rework dockerfiles (#519)
* fetch checksum when possible * use sha256sum -c to validate checksum * use tar features to extract artifacts * validate installed pkg in-place Signed-off-by: Cyril Jouve <jv.cyril@gmail.com> Signed-off-by: Cyril Jouve <jv.cyril@gmail.com>
This commit is contained in:
Cyril Jouve
GitHub
parent
181c2f4509
commit
60621ff318
|
|
@ -0,0 +1 @@
|
||||||
|
Dockerfile*
|
||||||
55
Dockerfile
55
Dockerfile
|
|
@ -18,58 +18,63 @@ LABEL org.opencontainers.image.source https://github.com/helmfile/helmfile
|
||||||
RUN apk add --no-cache ca-certificates git bash curl jq openssh-client
|
RUN apk add --no-cache ca-certificates git bash curl jq openssh-client
|
||||||
|
|
||||||
ARG HELM_VERSION="v3.10.2"
|
ARG HELM_VERSION="v3.10.2"
|
||||||
|
ENV HELM_VERSION="${HELM_VERSION}"
|
||||||
ARG HELM_SHA256="2315941a13291c277dac9f65e75ead56386440d3907e0540bf157ae70f188347"
|
ARG HELM_SHA256="2315941a13291c277dac9f65e75ead56386440d3907e0540bf157ae70f188347"
|
||||||
ARG HELM_LOCATION="https://get.helm.sh"
|
ARG HELM_LOCATION="https://get.helm.sh"
|
||||||
ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz"
|
ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz"
|
||||||
|
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO ${HELM_LOCATION}/${HELM_FILENAME} && \
|
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||||
echo Verifying ${HELM_FILENAME}... && \
|
echo Verifying ${HELM_FILENAME}... && \
|
||||||
sha256sum ${HELM_FILENAME} | grep -q "${HELM_SHA256}" && \
|
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||||
echo Extracting ${HELM_FILENAME}... && \
|
echo Extracting ${HELM_FILENAME}... && \
|
||||||
tar zxvf ${HELM_FILENAME} && mv /linux-amd64/helm /usr/local/bin/ && \
|
tar xvf "${HELM_FILENAME}" -C /usr/local/bin --strip-components 1 linux-amd64/helm && \
|
||||||
rm ${HELM_FILENAME} && rm -r /linux-amd64
|
rm "${HELM_FILENAME}" && \
|
||||||
|
[ "$(helm version --template '{{.Version}}')" = "${HELM_VERSION}" ]
|
||||||
|
|
||||||
# using the install documentation found at https://kubernetes.io/docs/tasks/tools/install-kubectl/
|
# using the install documentation found at https://kubernetes.io/docs/tasks/tools/install-kubectl/
|
||||||
# for now but in a future version of alpine (in the testing version at the time of writing)
|
# for now but in a future version of alpine (in the testing version at the time of writing)
|
||||||
# we should be able to install using apk add.
|
# we should be able to install using apk add.
|
||||||
# the sha256 sum can be found at https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256
|
|
||||||
# maybe a good idea to automate in the future?
|
|
||||||
ENV KUBECTL_VERSION="v1.25.2"
|
ENV KUBECTL_VERSION="v1.25.2"
|
||||||
ENV KUBECTL_SHA256="8639f2b9c33d38910d706171ce3d25be9b19fc139d0e3d4627f38ce84f9040eb"
|
ARG KUBECTL_SHA256="8639f2b9c33d38910d706171ce3d25be9b19fc139d0e3d4627f38ce84f9040eb"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
|
curl --retry 5 --retry-connrefused -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
|
||||||
sha256sum kubectl | grep ${KUBECTL_SHA256} && \
|
echo "${KUBECTL_SHA256} kubectl" | sha256sum -c && \
|
||||||
chmod +x kubectl && \
|
chmod +x kubectl && \
|
||||||
mv kubectl /usr/local/bin/kubectl
|
mv kubectl /usr/local/bin/kubectl && \
|
||||||
|
[ "$(kubectl version -o json | jq -r '.clientVersion.gitVersion')" = "${KUBECTL_VERSION}" ]
|
||||||
|
|
||||||
ENV KUSTOMIZE_VERSION="v4.5.7"
|
ENV KUSTOMIZE_VERSION="v4.5.7"
|
||||||
ENV KUSTOMIZE_SHA256="701e3c4bfa14e4c520d481fdf7131f902531bfc002cb5062dcf31263a09c70c9"
|
ARG KUSTOMIZE_SHA256="701e3c4bfa14e4c520d481fdf7131f902531bfc002cb5062dcf31263a09c70c9"
|
||||||
|
ARG KUSTOMIZE_FILENAME="kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
|
curl --retry 5 --retry-connrefused -LO "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/${KUSTOMIZE_FILENAME}" && \
|
||||||
sha256sum kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | grep ${KUSTOMIZE_SHA256} && \
|
echo "${KUSTOMIZE_SHA256} ${KUSTOMIZE_FILENAME}" | sha256sum -c && \
|
||||||
tar zxvf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
|
tar xvf "${KUSTOMIZE_FILENAME}" -C /usr/local/bin && \
|
||||||
rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
|
rm "${KUSTOMIZE_FILENAME}" && \
|
||||||
mv kustomize /usr/local/bin/kustomize
|
kustomize version --short | grep "kustomize/${KUSTOMIZE_VERSION}"
|
||||||
|
|
||||||
ENV SOPS_VERSION="v3.7.3"
|
ENV SOPS_VERSION="v3.7.3"
|
||||||
|
ARG SOPS_FILENAME="sops-${SOPS_VERSION}.linux.amd64"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 && \
|
curl --retry 5 --retry-connrefused -LO "https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/${SOPS_FILENAME}" && \
|
||||||
chmod +x sops-${SOPS_VERSION}.linux.amd64 && \
|
chmod +x "${SOPS_FILENAME}" && \
|
||||||
mv sops-${SOPS_VERSION}.linux.amd64 /usr/local/bin/sops
|
mv "${SOPS_FILENAME}" /usr/local/bin/sops && \
|
||||||
|
sops --version | grep -E "^sops ${SOPS_VERSION#v}"
|
||||||
|
|
||||||
ENV AGE_VERSION="v1.0.0"
|
ENV AGE_VERSION="v1.0.0"
|
||||||
|
ARG AGE_FILENAME="age-${AGE_VERSION}-linux-amd64.tar.gz"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO https://github.com/FiloSottile/age/releases/download/${AGE_VERSION}/age-${AGE_VERSION}-linux-amd64.tar.gz && \
|
curl --retry 5 --retry-connrefused -LO "https://github.com/FiloSottile/age/releases/download/${AGE_VERSION}/${AGE_FILENAME}" && \
|
||||||
tar zxvf age-${AGE_VERSION}-linux-amd64.tar.gz && \
|
tar xvf "${AGE_FILENAME}" -C /usr/local/bin --strip-components 1 age/age age/age-keygen && \
|
||||||
mv age/age /usr/local/bin/age && \
|
rm "${AGE_FILENAME}" && \
|
||||||
mv age/age-keygen /usr/local/bin/age-keygen && \
|
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||||
rm -rf age-${AGE_VERSION}-linux-amd64.tar.gz age
|
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||||
|
|
||||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.6.0 && \
|
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.6.0 && \
|
||||||
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.1.1 && \
|
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.1.1 && \
|
||||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.14.0 && \
|
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.14.0 && \
|
||||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.12.0
|
helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.12.0 && \
|
||||||
|
rm -rf /root/.cache/helm/plugins
|
||||||
|
|
||||||
# Allow users other than root to use helm plugins located in root home
|
# Allow users other than root to use helm plugins located in root home
|
||||||
RUN chmod 751 /root
|
RUN chmod 751 /root
|
||||||
|
|
|
||||||
|
|
@ -22,58 +22,63 @@ RUN apt update -qq && \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
ARG HELM_VERSION="v3.10.2"
|
ARG HELM_VERSION="v3.10.2"
|
||||||
|
ENV HELM_VERSION="${HELM_VERSION}"
|
||||||
ARG HELM_SHA256="2315941a13291c277dac9f65e75ead56386440d3907e0540bf157ae70f188347"
|
ARG HELM_SHA256="2315941a13291c277dac9f65e75ead56386440d3907e0540bf157ae70f188347"
|
||||||
ARG HELM_LOCATION="https://get.helm.sh"
|
ARG HELM_LOCATION="https://get.helm.sh"
|
||||||
ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz"
|
ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz"
|
||||||
|
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||||
echo "Verifying ${HELM_FILENAME}..." && \
|
echo Verifying ${HELM_FILENAME}... && \
|
||||||
sha256sum "${HELM_FILENAME}" | grep -q "${HELM_SHA256}" && \
|
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||||
echo "Extracting ${HELM_FILENAME}..." && \
|
echo Extracting ${HELM_FILENAME}... && \
|
||||||
tar zxvf "${HELM_FILENAME}" && mv /linux-amd64/helm /usr/local/bin/ && \
|
tar xvf "${HELM_FILENAME}" -C /usr/local/bin --strip-components 1 linux-amd64/helm && \
|
||||||
rm ${HELM_FILENAME} && rm -r /linux-amd64
|
rm "${HELM_FILENAME}" && \
|
||||||
|
[ "$(helm version --template '{{.Version}}')" = "${HELM_VERSION}" ]
|
||||||
|
|
||||||
# using the install documentation found at https://kubernetes.io/docs/tasks/tools/install-kubectl/
|
# using the install documentation found at https://kubernetes.io/docs/tasks/tools/install-kubectl/
|
||||||
# for now but in a future version of alpine (in the testing version at the time of writing)
|
# for now but in a future version of alpine (in the testing version at the time of writing)
|
||||||
# we should be able to install using apk add.
|
# we should be able to install using apk add.
|
||||||
# the sha256 sum can be found at https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256
|
|
||||||
# maybe a good idea to automate in the future?
|
|
||||||
ENV KUBECTL_VERSION="v1.25.2"
|
ENV KUBECTL_VERSION="v1.25.2"
|
||||||
ENV KUBECTL_SHA256="8639f2b9c33d38910d706171ce3d25be9b19fc139d0e3d4627f38ce84f9040eb"
|
ARG KUBECTL_SHA256="8639f2b9c33d38910d706171ce3d25be9b19fc139d0e3d4627f38ce84f9040eb"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
|
curl --retry 5 --retry-connrefused -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
|
||||||
sha256sum kubectl | grep ${KUBECTL_SHA256} && \
|
echo "${KUBECTL_SHA256} kubectl" | sha256sum -c && \
|
||||||
chmod +x kubectl && \
|
chmod +x kubectl && \
|
||||||
mv kubectl /usr/local/bin/kubectl
|
mv kubectl /usr/local/bin/kubectl && \
|
||||||
|
[ "$(kubectl version -o json | jq -r '.clientVersion.gitVersion')" = "${KUBECTL_VERSION}" ]
|
||||||
|
|
||||||
ENV KUSTOMIZE_VERSION="v4.5.7"
|
ENV KUSTOMIZE_VERSION="v4.5.7"
|
||||||
ENV KUSTOMIZE_SHA256="701e3c4bfa14e4c520d481fdf7131f902531bfc002cb5062dcf31263a09c70c9"
|
ARG KUSTOMIZE_SHA256="701e3c4bfa14e4c520d481fdf7131f902531bfc002cb5062dcf31263a09c70c9"
|
||||||
|
ARG KUSTOMIZE_FILENAME="kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
|
curl --retry 5 --retry-connrefused -LO "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/${KUSTOMIZE_FILENAME}" && \
|
||||||
sha256sum kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | grep ${KUSTOMIZE_SHA256} && \
|
echo "${KUSTOMIZE_SHA256} ${KUSTOMIZE_FILENAME}" | sha256sum -c && \
|
||||||
tar zxvf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
|
tar xvf "${KUSTOMIZE_FILENAME}" -C /usr/local/bin && \
|
||||||
rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
|
rm "${KUSTOMIZE_FILENAME}" && \
|
||||||
mv kustomize /usr/local/bin/kustomize
|
kustomize version --short | grep "kustomize/${KUSTOMIZE_VERSION}"
|
||||||
|
|
||||||
ENV SOPS_VERSION="v3.7.3"
|
ENV SOPS_VERSION="v3.7.3"
|
||||||
|
ARG SOPS_FILENAME="sops-${SOPS_VERSION}.linux.amd64"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 && \
|
curl --retry 5 --retry-connrefused -LO "https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/${SOPS_FILENAME}" && \
|
||||||
chmod +x sops-${SOPS_VERSION}.linux.amd64 && \
|
chmod +x "${SOPS_FILENAME}" && \
|
||||||
mv sops-${SOPS_VERSION}.linux.amd64 /usr/local/bin/sops
|
mv "${SOPS_FILENAME}" /usr/local/bin/sops && \
|
||||||
|
sops --version | grep -E "^sops ${SOPS_VERSION#v}"
|
||||||
|
|
||||||
ENV AGE_VERSION="v1.0.0"
|
ENV AGE_VERSION="v1.0.0"
|
||||||
|
ARG AGE_FILENAME="age-${AGE_VERSION}-linux-amd64.tar.gz"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO https://github.com/FiloSottile/age/releases/download/${AGE_VERSION}/age-${AGE_VERSION}-linux-amd64.tar.gz && \
|
curl --retry 5 --retry-connrefused -LO "https://github.com/FiloSottile/age/releases/download/${AGE_VERSION}/${AGE_FILENAME}" && \
|
||||||
tar zxvf age-${AGE_VERSION}-linux-amd64.tar.gz && \
|
tar xvf "${AGE_FILENAME}" -C /usr/local/bin --strip-components 1 age/age age/age-keygen && \
|
||||||
mv age/age /usr/local/bin/age && \
|
rm "${AGE_FILENAME}" && \
|
||||||
mv age/age-keygen /usr/local/bin/age-keygen && \
|
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||||
rm -rf age-${AGE_VERSION}-linux-amd64.tar.gz age
|
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||||
|
|
||||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.6.0 && \
|
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.6.0 && \
|
||||||
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.1.1 && \
|
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.1.1 && \
|
||||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.14.0 && \
|
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.14.0 && \
|
||||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.12.0
|
helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.12.0 && \
|
||||||
|
rm -rf /root/.cache/helm/plugins
|
||||||
|
|
||||||
# Allow users other than root to use helm plugins located in root home
|
# Allow users other than root to use helm plugins located in root home
|
||||||
RUN chmod 751 /root
|
RUN chmod 751 /root
|
||||||
|
|
|
||||||
|
|
@ -15,65 +15,70 @@ FROM ubuntu:20.04
|
||||||
|
|
||||||
LABEL org.opencontainers.image.source https://github.com/helmfile/helmfile
|
LABEL org.opencontainers.image.source https://github.com/helmfile/helmfile
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt update -qq && \
|
||||||
apt-get install --no-install-recommends -y \
|
apt install --no-install-recommends -y \
|
||||||
ca-certificates \
|
ca-certificates \
|
||||||
git bash curl jq wget openssh-client && \
|
git bash curl jq wget openssh-client && \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
ARG HELM_VERSION="v3.10.2"
|
ARG HELM_VERSION="v3.10.2"
|
||||||
|
ENV HELM_VERSION="${HELM_VERSION}"
|
||||||
ARG HELM_SHA256="2315941a13291c277dac9f65e75ead56386440d3907e0540bf157ae70f188347"
|
ARG HELM_SHA256="2315941a13291c277dac9f65e75ead56386440d3907e0540bf157ae70f188347"
|
||||||
ARG HELM_LOCATION="https://get.helm.sh"
|
ARG HELM_LOCATION="https://get.helm.sh"
|
||||||
ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz"
|
ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz"
|
||||||
|
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO ${HELM_LOCATION}/${HELM_FILENAME} && \
|
curl --retry 5 --retry-connrefused -LO "${HELM_LOCATION}/${HELM_FILENAME}" && \
|
||||||
echo Verifying ${HELM_FILENAME}... && \
|
echo Verifying ${HELM_FILENAME}... && \
|
||||||
sha256sum ${HELM_FILENAME} | grep -q "${HELM_SHA256}" && \
|
echo "${HELM_SHA256} ${HELM_FILENAME}" | sha256sum -c && \
|
||||||
echo Extracting ${HELM_FILENAME}... && \
|
echo Extracting ${HELM_FILENAME}... && \
|
||||||
tar zxvf ${HELM_FILENAME} && mv /linux-amd64/helm /usr/local/bin/ && \
|
tar xvf "${HELM_FILENAME}" -C /usr/local/bin --strip-components 1 linux-amd64/helm && \
|
||||||
rm ${HELM_FILENAME} && rm -r /linux-amd64
|
rm "${HELM_FILENAME}" && \
|
||||||
|
[ "$(helm version --template '{{.Version}}')" = "${HELM_VERSION}" ]
|
||||||
|
|
||||||
# using the install documentation found at https://kubernetes.io/docs/tasks/tools/install-kubectl/
|
# using the install documentation found at https://kubernetes.io/docs/tasks/tools/install-kubectl/
|
||||||
# for now but in a future version of alpine (in the testing version at the time of writing)
|
# for now but in a future version of alpine (in the testing version at the time of writing)
|
||||||
# we should be able to install using apk add.
|
# we should be able to install using apk add.
|
||||||
# the sha256 sum can be found at https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256
|
|
||||||
# maybe a good idea to automate in the future?
|
|
||||||
ENV KUBECTL_VERSION="v1.25.2"
|
ENV KUBECTL_VERSION="v1.25.2"
|
||||||
ENV KUBECTL_SHA256="8639f2b9c33d38910d706171ce3d25be9b19fc139d0e3d4627f38ce84f9040eb"
|
ARG KUBECTL_SHA256="8639f2b9c33d38910d706171ce3d25be9b19fc139d0e3d4627f38ce84f9040eb"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
|
curl --retry 5 --retry-connrefused -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
|
||||||
sha256sum kubectl | grep ${KUBECTL_SHA256} && \
|
echo "${KUBECTL_SHA256} kubectl" | sha256sum -c && \
|
||||||
chmod +x kubectl && \
|
chmod +x kubectl && \
|
||||||
mv kubectl /usr/local/bin/kubectl
|
mv kubectl /usr/local/bin/kubectl && \
|
||||||
|
[ "$(kubectl version -o json | jq -r '.clientVersion.gitVersion')" = "${KUBECTL_VERSION}" ]
|
||||||
|
|
||||||
ENV KUSTOMIZE_VERSION="v4.5.7"
|
ENV KUSTOMIZE_VERSION="v4.5.7"
|
||||||
ENV KUSTOMIZE_SHA256="701e3c4bfa14e4c520d481fdf7131f902531bfc002cb5062dcf31263a09c70c9"
|
ARG KUSTOMIZE_SHA256="701e3c4bfa14e4c520d481fdf7131f902531bfc002cb5062dcf31263a09c70c9"
|
||||||
|
ARG KUSTOMIZE_FILENAME="kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
|
curl --retry 5 --retry-connrefused -LO "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${KUSTOMIZE_VERSION}/${KUSTOMIZE_FILENAME}" && \
|
||||||
sha256sum kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | grep ${KUSTOMIZE_SHA256} && \
|
echo "${KUSTOMIZE_SHA256} ${KUSTOMIZE_FILENAME}" | sha256sum -c && \
|
||||||
tar zxvf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
|
tar xvf "${KUSTOMIZE_FILENAME}" -C /usr/local/bin && \
|
||||||
rm kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
|
rm "${KUSTOMIZE_FILENAME}" && \
|
||||||
mv kustomize /usr/local/bin/kustomize
|
kustomize version --short | grep "kustomize/${KUSTOMIZE_VERSION}"
|
||||||
|
|
||||||
ENV SOPS_VERSION="v3.7.3"
|
ENV SOPS_VERSION="v3.7.3"
|
||||||
|
ARG SOPS_FILENAME="sops-${SOPS_VERSION}.linux.amd64"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.amd64 && \
|
curl --retry 5 --retry-connrefused -LO "https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/${SOPS_FILENAME}" && \
|
||||||
chmod +x sops-${SOPS_VERSION}.linux.amd64 && \
|
chmod +x "${SOPS_FILENAME}" && \
|
||||||
mv sops-${SOPS_VERSION}.linux.amd64 /usr/local/bin/sops
|
mv "${SOPS_FILENAME}" /usr/local/bin/sops && \
|
||||||
|
sops --version | grep -E "^sops ${SOPS_VERSION#v}"
|
||||||
|
|
||||||
ENV AGE_VERSION="v1.0.0"
|
ENV AGE_VERSION="v1.0.0"
|
||||||
|
ARG AGE_FILENAME="age-${AGE_VERSION}-linux-amd64.tar.gz"
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl --retry 5 --retry-connrefused -LO https://github.com/FiloSottile/age/releases/download/${AGE_VERSION}/age-${AGE_VERSION}-linux-amd64.tar.gz && \
|
curl --retry 5 --retry-connrefused -LO "https://github.com/FiloSottile/age/releases/download/${AGE_VERSION}/${AGE_FILENAME}" && \
|
||||||
tar zxvf age-${AGE_VERSION}-linux-amd64.tar.gz && \
|
tar xvf "${AGE_FILENAME}" -C /usr/local/bin --strip-components 1 age/age age/age-keygen && \
|
||||||
mv age/age /usr/local/bin/age && \
|
rm "${AGE_FILENAME}" && \
|
||||||
mv age/age-keygen /usr/local/bin/age-keygen && \
|
[ "$(age --version)" = "${AGE_VERSION}" ] && \
|
||||||
rm -rf age-${AGE_VERSION}-linux-amd64.tar.gz age
|
[ "$(age-keygen --version)" = "${AGE_VERSION}" ]
|
||||||
|
|
||||||
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.6.0 && \
|
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.6.0 && \
|
||||||
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.1.1 && \
|
helm plugin install https://github.com/jkroepke/helm-secrets --version v4.1.1 && \
|
||||||
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.14.0 && \
|
helm plugin install https://github.com/hypnoglow/helm-s3.git --version v0.14.0 && \
|
||||||
helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.12.0
|
helm plugin install https://github.com/aslafy-z/helm-git.git --version v0.12.0 && \
|
||||||
|
rm -rf /root/.cache/helm/plugins
|
||||||
|
|
||||||
# Allow users other than root to use helm plugins located in root home
|
# Allow users other than root to use helm plugins located in root home
|
||||||
RUN chmod 751 /root
|
RUN chmod 751 /root
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue