public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

CA certificates tasks in kaniko images (#2142) 

* deploy: avoid duplicate certificates in images

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>

* deploy: use current stable Debian release image

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This commit is contained in:
Konstantin Demin 2022-06-21 21:28:11 +03:00 committed by GitHub
parent 679c71c907
commit 18f745de5b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 12 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
deploy/Dockerfile
View File

@ -41,20 +41,15 @@ RUN \
make GOARCH=$TARGETARCH make GOARCH=$TARGETARCH
# Generate latest ca-certificates # Generate latest ca-certificates
FROM debian:bullseye-slim AS certs
FROM debian:buster-slim AS certs RUN apt update && apt install -y ca-certificates
RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM scratch FROM scratch
COPY --from=0 /src/out/executor /kaniko/executor COPY --from=0 /src/out/executor /kaniko/executor
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/ COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root ENV HOME /root

11
deploy/Dockerfile_debug
View File

@ -42,13 +42,8 @@ RUN \
make GOARCH=$TARGETARCH out/warmer make GOARCH=$TARGETARCH out/warmer
# Generate latest ca-certificates # Generate latest ca-certificates
FROM debian:bullseye-slim AS certs
FROM debian:buster-slim AS certs RUN apt update && apt install -y ca-certificates
RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM scratch FROM scratch
COPY --from=0 /src/out/executor /kaniko/executor COPY --from=0 /src/out/executor /kaniko/executor
@ -65,7 +60,7 @@ COPY --from=busybox:1.32.0 /*lib /lib
# Declare /busybox as a volume to get it automatically in the path to ignore # Declare /busybox as a volume to get it automatically in the path to ignore
VOLUME /busybox VOLUME /busybox
COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/ COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root ENV HOME /root

11
deploy/Dockerfile_slim
View File

@ -27,18 +27,13 @@ RUN \
make GOARCH=$TARGETARCH make GOARCH=$TARGETARCH
# Generate latest ca-certificates # Generate latest ca-certificates
FROM debian:bullseye-slim AS certs
FROM debian:buster-slim AS certs RUN apt update && apt install -y ca-certificates
RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM scratch FROM scratch
COPY --from=0 /src/out/executor /kaniko/executor COPY --from=0 /src/out/executor /kaniko/executor
COPY files/nsswitch.conf /etc/nsswitch.conf COPY files/nsswitch.conf /etc/nsswitch.conf
COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/ COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
ENV HOME /root ENV HOME /root
ENV USER root ENV USER root
ENV PATH /usr/local/bin:/kaniko ENV PATH /usr/local/bin:/kaniko

11
deploy/Dockerfile_warmer
View File

@ -41,20 +41,15 @@ RUN \
make GOARCH=$TARGETARCH out/warmer make GOARCH=$TARGETARCH out/warmer
# Generate latest ca-certificates # Generate latest ca-certificates
FROM debian:bullseye-slim AS certs
FROM debian:buster-slim AS certs RUN apt update && apt install -y ca-certificates
RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM scratch FROM scratch
COPY --from=0 /src/out/warmer /kaniko/warmer COPY --from=0 /src/out/warmer /kaniko/warmer
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/ COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root ENV HOME /root