Skip to content

Commit

Permalink
ci: Fix ADD_ALLOW_PRIV build-arg
Browse files Browse the repository at this point in the history 
In [0] we added a build-arg for the deprecaeted
--allow-priv option. This arg needs to be defined
after the FROM line in the dockerfile.

Note, other systems like podman can use the
arg even before the FROM statement. Docker needs
it after.

[0] I2935d34ace08800c805028f1673bc515f2f577e6

story: 2005124

Change-Id: I34af2451e92962b835ac0f1a1e49dfcbfd477830
Signed-off-by: Spyros Trigazis <[email protected]>
  • Loading branch information
@strigazi
strigazi committed Jul 12, 2019
1 parent aeecdc7 commit c926241
Show file tree
Hide file tree
Showing 5 changed files with 10 additions and 10 deletions.
4 changes: 2 additions & 2 deletions dockerfiles/kubernetes-apiserver/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
ARG KUBE_VERSION=v1.13.0
ARG ADD_KUBE_ALLOW_PRIV=false

FROM fedora:rawhide
ARG KUBE_VERSION
ARG ADD_KUBE_ALLOW_PRIV=false
RUN curl -o /root/kubectl -O https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubectl

FROM gcr.io/google-containers/kube-apiserver-amd64:${KUBE_VERSION}
Expand Down Expand Up @@ -31,7 +31,7 @@ COPY service.template config.json.template /exports/
# however, this would require hard-coding the container name

COPY apiserver config /etc/kubernetes/
RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
RUN mkdir -p /exports/hostfs/usr/local/bin/
COPY --from=0 /root/kubectl /exports/hostfs/usr/local/bin/
RUN chmod +x /exports/hostfs/usr/local/bin/kubectl && \
Expand Down
4 changes: 2 additions & 2 deletions dockerfiles/kubernetes-controller-manager/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG KUBE_VERSION=v1.13.0
ARG ADD_KUBE_ALLOW_PRIV=false
FROM gcr.io/google-containers/kube-controller-manager-amd64:${KUBE_VERSION}
ARG ADD_KUBE_ALLOW_PRIV=false

ENV container=docker

Expand All @@ -18,7 +18,7 @@ COPY launch.sh /usr/bin/kube-controller-manager-docker.sh
COPY service.template config.json.template /exports/

COPY controller-manager config /etc/kubernetes/
RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
RUN mkdir -p /exports/hostfs/etc/kubernetes && \
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
cp /etc/kubernetes/controller-manager /exports/hostfs/etc/kubernetes/
Expand Down
4 changes: 2 additions & 2 deletions dockerfiles/kubernetes-kubelet/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG KUBE_VERSION=v1.13.0
ARG ADD_KUBE_ALLOW_PRIV=false
FROM gcr.io/google-containers/hyperkube-amd64:${KUBE_VERSION}
ARG ADD_KUBE_ALLOW_PRIV=false

ENV container=docker

Expand All @@ -15,7 +15,7 @@ LABEL bzcomponent="$NAME" \

COPY launch.sh /usr/bin/kubelet-docker.sh
COPY kubelet config /etc/kubernetes/
RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true

COPY manifest.json tmpfiles.template service.template config.json.template /exports/

Expand Down
4 changes: 2 additions & 2 deletions dockerfiles/kubernetes-proxy/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG KUBE_VERSION=v1.13.0
ARG ADD_KUBE_ALLOW_PRIV=false
FROM gcr.io/google-containers/kube-proxy-amd64:${KUBE_VERSION}
ARG ADD_KUBE_ALLOW_PRIV=false
ENV container=docker

ENV NAME=kubernetes-proxy VERSION=0 RELEASE=8 ARCH=x86_64
Expand All @@ -17,7 +17,7 @@ COPY launch.sh /usr/bin/kube-proxy-docker.sh
COPY service.template config.json.template /exports/

COPY proxy config /etc/kubernetes/
RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true

RUN mkdir -p /exports/hostfs/etc/kubernetes && \
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
Expand Down
4 changes: 2 additions & 2 deletions dockerfiles/kubernetes-scheduler/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ARG KUBE_VERSION=v1.13.0
ARG ADD_KUBE_ALLOW_PRIV=false
FROM gcr.io/google-containers/kube-scheduler-amd64:${KUBE_VERSION}
ARG ADD_KUBE_ALLOW_PRIV=false
ENV container=docker

ENV NAME=kubernetes-scheduler VERSION=0.1 RELEASE=8 ARCH=x86_64
Expand All @@ -17,7 +17,7 @@ COPY launch.sh /usr/bin/kube-scheduler-docker.sh
COPY service.template config.json.template /exports/

COPY scheduler config /etc/kubernetes/
RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true
RUN mkdir -p /exports/hostfs/etc/kubernetes && \
cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \
cp /etc/kubernetes/scheduler /exports/hostfs/etc/kubernetes/
Expand Down

0 comments on commit c926241

Please sign in to comment.