public_git
/
helmfile
mirror of https://github.com/helmfile/helmfile.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[Dockerfile] only use image alpine for compilation, add sops & age to pre-built image, remove helm v2 image 

Signed-off-by: Quan TRAN <account@itscaro.me>
This commit is contained in:
Quan TRAN 2022-04-06 10:59:24 +02:00
parent 8fb418e3c9
commit 570a2c22e9
5 changed files with 96 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Dockerfile
View File

@ -1,7 +1,11 @@
FROM golang:1.18-alpine as builder FROM golang:1.18.0-alpine as builder
RUN apk add --no-cache make git RUN apk add --no-cache make git
WORKDIR /workspace/helmfile WORKDIR /workspace/helmfile
COPY go.mod go.sum /workspace/helmfile/
RUN go mod download
COPY . /workspace/helmfile COPY . /workspace/helmfile
RUN make static-linux RUN make static-linux
@ -44,10 +48,24 @@ ENV KUSTOMIZE_SHA256="175938206f23956ec18dac3da0816ea5b5b485a8493a839da278faac82
RUN set -x && \ RUN set -x && \
curl --retry 5 --retry-connrefused -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \ curl --retry 5 --retry-connrefused -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
sha256sum kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | grep ${KUSTOMIZE_SHA256} && \ sha256sum kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | grep ${KUSTOMIZE_SHA256} && \
tar zxf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \ tar zxvf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \ rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
mv kustomize /usr/local/bin/kustomize mv kustomize /usr/local/bin/kustomize
ENV SOPS_VERSION="v3.7.2"
RUN set -x && \
curl --retry 5 --retry-connrefused -LO https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 && \
chmod +x sops-${SOPS_VERSION}.linux.amd64 && \
mv sops-${SOPS_VERSION}.linux.amd64 /usr/local/bin/sops
ENV AGE_VERSION="v1.0.0"
RUN set -x && \
curl --retry 5 --retry-connrefused -LO https://github.com/FiloSottile/age/releases/download/${AGE_VERSION}/age-${AGE_VERSION}-linux-amd64.tar.gz && \
tar zxvf age-${AGE_VERSION}-linux-amd64.tar.gz && \
mv age/age /usr/local/bin/age && \
mv age/age-keygen /usr/local/bin/age-keygen && \
rm -rf age-${AGE_VERSION}-linux-amd64.tar.gz age
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.3.1 && \ RUN helm plugin install https://github.com/databus23/helm-diff --version v3.3.1 && \
helm plugin install https://github.com/jkroepke/helm-secrets --version v3.5.0 && \ helm plugin install https://github.com/jkroepke/helm-secrets --version v3.5.0 && \
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.10.0 && \ helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.10.0 && \

47
Dockerfile.debian
View File

@ -1,14 +1,12 @@
FROM golang:1.17.3 as builder FROM golang:1.18.0-alpine as builder
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
build-essential \
git \
&& rm -rf /var/lib/apt/lists/*
RUN apk add --no-cache make git
WORKDIR /workspace/helmfile WORKDIR /workspace/helmfile
COPY . /workspace/helmfile
COPY go.mod go.sum /workspace/helmfile/
RUN go mod download
COPY . /workspace/helmfile
RUN make static-linux RUN make static-linux
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
@ -17,15 +15,11 @@ FROM debian:stable-slim
LABEL org.opencontainers.image.source https://github.com/helmfile/helmfile LABEL org.opencontainers.image.source https://github.com/helmfile/helmfile
RUN apt-get update \ RUN apt update -qq && \
&& apt-get install -y --no-install-recommends \ apt install --no-install-recommends -y \
ca-certificates \ ca-certificates \
git \ git bash curl jq pip wget && \
bash \ rm -rf /var/lib/apt/lists/*
curl \
jq \
wget \
&& rm -rf /var/lib/apt/lists/*
ARG HELM_VERSION="v3.7.2" ARG HELM_VERSION="v3.7.2"
ARG HELM_SHA256="4ae30e48966aba5f807a4e140dad6736ee1a392940101e4d79ffb4ee86200a9e" ARG HELM_SHA256="4ae30e48966aba5f807a4e140dad6736ee1a392940101e4d79ffb4ee86200a9e"
@ -58,15 +52,32 @@ ENV KUSTOMIZE_SHA256="175938206f23956ec18dac3da0816ea5b5b485a8493a839da278faac82
RUN set -x && \ RUN set -x && \
curl --retry 5 --retry-connrefused -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \ curl --retry 5 --retry-connrefused -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
sha256sum kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | grep ${KUSTOMIZE_SHA256} && \ sha256sum kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | grep ${KUSTOMIZE_SHA256} && \
tar zxf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \ tar zxvf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \ rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
mv kustomize /usr/local/bin/kustomize mv kustomize /usr/local/bin/kustomize
ENV SOPS_VERSION="v3.7.2"
RUN set -x && \
curl --retry 5 --retry-connrefused -LO https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 && \
chmod +x sops-${SOPS_VERSION}.linux.amd64 && \
mv sops-${SOPS_VERSION}.linux.amd64 /usr/local/bin/sops
ENV AGE_VERSION="v1.0.0"
RUN set -x && \
curl --retry 5 --retry-connrefused -LO https://github.com/FiloSottile/age/releases/download/${AGE_VERSION}/age-${AGE_VERSION}-linux-amd64.tar.gz && \
tar zxvf age-${AGE_VERSION}-linux-amd64.tar.gz && \
mv age/age /usr/local/bin/age && \
mv age/age-keygen /usr/local/bin/age-keygen && \
rm -rf age-${AGE_VERSION}-linux-amd64.tar.gz age \
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.3.1 && \ RUN helm plugin install https://github.com/databus23/helm-diff --version v3.3.1 && \
helm plugin install https://github.com/jkroepke/helm-secrets --version v3.5.0 && \ helm plugin install https://github.com/jkroepke/helm-secrets --version v3.5.0 && \
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.10.0 && \ helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.10.0 && \
helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.10.0 helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.10.0
# Allow users other than root to use helm plugins located in root home
RUN chmod 751 /root
COPY --from=builder /workspace/helmfile/dist/helmfile_linux_amd64 /usr/local/bin/helmfile COPY --from=builder /workspace/helmfile/dist/helmfile_linux_amd64 /usr/local/bin/helmfile
CMD ["/usr/local/bin/helmfile"] CMD ["/usr/local/bin/helmfile"]

58
Dockerfile.helm3
View File

@ -1,58 +0,0 @@
FROM golang:1.17.3-alpine3.13 as builder
RUN apk add --no-cache make git
WORKDIR /workspace/helmfile
COPY . /workspace/helmfile
RUN make static-linux
# -----------------------------------------------------------------------------
FROM alpine:3.13
RUN apk add --no-cache ca-certificates git bash curl jq
ARG HELM_VERSION="v3.7.2"
ARG HELM_LOCATION="https://get.helm.sh"
ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz"
ARG HELM_SHA256="4ae30e48966aba5f807a4e140dad6736ee1a392940101e4d79ffb4ee86200a9e"
RUN set -x && \
wget ${HELM_LOCATION}/${HELM_FILENAME} && \
echo Verifying ${HELM_FILENAME}... && \
sha256sum ${HELM_FILENAME} | grep -q "${HELM_SHA256}" && \
echo Extracting ${HELM_FILENAME}... && \
tar zxvf ${HELM_FILENAME} && mv /linux-amd64/helm /usr/local/bin/ && \
rm ${HELM_FILENAME} && rm -r /linux-amd64
# using the install documentation found at https://kubernetes.io/docs/tasks/tools/install-kubectl/
# for now but in a future version of alpine (in the testing version at the time of writing)
# we should be able to install using apk add.
# the sha256 sum can be found at https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256
# maybe a good idea to automate in the future?
ENV KUBECTL_VERSION="v1.18.9"
ENV KUBECTL_SHA256="6a68756a2d3d04b4d0f52b00de6493ba2c1fcb28b32f3e4a0e99b3d9f6c4e8ed"
RUN set -x && \
curl --retry 5 --retry-connrefused -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
sha256sum kubectl | grep ${KUBECTL_SHA256} && \
chmod +x kubectl && \
mv kubectl /usr/local/bin/kubectl
ENV KUSTOMIZE_VERSION="v3.8.8"
ENV KUSTOMIZE_SHA256="175938206f23956ec18dac3da0816ea5b5b485a8493a839da278faac82e3c303"
RUN set -x && \
curl --retry 5 --retry-connrefused -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
sha256sum kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | grep ${KUSTOMIZE_SHA256} && \
tar zxf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
mv kustomize /usr/local/bin/kustomize
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.3.1 && \
helm plugin install https://github.com/jkroepke/helm-secrets --version v3.5.0 && \
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.10.0 && \
helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.10.0
# Allow users other than root to use helm plugins located in root home
RUN chmod 751 /root
COPY --from=builder /workspace/helmfile/dist/helmfile_linux_amd64 /usr/local/bin/helmfile
CMD ["/usr/local/bin/helmfile"]

63
Dockerfile.helm3.ubuntu
View File

@ -1,63 +0,0 @@
FROM golang:1.17.3-buster as builder
RUN apt update -qq && \
apt install --no-install-recommends -y make git && \
rm -rf /var/lib/apt/lists/*
WORKDIR /workspace/helmfile
COPY . /workspace/helmfile
RUN make static-linux
# -----------------------------------------------------------------------------
FROM ubuntu:20.10
RUN apt update -qq && \
apt install --no-install-recommends -y \
ca-certificates \
git bash curl jq pip wget && \
rm -rf /var/lib/apt/lists/*
ARG HELM_VERSION="v3.7.2"
ARG HELM_LOCATION="https://get.helm.sh"
ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz"
ARG HELM_SHA256="4ae30e48966aba5f807a4e140dad6736ee1a392940101e4d79ffb4ee86200a9e"
RUN set -x && \
wget ${HELM_LOCATION}/${HELM_FILENAME} && \
echo Verifying ${HELM_FILENAME}... && \
sha256sum ${HELM_FILENAME} | grep -q "${HELM_SHA256}" && \
echo Extracting ${HELM_FILENAME}... && \
tar zxvf ${HELM_FILENAME} && mv /linux-amd64/helm /usr/local/bin/ && \
rm ${HELM_FILENAME} && rm -r /linux-amd64
# using the install documentation found at https://kubernetes.io/docs/tasks/tools/install-kubectl/
# for now but in a future version of alpine (in the testing version at the time of writing)
# we should be able to install using apk add.
# the sha256 sum can be found at https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256
# maybe a good idea to automate in the future?
ENV KUBECTL_VERSION="v1.18.9"
ENV KUBECTL_SHA256="6a68756a2d3d04b4d0f52b00de6493ba2c1fcb28b32f3e4a0e99b3d9f6c4e8ed"
RUN set -x && \
curl --retry 5 --retry-connrefused -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
sha256sum kubectl | grep ${KUBECTL_SHA256} && \
chmod +x kubectl && \
mv kubectl /usr/local/bin/kubectl
ENV KUSTOMIZE_VERSION="v3.8.8"
ENV KUSTOMIZE_SHA256="175938206f23956ec18dac3da0816ea5b5b485a8493a839da278faac82e3c303"
RUN set -x && \
curl --retry 5 --retry-connrefused -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
sha256sum kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | grep ${KUSTOMIZE_SHA256} && \
tar zxf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
mv kustomize /usr/local/bin/kustomize
RUN pip install sops
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.3.1 && \
helm plugin install https://github.com/jkroepke/helm-secrets --version v3.5.0 && \
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.10.0 && \
helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.10.0
COPY --from=builder /workspace/helmfile/dist/helmfile_linux_amd64 /usr/local/bin/helmfile
CMD ["/usr/local/bin/helmfile"]

68
Dockerfile.ubuntu
View File

@ -1,9 +1,11 @@
FROM golang:1.17.3-buster as builder FROM golang:1.18.0-alpine as builder
RUN apt update -qq && \ RUN apk add --no-cache make git
apt install --no-install-recommends -y make git && \
rm -rf /var/lib/apt/lists/*
WORKDIR /workspace/helmfile WORKDIR /workspace/helmfile
COPY go.mod go.sum /workspace/helmfile/
RUN go mod download
COPY . /workspace/helmfile COPY . /workspace/helmfile
RUN make static-linux RUN make static-linux
@ -11,23 +13,25 @@ RUN make static-linux
FROM ubuntu:20.10 FROM ubuntu:20.10
LABEL org.opencontainers.image.source https://github.com/helmfile/helmfile
RUN apt update -qq && \ RUN apt update -qq && \
apt install --no-install-recommends -y \ apt install --no-install-recommends -y \
ca-certificates \ ca-certificates \
git bash curl jq pip wget && \ git bash curl jq pip wget && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
ARG HELM_VERSION="v2.17.0" ARG HELM_VERSION="v3.7.2"
ARG HELM_LOCATION="https://kubernetes-helm.storage.googleapis.com" ARG HELM_SHA256="4ae30e48966aba5f807a4e140dad6736ee1a392940101e4d79ffb4ee86200a9e"
ARG HELM_LOCATION="https://get.helm.sh"
ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz" ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz"
ARG HELM_SHA256="f3bec3c7c55f6a9eb9e6586b8c503f370af92fe987fcbf741f37707606d70296"
RUN set -x && \ RUN set -x && \
wget ${HELM_LOCATION}/${HELM_FILENAME} && \ wget ${HELM_LOCATION}/${HELM_FILENAME} && \
echo Verifying ${HELM_FILENAME}... && \ echo Verifying ${HELM_FILENAME}... && \
sha256sum ${HELM_FILENAME} | grep -q "${HELM_SHA256}" && \ sha256sum ${HELM_FILENAME} | grep -q "${HELM_SHA256}" && \
echo Extracting ${HELM_FILENAME}... && \ echo Extracting ${HELM_FILENAME}... && \
tar zxvf ${HELM_FILENAME} && mv /linux-amd64/helm /usr/local/bin/ && \ tar zxvf ${HELM_FILENAME} && mv /linux-amd64/helm /usr/local/bin/ && \
mv /linux-amd64/tiller /usr/local/bin/ && \
rm ${HELM_FILENAME} && rm -r /linux-amd64 rm ${HELM_FILENAME} && rm -r /linux-amd64
# using the install documentation found at https://kubernetes.io/docs/tasks/tools/install-kubectl/ # using the install documentation found at https://kubernetes.io/docs/tasks/tools/install-kubectl/
@ -35,23 +39,45 @@ RUN set -x && \
# we should be able to install using apk add. # we should be able to install using apk add.
# the sha256 sum can be found at https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256 # the sha256 sum can be found at https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256
# maybe a good idea to automate in the future? # maybe a good idea to automate in the future?
ENV KUBECTL_VERSION="v1.18.9" ENV KUBECTL_VERSION="v1.21.4"
ENV KUBECTL_SHA256="6a68756a2d3d04b4d0f52b00de6493ba2c1fcb28b32f3e4a0e99b3d9f6c4e8ed" ENV KUBECTL_SHA256="9410572396fb31e49d088f9816beaebad7420c7686697578691be1651d3bf85a"
RUN set -x & \ RUN set -x && \
curl --retry 5 --retry-connrefused -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \ curl --retry 5 --retry-connrefused -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
sha256sum kubectl | grep ${KUBECTL_SHA256} && \ sha256sum kubectl | grep ${KUBECTL_SHA256} && \
chmod +x kubectl && \ chmod +x kubectl && \
mv kubectl /usr/local/bin/kubectl mv kubectl /usr/local/bin/kubectl
RUN pip install sops ENV KUSTOMIZE_VERSION="v3.8.8"
ENV KUSTOMIZE_SHA256="175938206f23956ec18dac3da0816ea5b5b485a8493a839da278faac82e3c303"
RUN set -x && \
curl --retry 5 --retry-connrefused -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
sha256sum kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | grep ${KUSTOMIZE_SHA256} && \
tar zxvf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
mv kustomize /usr/local/bin/kustomize
RUN ["helm", "init", "--client-only", "--stable-repo-url", "https://charts.helm.sh/stable"] ENV SOPS_VERSION="v3.7.2"
RUN helm plugin install https://github.com/databus23/helm-diff && \ RUN set -x && \
helm plugin install https://github.com/futuresimple/helm-secrets && \ curl --retry 5 --retry-connrefused -LO https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 && \
helm plugin install https://github.com/hypnoglow/helm-s3.git && \ chmod +x sops-${SOPS_VERSION}.linux.amd64 && \
helm plugin install https://github.com/aslafy-z/helm-git.git && \ mv sops-${SOPS_VERSION}.linux.amd64 /usr/local/bin/sops \
helm plugin install https://github.com/rimusz/helm-tiller
ENV AGE_VERSION="v1.0.0"
RUN set -x && \
curl --retry 5 --retry-connrefused -LO https://github.com/FiloSottile/age/releases/download/${AGE_VERSION}/age-${AGE_VERSION}-linux-amd64.tar.gz && \
tar zxvf age-${AGE_VERSION}-linux-amd64.tar.gz && \
mv age/age /usr/local/bin/age && \
mv age/age-keygen /usr/local/bin/age-keygen && \
rm -rf age-${AGE_VERSION}-linux-amd64.tar.gz age \
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.3.1 && \
helm plugin install https://github.com/jkroepke/helm-secrets --version v3.5.0 && \
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.10.0 && \
helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.10.0
# Allow users other than root to use helm plugins located in root home
RUN chmod 751 /root
COPY --from=builder /workspace/helmfile/dist/helmfile_linux_amd64 /usr/local/bin/helmfile COPY --from=builder /workspace/helmfile/dist/helmfile_linux_amd64 /usr/local/bin/helmfile
CMD ["/usr/local/bin/helmfile", "--help"] CMD ["/usr/local/bin/helmfile"]