jq ssh sshpass rsync libgpgme-dev \ && rm -f /etc/ssh/ssh_host_rsa_key && rm -f /etc/ssh/ssh_host_ecdsa_key && rm -f /etc/ssh/ssh_host_ed25519_key \ && curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && chmod 755 get-helm-3 \ && ./get-helm-3 --version v$helm_version --no-sudo \ @@ -40,7 +46,10 @@ RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git j && apt-get clean \ && rm -rf /var/lib/apt/lists/* + + COPY --from=tool_builder /build/kubectl /usr/local/bin/kubectl +COPY --from=golang /go/skopeo/bin/skopeo /usr/local/bin/skopeo WORKDIR /viya4-deployment/ COPY . /viya4-deployment/ From f7a3fee5586c3ed8034b49d75a8a5fd6cbb8f049 Mon Sep 17 00:00:00 2001 From: chjmil Date: Thu, 5 Dec 2024 19:46:21 -0500 Subject: [PATCH 2/5] feat: (PSKD-881) Update skopeo installation Signed-off-by: chjmil --- Dockerfile | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7fea94de..188e70d5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,11 +15,12 @@ WORKDIR /build RUN curl -sLO https://dl.k8s.io/release/v$kubectl_version/bin/linux/amd64/kubectl && chmod 755 ./kubectl -FROM golang:1.23 AS golang -ARG SKOPEO_VERSION=release-1.16 -RUN apt-get update && apt-get install --no-install-recommends -y libgpgme-dev libassuan-dev libbtrfs-dev pkg-config \ - && git clone https://github.com/containers/skopeo.git -b release-1.16 \ - && DISABLE_DOCS=1 make -C skopeo/ +# Build Skopeo from source +# FROM golang:1.23 AS golang +# ARG SKOPEO_VERSION=release-1.16 +# RUN apt-get update && apt-get install --no-install-recommends -y libgpgme-dev libassuan-dev libbtrfs-dev pkg-config \ +# && git clone https://github.com/containers/skopeo.git -b release-1.16 \ +# && DISABLE_DOCS=1 make -C skopeo/ # Installation FROM baseline @@ -43,13 +44,16 @@ RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git j && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - \ && apt-get update && apt-get install --no-install-recommends -y google-cloud-cli:amd64=${gcp_cli_version} \ && apt-get install --no-install-recommends -y google-cloud-sdk-gke-gcloud-auth-plugin \ + # Skopeo + && echo "deb [signed-by=/usr/share/keyrings/ubuntu-archive-keyring.gpg] http://archive.ubuntu.com/ubuntu noble noble-updates main universe" | tee -a /etc/apt/sources.list.d/ubuntu-noble.list \ + && apt-get update && apt-get install -y skopeo -t noble \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* COPY --from=tool_builder /build/kubectl /usr/local/bin/kubectl -COPY --from=golang /go/skopeo/bin/skopeo /usr/local/bin/skopeo +# COPY --from=golang /go/skopeo/bin/skopeo /usr/local/bin/skopeo WORKDIR /viya4-deployment/ COPY . /viya4-deployment/ From 64d698fd93270a9d39748ed37e369d2e7b50ed6e Mon Sep 17 00:00:00 2001 From: chjmil Date: Fri, 6 Dec 2024 17:12:49 -0500 Subject: [PATCH 3/5] feat: (PSKD-988) add --insecure-policy for skopeo copy Signed-off-by: chjmil --- Dockerfile | 20 ++++++++----------- .../tasks/orchestration_tooling.yaml | 2 +- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 188e70d5..bcd8e6cf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,12 +15,12 @@ WORKDIR /build RUN curl -sLO https://dl.k8s.io/release/v$kubectl_version/bin/linux/amd64/kubectl && chmod 755 ./kubectl -# Build Skopeo from source -# FROM golang:1.23 AS golang -# ARG SKOPEO_VERSION=release-1.16 -# RUN apt-get update && apt-get install --no-install-recommends -y libgpgme-dev libassuan-dev libbtrfs-dev pkg-config \ -# && git clone https://github.com/containers/skopeo.git -b release-1.16 \ -# && DISABLE_DOCS=1 make -C skopeo/ +# Build Skopeo from source since the version in the apt repository is outdated +FROM golang:alpine3.20 AS golang +ARG SKOPEO_VERSION=release-1.16 +RUN apk update && apk add git build-base containers-common bash btrfs-progs-dev glib-dev go go-md2man gpgme-dev libselinux-dev linux-headers lvm2-dev ostree-dev \ + && git clone https://github.com/containers/skopeo.git -b $SKOPEO_VERSION \ + && DISABLE_DOCS=1 make -C skopeo bin/skopeo.linux.386 # Installation FROM baseline @@ -29,7 +29,7 @@ ARG aws_cli_version=2.17.58 ARG gcp_cli_version=496.0.0-0 # Add extra packages -RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git jq ssh sshpass rsync libgpgme-dev \ +RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git jq ssh sshpass rsync \ && rm -f /etc/ssh/ssh_host_rsa_key && rm -f /etc/ssh/ssh_host_ecdsa_key && rm -f /etc/ssh/ssh_host_ed25519_key \ && curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && chmod 755 get-helm-3 \ && ./get-helm-3 --version v$helm_version --no-sudo \ @@ -44,16 +44,12 @@ RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git j && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - \ && apt-get update && apt-get install --no-install-recommends -y google-cloud-cli:amd64=${gcp_cli_version} \ && apt-get install --no-install-recommends -y google-cloud-sdk-gke-gcloud-auth-plugin \ - # Skopeo - && echo "deb [signed-by=/usr/share/keyrings/ubuntu-archive-keyring.gpg] http://archive.ubuntu.com/ubuntu noble noble-updates main universe" | tee -a /etc/apt/sources.list.d/ubuntu-noble.list \ - && apt-get update && apt-get install -y skopeo -t noble \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* - COPY --from=tool_builder /build/kubectl /usr/local/bin/kubectl -# COPY --from=golang /go/skopeo/bin/skopeo /usr/local/bin/skopeo +COPY --from=golang /go/skopeo/bin/skopeo.linux.386 /usr/local/bin/skopeo WORKDIR /viya4-deployment/ COPY . /viya4-deployment/ diff --git a/roles/orchestration-common/tasks/orchestration_tooling.yaml b/roles/orchestration-common/tasks/orchestration_tooling.yaml index 785429c1..fd966511 100644 --- a/roles/orchestration-common/tasks/orchestration_tooling.yaml +++ b/roles/orchestration-common/tasks/orchestration_tooling.yaml @@ -75,7 +75,7 @@ # if the parsed creds contain symbols. This is expected and required to avoid Jinja2 templating issues. - name: Orchestration tooling - Download orchestration tooling image command: | - skopeo copy docker://{{ V4_CFG_CR_HOST }}/{{ ORCHESTRATION_IMAGE }} oci-archive:{{ ORCHESTRATION_TOOLING_ARCHIVE }} --src-creds {{ ORCHESTRATION_CR_USER | string }}:{{ ORCHESTRATION_CR_PASSWORD | string }} + skopeo copy docker://{{ V4_CFG_CR_HOST }}/{{ ORCHESTRATION_IMAGE }} oci-archive:{{ ORCHESTRATION_TOOLING_ARCHIVE }} --src-creds {{ ORCHESTRATION_CR_USER | string }}:{{ ORCHESTRATION_CR_PASSWORD | string }} --insecure-policy when: - deployment_tooling == "docker" tags: From a472ea423e8a20102149b652bae16a17e3fe1eb0 Mon Sep 17 00:00:00 2001 From: chjmil Date: Mon, 9 Dec 2024 18:51:26 -0500 Subject: [PATCH 4/5] chore: linting fix Signed-off-by: chjmil --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bcd8e6cf..101e5ddf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN curl -sLO https://dl.k8s.io/release/v$kubectl_version/bin/linux/amd64/kubect # Build Skopeo from source since the version in the apt repository is outdated FROM golang:alpine3.20 AS golang ARG SKOPEO_VERSION=release-1.16 -RUN apk update && apk add git build-base containers-common bash btrfs-progs-dev glib-dev go go-md2man gpgme-dev libselinux-dev linux-headers lvm2-dev ostree-dev \ +RUN apk add --no-cache git build-base containers-common bash btrfs-progs-dev glib-dev go go-md2man gpgme-dev libselinux-dev linux-headers lvm2-dev ostree-dev \ && git clone https://github.com/containers/skopeo.git -b $SKOPEO_VERSION \ && DISABLE_DOCS=1 make -C skopeo bin/skopeo.linux.386 From fc274b17d6a8d4e17c9dc9beae4810a664aae744 Mon Sep 17 00:00:00 2001 From: chjmil Date: Mon, 9 Dec 2024 19:07:07 -0500 Subject: [PATCH 5/5] chore: remove extra line Signed-off-by: chjmil --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 101e5ddf..0ae6add6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,7 +47,6 @@ RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git j && apt-get clean \ && rm -rf /var/lib/apt/lists/* - COPY --from=tool_builder /build/kubectl /usr/local/bin/kubectl COPY --from=golang /go/skopeo/bin/skopeo.linux.386 /usr/local/bin/skopeo