-
Notifications
You must be signed in to change notification settings - Fork 21
/
Dockerfile.devkit
130 lines (113 loc) · 6.77 KB
/
Dockerfile.devkit
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# hadolint ignore=DL3029
FROM --platform=linux/amd64 mesosphere/packer:1.9.5-nkp.1 as packer-amd64
# hadolint ignore=DL3029
FROM --platform=linux/arm64 mesosphere/packer:1.9.5-nkp.1 as packer-arm64
FROM golangci/golangci-lint:v1.56.2-alpine as golangci-lint
FROM goreleaser/goreleaser:v1.24.0 as goreleaser
FROM docker:27.1 as docker
FROM vmware/govc:v0.36.0 as govc
FROM golang:1.19.13-alpine3.18 as builder
# NOTE(jkoelker) since this is a multistage build we
# can have an explosion at the layer
# factory to help with caching
RUN mkdir -p /tools
# NOTE(jkoelker) Ignore "Multiple consecutive `RUN` | Pin versions in apk add."
# hadolint ignore=DL3059,DL3018
RUN apk add --no-cache \
curl \
p7zip
ARG BUILDARCH
# NOTE(jkoelker) From here we care about layers
FROM golang:1.19.13-alpine3.18
ARG ANSIBLE_VERSION=6.3.0
ARG DOCKER_PY_VERSION=5.0.3
ENV ANSIBLE_PATH=/usr
ENV PYTHON_PATH=/usr
ARG MINDTHEGAP_VERSION=1.7.3
COPY requirements.txt /tmp/
COPY requirements-devkit.txt /tmp/
# NOTE(jkoelker) Ignore "Pin versions in [pip | apk add]"
# hadolint ignore=DL3013,DL3018
RUN apk add --no-cache \
bash \
curl \
git \
gcc \
jq \
libc6-compat \
linux-headers \
musl-dev \
make \
openssl \
openssh-client \
python3 \
python3-dev \
gettext \
py3-pynacl \
py3-pip \
&& pip3 install --no-cache-dir --upgrade pip wheel \
&& pip3 install --no-cache-dir \
--requirement /tmp/requirements.txt \
--requirement /tmp/requirements-devkit.txt \
&& rm -rf \
/root/.cache
# Managing the below ansible dependencies is covered in docs/dev/ansible-modules.md
RUN mkdir -p /usr/share/ansible/collections \
&& ansible-galaxy \
collection install \
community.general:==6.4.0 \
ansible.netcommon:==5.0.0 \
ansible.posix:==1.5.1 \
ansible.utils:==2.9.0 \
-p /usr/share/ansible/collections
# hadolint ignore=DL4006
RUN curl -Lf https://github.com/mesosphere/mindthegap/releases/download/v"${MINDTHEGAP_VERSION}"/mindthegap_v"${MINDTHEGAP_VERSION}"_linux_amd64.tar.gz |tar xzf - -C /usr/local/bin
ARG GOSS_VERSION=v0.3.23
RUN curl -L "https://github.com/goss-org/goss/releases/download/${GOSS_VERSION}/goss-linux-amd64" -o /usr/local/bin/goss-amd64
RUN chmod +rx /usr/local/bin/goss-amd64
ARG BUILDARCH
RUN ln -s /usr/local/bin/goss-${BUILDARCH} /usr/local/bin/goss
RUN curl -o /opt/amazon-ssm-agent.rpm https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
COPY ansible ansible
# Fetch nokmem rpms
RUN \
export KUBERNETES_VERSION=$(awk -F': ' '/kubernetes_version/ {print $2}' ansible/group_vars/all/defaults.yaml | sed -n '2p' | xargs) && \
echo ${KUBERNETES_VERSION} && \
curl -o /opt/kubectl-${KUBERNETES_VERSION}-0.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/kubectl-${KUBERNETES_VERSION}-0.x86_64.rpm && \
curl -o /opt/kubeadm-${KUBERNETES_VERSION}-0.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/kubeadm-${KUBERNETES_VERSION}-0.x86_64.rpm && \
curl -o /opt/kubelet-${KUBERNETES_VERSION}-0.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/kubelet-${KUBERNETES_VERSION}-0.x86_64.rpm && \
export CRICTL_TOOLS_VERSION="$(echo ${KUBERNETES_VERSION} | cut -d. -f1-2).1" && \
curl -o /opt/cri-tools-${CRICTL_TOOLS_VERSION}-0.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/cri-tools-${CRICTL_TOOLS_VERSION}-0.x86_64.rpm && \
export CNI_VERSION=$(awk -F': ' '/kubernetes_cni_version/ {print $2}' ansible/group_vars/all/defaults.yaml | sed -n '1p' | xargs) && \
curl -o /opt/kubernetes-cni-${CNI_VERSION}-0.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/kubernetes-cni-${CNI_VERSION}-0.x86_64.rpm
# Fetch fips rpms
RUN \
export KUBERNETES_VERSION=$(awk -F': ' '/kubernetes_version/ {print $2}' ansible/group_vars/all/defaults.yaml | sed -n '2p' | xargs) && \
echo ${KUBERNETES_VERSION} && \
curl -o /opt/kubectl-${KUBERNETES_VERSION}-0-fips.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-fips/x86_64/kubectl-${KUBERNETES_VERSION}-0.x86_64.rpm && \
curl -o /opt/kubeadm-${KUBERNETES_VERSION}-0-fips.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-fips/x86_64/kubeadm-${KUBERNETES_VERSION}-0.x86_64.rpm && \
curl -o /opt/kubelet-${KUBERNETES_VERSION}-0-fips.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-fips/x86_64/kubelet-${KUBERNETES_VERSION}-0.x86_64.rpm && \
export CRICTL_TOOLS_VERSION="$(echo ${KUBERNETES_VERSION} | cut -d. -f1-2).1" && \
curl -o /opt/cri-tools-${CRICTL_TOOLS_VERSION}-0-fips.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-nokmem/x86_64/cri-tools-${CRICTL_TOOLS_VERSION}-0.x86_64.rpm && \
export CNI_VERSION=$(awk -F': ' '/kubernetes_cni_version/ {print $2}' ansible/group_vars/all/defaults.yaml | sed -n '1p' | xargs) && \
curl -o /opt/kubernetes-cni-${CNI_VERSION}-0-fips.rpm https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v${KUBERNETES_VERSION}-fips/x86_64/kubernetes-cni-${CNI_VERSION}-0.x86_64.rpm
RUN curl -o /opt/d2iq-sign-authority-gpg-public-key https://packages.d2iq.com/konvoy/stable/linux/repos/d2iq-sign-authority-gpg-public-key
COPY --from=packer-amd64 /bin/packer /usr/local/bin/packer-amd64
COPY --from=packer-arm64 /bin/packer /usr/local/bin/packer-arm64
COPY --from=golangci-lint /usr/bin/golangci-lint /usr/local/bin/
COPY --from=goreleaser /usr/bin/goreleaser /usr/local/bin/
COPY --from=docker /usr/local/bin/docker /usr/local/bin/
COPY --from=govc /govc /usr/local/bin/
COPY --from=builder /tools /usr/local/bin
# hadolint ignore=DL3059
RUN --mount=type=secret,id=githubtoken PACKER_GITHUB_API_TOKEN="$(cat /run/secrets/githubtoken)" export PACKER_GITHUB_API_TOKEN && \
packer-${BUILDARCH} plugins install github.com/hashicorp/googlecompute ">=1.0.11" && \
packer-${BUILDARCH} plugins install github.com/hashicorp/azure ">=1.3.1" && \
packer-${BUILDARCH} plugins install github.com/hashicorp/amazon ">=1.1.3" && \
packer-${BUILDARCH} plugins install github.com/hashicorp/ansible ">=1.1.0" && \
packer-${BUILDARCH} plugins install github.com/hashicorp/vsphere ">=1.0.8" && \
packer-${BUILDARCH} plugins install github.com/ivoronin/sshkey ">=1.0.1" && \
packer-${BUILDARCH} plugins install github.com/mesosphere/goss ">=3.3.0"
# Non-trivial bash scripting like e.g. the Makefile require bash instead of
# plain sh, in order to function.
CMD ["/bin/bash"]