From c83d6de21822cecc281a52f8936ee9c708a4ad0b Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Thu, 11 Apr 2019 13:29:02 +0200 Subject: [PATCH] Download and verify kustomize binary --- Makefile | 21 +++++++++++++++------ docker/Dockerfile.flux | 5 +---- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 5709e17181..a361c79dd0 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ SUDO := $(shell docker info > /dev/null 2> /dev/null || echo "sudo") TEST_FLAGS?= include docker/kubectl.version +include docker/kustomize.version include docker/helm.version CURRENT_OS_ARCH=$(shell echo `go env GOOS`-`go env GOARCH`) @@ -36,12 +37,12 @@ release-bins: clean: go clean rm -rf ./build - rm -f test/bin/kubectl test/bin/helm + rm -f test/bin/kubectl test/bin/helm test/bin/kustomize realclean: clean rm -rf ./cache -test: test/bin/helm test/bin/kubectl +test: test/bin/helm test/bin/kubectl test/bin/kustomize PATH="${PWD}/bin:${PWD}/test/bin:${PATH}" go test ${TEST_FLAGS} $(shell go list ./... | grep -v "^github.com/weaveworks/flux/vendor" | sort -u) build/.%.done: docker/Dockerfile.% @@ -53,7 +54,7 @@ build/.%.done: docker/Dockerfile.% -f build/docker/$*/Dockerfile.$* ./build/docker/$* touch $@ -build/.flux.done: build/fluxd build/kubectl docker/ssh_config docker/kubeconfig docker/verify_known_hosts.sh +build/.flux.done: build/fluxd build/kubectl build/kustomize docker/ssh_config docker/kubeconfig docker/verify_known_hosts.sh build/.helm-operator.done: build/helm-operator build/kubectl build/helm docker/ssh_config docker/verify_known_hosts.sh docker/helm-repositories.yaml build/fluxd: $(FLUXD_DEPS) @@ -68,7 +69,10 @@ build/kubectl: cache/linux-amd64/kubectl-$(KUBECTL_VERSION) test/bin/kubectl: cache/$(CURRENT_OS_ARCH)/kubectl-$(KUBECTL_VERSION) build/helm: cache/linux-amd64/helm-$(HELM_VERSION) test/bin/helm: cache/$(CURRENT_OS_ARCH)/helm-$(HELM_VERSION) -build/kubectl test/bin/kubectl build/helm test/bin/helm: +build/kustomize: cache/linux-amd64/kustomize-$(KUSTOMIZE_VERSION) +test/bin/kustomize: cache/$(CURRENT_OS_ARCH)/kustomize-$(KUSTOMIZE_VERSION) + +build/kubectl test/bin/kubectl build/kustomize test/bin/kustomize build/helm test/bin/helm: mkdir -p build cp $< $@ if [ `basename $@` = "build" -a $(CURRENT_OS_ARCH) = "linux-amd64" ]; then strip $@; fi @@ -76,14 +80,19 @@ build/kubectl test/bin/kubectl build/helm test/bin/helm: cache/%/kubectl-$(KUBECTL_VERSION): docker/kubectl.version mkdir -p cache/$* - curl -L -o cache/$*/kubectl-$(KUBECTL_VERSION).tar.gz "https://dl.k8s.io/$(KUBECTL_VERSION)/kubernetes-client-$*.tar.gz" + curl --fail -L -o cache/$*/kubectl-$(KUBECTL_VERSION).tar.gz "https://dl.k8s.io/$(KUBECTL_VERSION)/kubernetes-client-$*.tar.gz" [ $* != "linux-amd64" ] || echo "$(KUBECTL_CHECKSUM) cache/$*/kubectl-$(KUBECTL_VERSION).tar.gz" | shasum -a 256 -c tar -m --strip-components 3 -C ./cache/$* -xzf cache/$*/kubectl-$(KUBECTL_VERSION).tar.gz kubernetes/client/bin/kubectl mv ./cache/$*/kubectl $@ +cache/%/kustomize-$(KUSTOMIZE_VERSION): docker/kustomize.version + mkdir -p cache/$* + curl --fail -L -o $@ "https://github.com/kubernetes-sigs/kustomize/releases/download/v$(KUSTOMIZE_VERSION)/kustomize_$(KUSTOMIZE_VERSION)_`echo $* | tr - _`" + [ $* != "linux-amd64" ] || echo "$(KUSTOMIZE_CHECKSUM) $@" | shasum -a 256 -c + cache/%/helm-$(HELM_VERSION): docker/helm.version mkdir -p cache/$* - curl -L -o cache/$*/helm-$(HELM_VERSION).tar.gz "https://storage.googleapis.com/kubernetes-helm/helm-v$(HELM_VERSION)-$*.tar.gz" + curl --fail -L -o cache/$*/helm-$(HELM_VERSION).tar.gz "https://storage.googleapis.com/kubernetes-helm/helm-v$(HELM_VERSION)-$*.tar.gz" [ $* != "linux-amd64" ] || echo "$(HELM_CHECKSUM) cache/$*/helm-$(HELM_VERSION).tar.gz" | shasum -a 256 -c tar -m -C ./cache -xzf cache/$*/helm-$(HELM_VERSION).tar.gz $*/helm mv cache/$*/helm $@ diff --git a/docker/Dockerfile.flux b/docker/Dockerfile.flux index cf1ef92ebb..ad5f13a959 100644 --- a/docker/Dockerfile.flux +++ b/docker/Dockerfile.flux @@ -15,10 +15,7 @@ RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.vis COPY ./ssh_config /etc/ssh/ssh_config COPY ./kubectl /usr/local/bin/ - -# TODO(fons): do this properly (copying locally, caching, hash-checking etc ...) -ADD https://github.com/kubernetes-sigs/kustomize/releases/download/v2.0.3/kustomize_2.0.3_linux_amd64 /usr/local/bin/kustomize -RUN chmod +x /usr/local/bin/kustomize +COPY ./kustomize /usr/local/bin # These are pretty static LABEL maintainer="Weaveworks " \