Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CA certificates tasks in kaniko images #2142

Merged
merged 2 commits into from
Jun 21, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 3 additions & 8 deletions deploy/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -41,20 +41,15 @@ RUN \
make GOARCH=$TARGETARCH

# Generate latest ca-certificates

FROM debian:buster-slim AS certs

RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM debian:bullseye-slim AS certs
RUN apt update && apt install -y ca-certificates

FROM scratch
COPY --from=0 /src/out/executor /kaniko/executor
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root
Expand Down
11 changes: 3 additions & 8 deletions deploy/Dockerfile_debug
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,8 @@ RUN \
make GOARCH=$TARGETARCH out/warmer

# Generate latest ca-certificates

FROM debian:buster-slim AS certs

RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM debian:bullseye-slim AS certs
RUN apt update && apt install -y ca-certificates

FROM scratch
COPY --from=0 /src/out/executor /kaniko/executor
Expand All @@ -65,7 +60,7 @@ COPY --from=busybox:1.32.0 /*lib /lib
# Declare /busybox as a volume to get it automatically in the path to ignore
VOLUME /busybox

COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root
Expand Down
11 changes: 3 additions & 8 deletions deploy/Dockerfile_slim
Original file line number Diff line number Diff line change
Expand Up @@ -27,18 +27,13 @@ RUN \
make GOARCH=$TARGETARCH

# Generate latest ca-certificates

FROM debian:buster-slim AS certs

RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM debian:bullseye-slim AS certs
RUN apt update && apt install -y ca-certificates

FROM scratch
COPY --from=0 /src/out/executor /kaniko/executor
COPY files/nsswitch.conf /etc/nsswitch.conf
COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
ENV HOME /root
ENV USER root
ENV PATH /usr/local/bin:/kaniko
Expand Down
11 changes: 3 additions & 8 deletions deploy/Dockerfile_warmer
Original file line number Diff line number Diff line change
Expand Up @@ -41,20 +41,15 @@ RUN \
make GOARCH=$TARGETARCH out/warmer

# Generate latest ca-certificates

FROM debian:buster-slim AS certs

RUN \
apt update && \
apt install -y ca-certificates && \
cat /etc/ssl/certs/* > /ca-certificates.crt
FROM debian:bullseye-slim AS certs
RUN apt update && apt install -y ca-certificates

FROM scratch
COPY --from=0 /src/out/warmer /kaniko/warmer
COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
COPY --from=certs /ca-certificates.crt /kaniko/ssl/certs/
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
COPY --from=0 /kaniko/.docker /kaniko/.docker
COPY files/nsswitch.conf /etc/nsswitch.conf
ENV HOME /root
Expand Down