public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Use up-to-date ca-certificates during build (#1580)

This commit is contained in:
Sascha Schwarze 2021-02-23 06:25:00 +01:00 committed by GitHub
parent adf5c7a810
commit 2d4db8e0ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 40 additions and 4312 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
deploy/Dockerfile
View File

@ -52,12 +52,21 @@ RUN mkdir -p /kaniko/.docker
COPY . . COPY . .
RUN make GOARCH=$(cat /goarch.txt) RUN make GOARCH=$(cat /goarch.txt)
# Generate latest ca-certificates
FROM debian:buster-slim AS certs
RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM scratch FROM scratch
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr
COPY files/ca-certificates.crt /kaniko/ssl/certs/ COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root ENV HOME /root

11
deploy/Dockerfile_debug
View File

@ -50,6 +50,15 @@ RUN mkdir -p /kaniko/.docker
COPY . . COPY . .
RUN make GOARCH=$(cat /goarch) && make GOARCH=$(cat /goarch.txt) out/warmer RUN make GOARCH=$(cat /goarch) && make GOARCH=$(cat /goarch.txt) out/warmer
# Generate latest ca-certificates
FROM debian:buster-slim AS certs
RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM scratch FROM scratch
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/ COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/* /kaniko/
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer
@ -61,7 +70,7 @@ COPY --from=busybox:1.32.0 /bin /busybox
# Declare /busybox as a volume to get it automatically in the path to ignore # Declare /busybox as a volume to get it automatically in the path to ignore
VOLUME /busybox VOLUME /busybox
COPY files/ca-certificates.crt /kaniko/ssl/certs/ COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root ENV HOME /root

11
deploy/Dockerfile_slim
View File

@ -29,10 +29,19 @@ COPY . .
RUN make GOARCH=$(cat /goarch) RUN make GOARCH=$(cat /goarch)
# Generate latest ca-certificates
FROM debian:buster-slim AS certs
RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM scratch FROM scratch
COPY --from=build_env /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor COPY --from=build_env /go/src/github.com/GoogleContainerTools/kaniko/out/executor /kaniko/executor
COPY files/nsswitch.conf /etc/nsswitch.conf COPY files/nsswitch.conf /etc/nsswitch.conf
COPY files/ca-certificates.crt /kaniko/ssl/certs/ COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/
ENV HOME /root ENV HOME /root
ENV USER root ENV USER root
ENV PATH /usr/local/bin:/kaniko ENV PATH /usr/local/bin:/kaniko

11
deploy/Dockerfile_warmer
View File

@ -47,12 +47,21 @@ RUN mkdir -p /kaniko/.docker
COPY . . COPY . .
RUN make GOARCH=$(cat /goarch) out/warmer RUN make GOARCH=$(cat /goarch) out/warmer
# Generate latest ca-certificates
FROM debian:buster-slim AS certs
RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM scratch FROM scratch
COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer COPY --from=0 /go/src/github.com/GoogleContainerTools/kaniko/out/warmer /kaniko/warmer
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login COPY --from=0 /go/src/github.com/awslabs/amazon-ecr-credential-helper/bin/local/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr COPY --from=0 /go/src/github.com/chrismellard/docker-credential-acr-env/build/docker-credential-acr-env /kaniko/docker-credential-acr
COPY files/ca-certificates.crt /kaniko/ssl/certs/ COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root ENV HOME /root

4308
files/ca-certificates.crt
View File

File diff suppressed because it is too large Load Diff