public_git
/
bitnami-containers
mirror of https://github.com/bitnami/containers.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bitnami/cilium] Release 1.15.7-debian-12-r3 (#69513) 

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot 2024-07-23 18:16:09 +02:00 committed by GitHub
parent 83e0398d5f
commit 5cfe85707b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 99 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bitnami/cilium/1/debian-12/Dockerfile
View File

@ -7,11 +7,11 @@ ARG TARGETARCH
LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2024-07-23T09:09:04Z" \ org.opencontainers.image.created="2024-07-23T15:19:15Z" \
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \ org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cilium/README.md" \ org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cilium/README.md" \
org.opencontainers.image.licenses="Apache-2.0" \ org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.ref.name="1.15.7-debian-12-r2" \ org.opencontainers.image.ref.name="1.15.7-debian-12-r3" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cilium" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cilium" \
org.opencontainers.image.title="cilium" \ org.opencontainers.image.title="cilium" \
org.opencontainers.image.vendor="Broadcom, Inc." \ org.opencontainers.image.vendor="Broadcom, Inc." \
@ -43,12 +43,10 @@ RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \
tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \ tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' ; \
rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \ rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
done done
RUN apt-get update && apt-get upgrade -y && \ RUN apt-get autoremove --purge -y curl && \
apt-get update && apt-get upgrade -y && \
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
RUN chmod g+rwX /opt/bitnami RUN chmod g+rwX /opt/bitnami
RUN curl -sLO "https://raw.githubusercontent.com/kubernetes-sigs/iptables-wrappers/e139a115350974aac8a82ec4b815d2845f86997e/iptables-wrapper-installer.sh" && \
chmod +x iptables-wrapper-installer.sh && \
./iptables-wrapper-installer.sh --no-sanity-check
COPY rootfs / COPY rootfs /
RUN /opt/bitnami/scripts/cilium/postunpack.sh RUN /opt/bitnami/scripts/cilium/postunpack.sh

22
bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium/postunpack.sh
View File

@ -27,3 +27,25 @@ done
# https://github.com/cilium/cilium/blob/main/pkg/defaults/defaults.go # https://github.com/cilium/cilium/blob/main/pkg/defaults/defaults.go
ln -s "$CILIUM_LIB_DIR" "/var/lib/cilium" ln -s "$CILIUM_LIB_DIR" "/var/lib/cilium"
ln -s "$CILIUM_RUN_DIR" "/var/run/cilium" ln -s "$CILIUM_RUN_DIR" "/var/run/cilium"
# Point the iptables binaries to iptables-wrapper
if [ -x /usr/sbin/alternatives ]; then
# Fedora/SUSE style alternatives
alternatives \
--install /usr/sbin/iptables iptables /usr/sbin/iptables-wrapper 100 \
--slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-wrapper \
--slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-wrapper \
--slave /usr/sbin/ip6tables iptables /usr/sbin/iptables-wrapper \
--slave /usr/sbin/ip6tables-restore iptables-restore /usr/sbin/iptables-wrapper \
--slave /usr/sbin/ip6tables-save iptables-save /usr/sbin/iptables-wrapper
elif [ -x /usr/sbin/update-alternatives ] || [ -x /usr/bin/update-alternatives ]; then
# Debian style alternatives
update-alternatives \
--install /usr/sbin/iptables iptables /usr/sbin/iptables-wrapper 100 \
--slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-wrapper \
--slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-wrapper
update-alternatives \
--install /usr/sbin/ip6tables ip6tables /usr/sbin/iptables-wrapper 100 \
--slave /usr/sbin/ip6tables-restore ip6tables-restore /usr/sbin/iptables-wrapper \
--slave /usr/sbin/ip6tables-save ip6tables-save /usr/sbin/iptables-wrapper
fi

73
bitnami/cilium/1/debian-12/rootfs/usr/sbin/iptables-wrapper Executable file
View File

@ -0,0 +1,73 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# Copyright 2020 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This is a variant of the original Kubernetes iptables-wrapper below:
# https://github.com/kubernetes-sigs/iptables-wrappers/blob/v2/iptables-wrapper-installer.sh
# Adapted to use bash interpreter and make it compatible with read-only
# root filesystems.
set -o errexit
set -o nounset
set -o pipefail
# In kubernetes 1.17 and later, kubelet will have created at least
# one chain in the "mangle" table (either "KUBE-IPTABLES-HINT" or
# "KUBE-KUBELET-CANARY"), so check that first, against
# iptables-nft, because we can check that more efficiently and
# it's more common these days.
nft_kubelet_rules=$( (iptables-nft-save -t mangle || true; ip6tables-nft-save -t mangle || true) 2>/dev/null | grep -cE '^:(KUBE-IPTABLES-HINT|KUBE-KUBELET-CANARY)')
if [ "${nft_kubelet_rules}" -ne 0 ]; then
mode=nft
else
# Check for kubernetes 1.17-or-later with iptables-legacy. We
# can't pass "-t mangle" to iptables-legacy-save because it would
# cause the kernel to create that table if it didn't already
# exist, which we don't want. So we have to grab all the rules
legacy_kubelet_rules=$( (iptables-legacy-save || true; ip6tables-legacy-save || true) 2>/dev/null | grep -cE '^:(KUBE-IPTABLES-HINT|KUBE-KUBELET-CANARY)')
if [ "${legacy_kubelet_rules}" -ne 0 ]; then
mode=legacy
else
# With older kubernetes releases there may not be any _specific_
# rules we can look for, but we assume that some non-containerized process
# (possibly kubelet) will have created _some_ iptables rules.
num_legacy_lines=$( (iptables-legacy-save || true; ip6tables-legacy-save || true) 2>/dev/null | grep -c '^-')
num_nft_lines=$( (iptables-nft-save || true; ip6tables-nft-save || true) 2>/dev/null | grep -c '^-')
if [ "${num_legacy_lines}" -gt "${num_nft_lines}" ]; then
mode=legacy
else
mode=nft
fi
fi
fi
# Update links to point to the selected binaries
if [ -x /usr/sbin/alternatives ]; then
# Fedora/SUSE style alternatives
alternatives --set iptables "/usr/sbin/iptables-${mode}" > /dev/null
elif [ -x /usr/sbin/update-alternatives ] || [ -x /usr/bin/update-alternatives ]; then
# Debian style alternatives
update-alternatives --set iptables "/usr/sbin/iptables-${mode}" > /dev/null
update-alternatives --set ip6tables "/usr/sbin/ip6tables-${mode}" > /dev/null
else
# fake it, though this will probably also fail
exec "/usr/sbin/xtables-${mode}-multi" "$0" "$@"
fi
# Now re-exec the original command with the newly-selected alternative
exec "$0" "$@"