airship/promenade
Code Issues Proposed changes

Libyaml and cfssl install from apt

Browse Source 
This PS is to install libyaml and cfssl from apt
instead of building it from source. Also we
upgrade the Helm version to 3.17.3 because of CVE.

In order to decrease the image size *-dev libs are
installed only when needed to build/install Python
packages.

Change-Id: Ia83805799f46f5b20008f0a9393ab508078926e4
This commit is contained in:
Sergiy Markin
2025-04-24 19:58:44 +00:00
parent 4f719460e6
commit e96713115f
13 changed files with 46 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bindep.txt
View File

@@ -10,4 +10,5 @@ libpq-dev [platform:dpkg]
libsasl2-dev [platform:dpkg]
libssl-dev [platform:dpkg]
libre2-dev [platform:dpkg]
libyaml-dev [platform:dpkg]
apt-utils [platform:dpkg]

4
doc/source/configuration/host-system.rst
View File

@@ -22,7 +22,7 @@ Sample Document to run containers in Docker runtime
images:
haproxy: haproxy:2.4
helm:
helm: lachlanevenson/k8s-helm:v3.16.4
helm: lachlanevenson/k8s-helm:v3.17.3
monitoring_image: busybox:1.28.3
packages:
repositories:
@@ -121,7 +121,7 @@ Sample Document to run containers in Containerd runtime
images:
haproxy: haproxy:2.4
helm:
helm: lachlanevenson/k8s-helm:v3.16.4
helm: lachlanevenson/k8s-helm:v3.17.3
monitoring_image: busybox:1.28.3
packages:
additional:

2
examples/basic/HostSystem.yaml
View File

@@ -85,7 +85,7 @@ data:
monitoring_image: &busybox busybox:1.28.3
haproxy: haproxy:2.4
helm:
helm: lachlanevenson/k8s-helm:v3.16.4
helm: lachlanevenson/k8s-helm:v3.17.3
packages:
common:
repositories:

2
examples/complete/HostSystem.yaml
View File

@@ -85,7 +85,7 @@ data:
monitoring_image: busybox:1.28.3
haproxy: haproxy:2.4
helm:
helm: lachlanevenson/k8s-helm:v3.16.4
helm: lachlanevenson/k8s-helm:v3.17.3
packages:
common:
repositories:

2
examples/containerd/HostSystem.yaml
View File

@@ -85,7 +85,7 @@ data:
monitoring_image: &busybox busybox:1.28.3
haproxy: haproxy:2.4
helm:
helm: lachlanevenson/k8s-helm:v3.16.4
helm: lachlanevenson/k8s-helm:v3.17.3
packages:
common:
additional:

2
examples/gate/HostSystem.yaml
View File

@@ -85,7 +85,7 @@ data:
monitoring_image: &busybox busybox:1.28.3
haproxy: haproxy:2.4
helm:
helm: lachlanevenson/k8s-helm:v3.16.4
helm: lachlanevenson/k8s-helm:v3.17.3
packages:
common:
repositories:

60
images/promenade/Dockerfile.ubuntu_jammy
View File

@@ -49,48 +49,54 @@ RUN set -ex \
&& apt update -qq \
&& apt upgrade -y \
&& apt-get install --no-install-recommends -y \
automake \
ca-certificates \
curl \
dnsutils \
gcc \
git \
gpg \
gpg-agent \
libpcre3-dev \
libtool \
libpq-dev \
make \
python3-dev \
python3-pip \
python3-setuptools \
rsync \
# this will install golang-cfssl 1.2.0 in Jammy
golang-cfssl \
&& ln -s /usr/bin/python3 /usr/bin/python \
&& curl -Lo /usr/local/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 \
&& chmod 555 /usr/local/bin/cfssl \
&& python3 -m pip install -U pip \
&& apt-get autoremove -yqq --purge \
&& apt-get clean \
&& useradd -u 1000 -g users -d /opt/promenade promenade \
&& rm -rf /var/lib/apt/lists/*
# Install LibYAML
ENV LD_LIBRARY_PATH=/usr/local/lib
ARG LIBYAML_VERSION=0.2.5
RUN set -ex \
&& git clone https://github.com/yaml/libyaml.git \
&& cd libyaml \
&& git checkout $LIBYAML_VERSION \
&& ./bootstrap \
&& ./configure \
&& make \
&& make install \
&& cd .. \
&& rm -fr libyaml
COPY requirements-frozen.txt /opt/promenade
RUN pip3 install --no-cache-dir -r requirements-frozen.txt
RUN set -ex \
&& buildDeps=' \
automake \
gcc \
libpcre3-dev \
libffi-dev \
libpq-dev \
libssl-dev \
libtool \
libyaml-dev \
libvirt-dev \
make \
python3-pip \
pkg-config \
' \
&& apt-get -qq update \
# Keep git separate so it's not removed below
&& apt-get install -y $buildDeps git --no-install-recommends \
&& python3 -m pip install -U pip \
&& pip3 install --no-cache-dir -r requirements-frozen.txt \
&& apt-get purge -y --auto-remove $buildDeps \
&& apt-get autoremove -yqq --purge \
&& apt-get clean \
&& rm -rf \
/var/lib/apt/lists/* \
/tmp/* \
/var/tmp/* \
/usr/share/man \
/usr/share/doc \
/usr/share/doc-base
# Setting promenade version for BPR
ENV PBR_VERSION 0.9.0

2
tests/unit/api/test_validatedesign.py
View File

@@ -153,7 +153,7 @@ VALID_DOCS = [
'images': {
'haproxy': 'haproxy:2.4',
'helm': {
'helm': 'lachlanevenson/k8s-helm:v3.16.4'
'helm': 'lachlanevenson/k8s-helm:v3.17.3'
}
},
'packages': {

2
tests/unit/builder_data/simple/HostSystem.yaml
View File

@@ -38,7 +38,7 @@ data:
monitoring_image: &busybox busybox:1.28.3
haproxy: haproxy:2.4
helm:
helm: lachlanevenson/k8s-helm:v3.16.4
helm: lachlanevenson/k8s-helm:v3.17.3
packages:
common:
repositories:

2
tools/gate/default-config-env
View File

@@ -9,7 +9,7 @@ IMAGE_DEP_CHECK=quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
IMAGE_ETCD=quay.io/coreos/etcd:v3.5.12
IMAGE_ETCDCTL=quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
IMAGE_HAPROXY=haproxy:2.4
IMAGE_HELM=lachlanevenson/k8s-helm:v3.16.4
IMAGE_HELM=lachlanevenson/k8s-helm:v3.17.3
IMAGE_APISERVER=registry.k8s.io/kube-apiserver-amd64:v1.32.1
IMAGE_CONTROLLER_MANAGER=registry.k8s.io/kube-controller-manager-amd64:v1.32.1
IMAGE_SCHEDULER=registry.k8s.io/kube-scheduler-amd64:v1.32.1

2
tools/helm_install.sh
View File

@@ -17,7 +17,7 @@
set -x
HELM=$1
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz"}
HELM_ARTIFACT_URL=${HELM_ARTIFACT_URL:-"https://get.helm.sh/helm-v3.17.3-linux-amd64.tar.gz"}
function install_helm_binary {

2
tools/image_tags.py
View File

@@ -1,4 +1,4 @@
#!/bin/python
#!/bin/python3
import json
import logging

2
tools/registry/IMAGES
View File

@@ -6,7 +6,7 @@ registry.k8s.io/kube-apiserver-amd64,v1.32.1,apiserver
registry.k8s.io/kube-controller-manager-amd64,v1.32.1,controller-manager
registry.k8s.io/kube-scheduler-amd64,v1.32.1,scheduler
registry.k8s.io/kube-proxy-amd64,v1.32.1,proxy
lachlanevenson/k8s-helm,v3.16.4,helm
lachlanevenson/k8s-helm,v3.17.3,helm
quay.io/airshipit/armada,master,armada
quay.io/airshipit/armada-operator,latest,armada-operator
quay.io/calico/cni,v3.4.0,calico-cni