From c9262419fd4d2c0ca635da8d472e328f79a91865 Mon Sep 17 00:00:00 2001 From: Spyros Trigazis Date: Fri, 12 Jul 2019 15:58:59 +0200 Subject: [PATCH] ci: Fix ADD_ALLOW_PRIV build-arg In [0] we added a build-arg for the deprecaeted --allow-priv option. This arg needs to be defined after the FROM line in the dockerfile. Note, other systems like podman can use the arg even before the FROM statement. Docker needs it after. [0] I2935d34ace08800c805028f1673bc515f2f577e6 story: 2005124 Change-Id: I34af2451e92962b835ac0f1a1e49dfcbfd477830 Signed-off-by: Spyros Trigazis --- dockerfiles/kubernetes-apiserver/Dockerfile | 4 ++-- dockerfiles/kubernetes-controller-manager/Dockerfile | 4 ++-- dockerfiles/kubernetes-kubelet/Dockerfile | 4 ++-- dockerfiles/kubernetes-proxy/Dockerfile | 4 ++-- dockerfiles/kubernetes-scheduler/Dockerfile | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/dockerfiles/kubernetes-apiserver/Dockerfile b/dockerfiles/kubernetes-apiserver/Dockerfile index 7e5498ed02..6acdaff6cd 100644 --- a/dockerfiles/kubernetes-apiserver/Dockerfile +++ b/dockerfiles/kubernetes-apiserver/Dockerfile @@ -1,8 +1,8 @@ ARG KUBE_VERSION=v1.13.0 -ARG ADD_KUBE_ALLOW_PRIV=false FROM fedora:rawhide ARG KUBE_VERSION +ARG ADD_KUBE_ALLOW_PRIV=false RUN curl -o /root/kubectl -O https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubectl FROM gcr.io/google-containers/kube-apiserver-amd64:${KUBE_VERSION} @@ -31,7 +31,7 @@ COPY service.template config.json.template /exports/ # however, this would require hard-coding the container name COPY apiserver config /etc/kubernetes/ -RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true +RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true RUN mkdir -p /exports/hostfs/usr/local/bin/ COPY --from=0 /root/kubectl /exports/hostfs/usr/local/bin/ RUN chmod +x /exports/hostfs/usr/local/bin/kubectl && \ diff --git a/dockerfiles/kubernetes-controller-manager/Dockerfile b/dockerfiles/kubernetes-controller-manager/Dockerfile index ecb3608ef6..bc48e1e42b 100644 --- a/dockerfiles/kubernetes-controller-manager/Dockerfile +++ b/dockerfiles/kubernetes-controller-manager/Dockerfile @@ -1,6 +1,6 @@ ARG KUBE_VERSION=v1.13.0 -ARG ADD_KUBE_ALLOW_PRIV=false FROM gcr.io/google-containers/kube-controller-manager-amd64:${KUBE_VERSION} +ARG ADD_KUBE_ALLOW_PRIV=false ENV container=docker @@ -18,7 +18,7 @@ COPY launch.sh /usr/bin/kube-controller-manager-docker.sh COPY service.template config.json.template /exports/ COPY controller-manager config /etc/kubernetes/ -RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true +RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true RUN mkdir -p /exports/hostfs/etc/kubernetes && \ cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \ cp /etc/kubernetes/controller-manager /exports/hostfs/etc/kubernetes/ diff --git a/dockerfiles/kubernetes-kubelet/Dockerfile b/dockerfiles/kubernetes-kubelet/Dockerfile index 39d3173c8c..08770d76f9 100644 --- a/dockerfiles/kubernetes-kubelet/Dockerfile +++ b/dockerfiles/kubernetes-kubelet/Dockerfile @@ -1,6 +1,6 @@ ARG KUBE_VERSION=v1.13.0 -ARG ADD_KUBE_ALLOW_PRIV=false FROM gcr.io/google-containers/hyperkube-amd64:${KUBE_VERSION} +ARG ADD_KUBE_ALLOW_PRIV=false ENV container=docker @@ -15,7 +15,7 @@ LABEL bzcomponent="$NAME" \ COPY launch.sh /usr/bin/kubelet-docker.sh COPY kubelet config /etc/kubernetes/ -RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true +RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true COPY manifest.json tmpfiles.template service.template config.json.template /exports/ diff --git a/dockerfiles/kubernetes-proxy/Dockerfile b/dockerfiles/kubernetes-proxy/Dockerfile index 6c376bb301..8c5f17a01e 100644 --- a/dockerfiles/kubernetes-proxy/Dockerfile +++ b/dockerfiles/kubernetes-proxy/Dockerfile @@ -1,6 +1,6 @@ ARG KUBE_VERSION=v1.13.0 -ARG ADD_KUBE_ALLOW_PRIV=false FROM gcr.io/google-containers/kube-proxy-amd64:${KUBE_VERSION} +ARG ADD_KUBE_ALLOW_PRIV=false ENV container=docker ENV NAME=kubernetes-proxy VERSION=0 RELEASE=8 ARCH=x86_64 @@ -17,7 +17,7 @@ COPY launch.sh /usr/bin/kube-proxy-docker.sh COPY service.template config.json.template /exports/ COPY proxy config /etc/kubernetes/ -RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true +RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true RUN mkdir -p /exports/hostfs/etc/kubernetes && \ cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \ diff --git a/dockerfiles/kubernetes-scheduler/Dockerfile b/dockerfiles/kubernetes-scheduler/Dockerfile index c223b866ca..ce2cbdb165 100644 --- a/dockerfiles/kubernetes-scheduler/Dockerfile +++ b/dockerfiles/kubernetes-scheduler/Dockerfile @@ -1,6 +1,6 @@ ARG KUBE_VERSION=v1.13.0 -ARG ADD_KUBE_ALLOW_PRIV=false FROM gcr.io/google-containers/kube-scheduler-amd64:${KUBE_VERSION} +ARG ADD_KUBE_ALLOW_PRIV=false ENV container=docker ENV NAME=kubernetes-scheduler VERSION=0.1 RELEASE=8 ARCH=x86_64 @@ -17,7 +17,7 @@ COPY launch.sh /usr/bin/kube-scheduler-docker.sh COPY service.template config.json.template /exports/ COPY scheduler config /etc/kubernetes/ -RUN [ $ADD_KUBE_ALLOW_PRIV = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true +RUN [ "$ADD_KUBE_ALLOW_PRIV" = "true" ] && echo "KUBE_ALLOW_PRIV=\"--allow-privileged=false\"" >> /etc/kubernetes/config || true RUN mkdir -p /exports/hostfs/etc/kubernetes && \ cp /etc/kubernetes/config /exports/hostfs/etc/kubernetes/ && \ cp /etc/kubernetes/scheduler /exports/hostfs/etc/kubernetes/