From e979a4ea4a05dc630ede8dc4a81376379b0e6474 Mon Sep 17 00:00:00 2001 From: CSpicer Date: Wed, 25 Mar 2020 17:37:15 -0400 Subject: [PATCH 1/3] Generated UBI7 version of container for approval process --- 1.0/Dockerfile | 71 ----------------------------------------- 1.0/README.md | 0 1.0/scripts/prebuild.sh | 49 ---------------------------- Dockerfile | 52 ++++++++++++++++++++++++++++++ Jenkinsfile | 2 ++ 1.0/LICENSE => LICENSE | 0 download.json | 8 +++++ 7 files changed, 62 insertions(+), 120 deletions(-) delete mode 100644 1.0/Dockerfile delete mode 100644 1.0/README.md delete mode 100644 1.0/scripts/prebuild.sh create mode 100644 Dockerfile create mode 100644 Jenkinsfile rename 1.0/LICENSE => LICENSE (100%) create mode 100644 download.json diff --git a/1.0/Dockerfile b/1.0/Dockerfile deleted file mode 100644 index 78c38aa..0000000 --- a/1.0/Dockerfile +++ /dev/null @@ -1,71 +0,0 @@ -ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi7/ubi -ARG BASE_TAG=7.8 -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - - -MAINTAINER terrana_steven@bah.com - -### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels -LABEL name="Solutions Delivery Platform: Jenkins Agent" \ - maintainer="terrana_steven@bah.com" \ - vendor="Booz Allen Hamilton" \ - version="1.0" \ - release="1.0" \ - summary="A container used by the openshift and kubernetes libraries within the Solutions Delivery Platform" \ - description="A container used by the openshift and kubernetes libraries within the Solutions Delivery Platform" - -### add licenses to this directory -COPY LICENSE /licenses - -ARG OC_VERSION=v3.11.0 -ARG HELM_VERSION=v2.15.2 -ARG KUBECTL_VERSION=v1.14.7 - -ARG user=sdp -ARG group=sdp -ARG uid=1000 -ARG gid=1000 -ARG SDP_HOME=/home/sdp_home - -ARG NEXUS_SERVER=${NEXUS_SERVER} -ARG NEXUS_USERNAME=${NEXUS_USERNAME} -ARG NEXUS_PASSWORD=${NEXUS_PASSWORD} - -RUN mkdir -p $SDP_HOME \ - && chown ${uid}:${gid} $SDP_HOME \ - && groupadd -g ${gid} ${group} \ - && useradd -d "$SDP_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} - - -### Add necessary Red Hat repos and packages here -RUN INSTALL_PKGS="tar openssl" && \ - yum --nogpgcheck --disablerepo unified_platform_ubi8_appstream --disablerepo unified_platform_ubi8_os --disableplugin=subscription-manager -y update --setopt=tsflags=nodocs \ - --security --sec-severity=Important --sec-severity=Critical && \ - yum --disablerepo=unified_platform_ubi8_os --disablerepo=unified_platform_ubi8_appstream --nogpgcheck --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} -# yum --nogpgcheck --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} - - -### Install your application here -- add all other necessary items to build your image -RUN mkdir -p /tmp/oc-client && cd /tmp/oc-client && \ - curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} https://${NEXUS_SERVER}/repository/dsop/solutions-delivery-platform/openshift/oc-${OC_VERSION}.tar.gz -O && \ - tar -xvf oc-${OC_VERSION}.tar.gz && \ - mv */oc /usr/local/bin/oc && \ - chmod +x /usr/local/bin/oc - - -RUN mkdir -p /tmp/helm && cd /tmp/helm && \ - curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} https://${NEXUS_SERVER}/repository/dsop/solutions-delivery-platform/openshift/helm-${HELM_VERSION}.tar.gz -O && \ - tar -xvf helm-${HELM_VERSION}.tar.gz && \ - mv */helm /usr/local/bin/helm && \ - chmod +x /usr/local/bin/helm - -RUN mkdir -p /tmp/kubectl && cd /tmp/kubectl && \ - curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} https://${NEXUS_SERVER}/repository/dsop/solutions-delivery-platform/openshift/kubectl-${KUBECTL_VERSION} -O && \ - mv kubectl-${KUBECTL_VERSION} /usr/local/bin/kubectl && \ - chmod +x /usr/local/bin/kubectl - - -RUN cd /root && rm -rf /tmp/oc-client && rm -rf /tmp/helm && rm -rf /tmp/kubectl - -USER ${user} diff --git a/1.0/README.md b/1.0/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/1.0/scripts/prebuild.sh b/1.0/scripts/prebuild.sh deleted file mode 100644 index 86c6a59..0000000 --- a/1.0/scripts/prebuild.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -#################################################### -# Prebuild script example only - do NOT use -# See https://dccscr.dsop.io/dsop/dccscr/tree/master/contributor-onboarding -#################################################### -set -e - -### Environment Variables ### -KUBECTL_VERSION=v1.14.7 -HELM_VERSION=v2.15.2 -OC_VERSION=v3.11.0 -VENDOR=BAH - -# These three variables are required to push whatever outside binaries your container needs at build time to our Nexus repo -NEXUS_SERVER=${NEXUS_SERVER} -NEXUS_USERNAME=${NEXUS_USERNAME} -NEXUS_PASSWORD=${NEXUS_PASSWORD} - - -### Download files/dependencies ### -# temporarily place your binaries locally in /tmp/${VENDOR}/ -curl --create-dirs https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl -o /tmp/${VENDOR}/kubectl-${KUBECTL_VERSION} -curl --create-dirs https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -o /tmp/${VENDOR}/helm-${HELM_VERSION}.tar.gz -curl -L --create-dirs https://github.com/openshift/origin/releases/download/${OC_VERSION}/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz -o /tmp/${VENDOR}/oc-${OC_VERSION}.tar.gz - - -### SHA256 Verification ### -# Verifying the files with the SHA256 is a requirement for all files -# Make sure to not download the SHA256 from the internet, but create it, check it and upload it to the Nexus repo -cd /tmp/${VENDOR} -for file in kubectl-${KUBECTL_VERSION} oc-${OC_VERSION}.tar.gz helm-${HELM_VERSION}.tar.gz -do - sha256sum ${file} | awk '{print $1}' > ${file}.sha256 \ - && echo "$(cat ${file}.sha256) ${file}" | sha256sum --check --status \ - && if [ $? == '0' ]; then printf "\nSHA256 check for ${file} succeeded\n\n"; \ - else printf "SHA256 check for ${file} failed\n\n"; fi -done - -### Nexus Repo Upload ### -for package in kubectl-${KUBECTL_VERSION} kubectl-${KUBECTL_VERSION}.sha256 oc-${OC_VERSION}.tar.gz oc-${OC_VERSION}.tar.gz.sha256 helm-${HELM_VERSION}.tar.gz helm-${HELM_VERSION}.tar.gz.sha256 -do - curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} -T /tmp/${VENDOR}/${package} https://${NEXUS_SERVER}/repository/dsop/solutions-delivery-platform/openshift/${package} -done - -cd - - - - diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..981c54f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,52 @@ +ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 +ARG BASE_IMAGE=redhat/ubi/ubi7 +ARG BASE_TAG=7.8 +#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +FROM nexus-docker-secure.levelup-dev.io/redhat/ubi/ubi7:7.8 + +MAINTAINER terrana_steven@bah.com + +### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels +LABEL name="Solutions Delivery Platform: Jenkins Agent" \ + maintainer="terrana_steven@bah.com" \ + vendor="Booz Allen Hamilton" \ + version="1.0" \ + release="1.0" \ + summary="A container used by the openshift and kubernetes libraries within the Solutions Delivery Platform" \ + description="A container used by the openshift and kubernetes libraries within the Solutions Delivery Platform" + +### add licenses to this directory +COPY LICENSE /licenses + +ARG OC_VERSION=v3.11.0 +ARG HELM_VERSION=v2.15.2 +ARG KUBECTL_VERSION=v1.14.7 + +ARG user=sdp +ARG group=sdp +ARG uid=1000 +ARG gid=1000 +ARG SDP_HOME=/home/sdp_home + +RUN mkdir -p $SDP_HOME \ + && chown ${uid}:${gid} $SDP_HOME \ + && groupadd -g ${gid} ${group} \ + && useradd -d "$SDP_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} + +ARG TARBALL=helm-dependencies-dcar-0.5.tar.gz +RUN mkdir /root/tmp +COPY ./${TARBALL} /root/tmp/. + +###Unpack tarball containing dependencies && place files into needed locations +RUN cd /root/tmp && tar -zxf ./${TARBALL} && rm -fv ./${TARBALL} && \ + mv dependencies/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit/oc /usr/local/bin/oc && \ + mv dependencies/linux-amd64/helm /usr/local/bin/helm && \ + mv dependencies/kubectl /usr/local/bin/kubectl && \ + chmod +x /usr/local/bin/oc && \ + chmod +x /usr/local/bin/helm && \ + chmod +x /usr/local/bin/kubectl && \ + cd - && rm -rf /root/tmp + +USER ${user} + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD which oc && which kubectl && which helm diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..51146a4 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,2 @@ +@Library('DCCSCR@master') _ +dccscrPipeline(version: "ubi7-helm-2.15.2") diff --git a/1.0/LICENSE b/LICENSE similarity index 100% rename from 1.0/LICENSE rename to LICENSE diff --git a/download.json b/download.json new file mode 100644 index 0000000..a84b776 --- /dev/null +++ b/download.json @@ -0,0 +1,8 @@ +{ "resources": + [ + { "url" : "https://github.com/boozallen/sdp-images/releases/download/dcar-0.5/helm-dependencies-dcar-0.5.tar.gz", + "filename": "helm-dependencies-dcar-0.5.tar.gz", + "sha256": "a1255aeda4dacc3b0abecd90c3e421a17abfcdca21ff5a05c1c0374703f85c43" + } + ] +} -- GitLab From 176134ab1bbe825a5b81ae4ed1cb55efcd9ee59e Mon Sep 17 00:00:00 2001 From: CSpicer Date: Thu, 26 Mar 2020 09:33:39 -0400 Subject: [PATCH 2/3] Updated README.md --- README.md | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4781778..364aa3e 100644 --- a/README.md +++ b/README.md @@ -1 +1,32 @@ -# OpenShift & Helm \ No newline at end of file +# Openshift Helm Container Application Version 2.15.2 + +## Introduction +This container hosts the OpenShift Helm application to be used as part of the Solution Delivery Platform. + +## Container Variables + +The following is a list of variables used in the Dockerfile: +``` +ARG BASE_REGISTRY = defines the registry portion of the OS image to be used in the FROM command. +ARG BASE_IMAGE = defines the image portion of the OS image to be used in the FROM command. +ARG BASE_TAG = defines the tag portion of the OS image to be used in the FROM command. +ARG OC_VERSION = version of the OpenShift Client application used in the container (v3.11.0) +ARG HELM_VERSION = version of the Helm application used in the container (v2.15.2) +ARG KUBECTL_VERSION = version of the Kubectl application used in the container (v1.14.7) +ARG user = non-root user name +ARG group = non-root user group name +ARG uid = non-root user id (1000 by default) +ARG gid = non-root user group id (1000 by default) +ARG SDP_HOME = establishes PATH for user home directory (EX: /home/sdp_home) +ARG TARBALL = name of the tarball dependency bundle containing the applications to install +``` + +## Notes +When building the container image, feel free to alter the BASE_REGISTRY, BASE_IMAGE, and BASE_TAG variables to load an appropriate OS image. By default, an UBI7 image will be used. +No special considerations to be taken when running the container image. By default no applications start at runtime and will have to be started by using the container CLI or explicitly calling each application at runtime. To explicitly start the Helm, OpenShift Client, and Kubectl applications at runtime use: +``` +docker run helm && oc && kubectl +``` + +## Recommended resources for the image +System requirements, including memory and CPU, will be derived from the Jenkins Agent Container as this container will be running inside of the Jenkins Agent Container. Default image size of the Helm container is 528 MB, subject to change if OS base image is changed. One container instance and storage volume is sufficient for base operations. -- GitLab From 5f0d1b1348bbda6df547c342184bc0d1d647b383 Mon Sep 17 00:00:00 2001 From: CSpicer Date: Thu, 26 Mar 2020 09:49:32 -0400 Subject: [PATCH 3/3] cleaned up dockerfile --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 981c54f..7435f9a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,7 @@ ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_IMAGE=redhat/ubi/ubi7 ARG BASE_TAG=7.8 -#FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -FROM nexus-docker-secure.levelup-dev.io/redhat/ubi/ubi7:7.8 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} MAINTAINER terrana_steven@bah.com -- GitLab