feat: (PSKD-988) add --insecure-policy for skopeo copy

Signed-off-by: chjmil <[email protected]>
sassoftware · Dec 6, 2024 · 64d698f · 64d698f
1 parent f7a3fee
commit 64d698f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 13 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -15,12 +15,12 @@ WORKDIR /build
 
 RUN curl -sLO https://dl.k8s.io/release/v$kubectl_version/bin/linux/amd64/kubectl && chmod 755 ./kubectl
 
-# Build Skopeo from source 
-# FROM golang:1.23 AS golang
-# ARG SKOPEO_VERSION=release-1.16
-# RUN apt-get update && apt-get install --no-install-recommends -y libgpgme-dev libassuan-dev libbtrfs-dev pkg-config \
-#   && git clone https://github.com/containers/skopeo.git -b release-1.16 \
-#   && DISABLE_DOCS=1 make -C skopeo/
+# Build Skopeo from source since the version in the apt repository is outdated
+FROM golang:alpine3.20 AS golang
+ARG SKOPEO_VERSION=release-1.16
+RUN apk update && apk add git build-base containers-common bash btrfs-progs-dev glib-dev go go-md2man gpgme-dev libselinux-dev linux-headers lvm2-dev ostree-dev \
+  && git clone https://github.com/containers/skopeo.git -b $SKOPEO_VERSION \
+  && DISABLE_DOCS=1 make -C skopeo bin/skopeo.linux.386
 
 # Installation
 FROM baseline
@@ -29,7 +29,7 @@ ARG aws_cli_version=2.17.58
 ARG gcp_cli_version=496.0.0-0
 
 # Add extra packages
-RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git jq ssh sshpass rsync libgpgme-dev \
+RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git jq ssh sshpass rsync \
   && rm -f /etc/ssh/ssh_host_rsa_key && rm -f /etc/ssh/ssh_host_ecdsa_key && rm -f /etc/ssh/ssh_host_ed25519_key \
   && curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && chmod 755 get-helm-3 \
   && ./get-helm-3 --version v$helm_version --no-sudo \
@@ -44,16 +44,12 @@ RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git j
   && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - \
   && apt-get update && apt-get install --no-install-recommends -y google-cloud-cli:amd64=${gcp_cli_version} \
   && apt-get install --no-install-recommends -y google-cloud-sdk-gke-gcloud-auth-plugin \
-  # Skopeo
-  && echo "deb [signed-by=/usr/share/keyrings/ubuntu-archive-keyring.gpg] http://archive.ubuntu.com/ubuntu noble noble-updates main universe" | tee -a /etc/apt/sources.list.d/ubuntu-noble.list \
-  && apt-get update && apt-get install -y skopeo -t noble \    
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
 
-
 COPY --from=tool_builder /build/kubectl /usr/local/bin/kubectl
-# COPY --from=golang /go/skopeo/bin/skopeo /usr/local/bin/skopeo
+COPY --from=golang /go/skopeo/bin/skopeo.linux.386 /usr/local/bin/skopeo
 
 WORKDIR /viya4-deployment/
 COPY . /viya4-deployment/

diff --git a/roles/orchestration-common/tasks/orchestration_tooling.yaml b/roles/orchestration-common/tasks/orchestration_tooling.yaml
@@ -75,7 +75,7 @@
 # if the parsed creds contain symbols. This is expected and required to avoid Jinja2 templating issues.
 - name: Orchestration tooling - Download orchestration tooling image
   command: |
-    skopeo copy docker://{{ V4_CFG_CR_HOST }}/{{ ORCHESTRATION_IMAGE }} oci-archive:{{ ORCHESTRATION_TOOLING_ARCHIVE }} --src-creds {{ ORCHESTRATION_CR_USER | string }}:{{ ORCHESTRATION_CR_PASSWORD | string }}
+    skopeo copy docker://{{ V4_CFG_CR_HOST }}/{{ ORCHESTRATION_IMAGE }} oci-archive:{{ ORCHESTRATION_TOOLING_ARCHIVE }} --src-creds {{ ORCHESTRATION_CR_USER | string }}:{{ ORCHESTRATION_CR_PASSWORD | string }} --insecure-policy
   when:
     - deployment_tooling == "docker"
   tags: