pjbgf/Dockerfile

## Dockerfile
FROM alpine

ARG KUBECTL_VERSION="1.21.7"

RUN apk add curl

RUN curl -LO "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
    curl -LO "https://dl.k8s.io/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256" && \
    echo "$(cat kubectl.sha256)  kubectl" | sha256sum -c && \
    install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

RUN curl -LO "https://github.com/kubernetes/kubernetes/files/6823580/aggregate_to_edit_no_endpoints.yaml.txt"

RUN echo "kubectl annotate --overwrite clusterrole/system:aggregate-to-edit rbac.authorization.kubernetes.io/autoupdate=true" > /patch-CVE-2021-25740 \
    && echo "kubectl auth reconcile --remove-extra-permissions -f aggregate_to_edit_no_endpoints.yaml.txt" >> /patch-CVE-2021-25740 \
    && echo "kubectl annotate --overwrite clusterrole/system:aggregate-to-edit rbac.authorization.kubernetes.io/autoupdate=false" >> /patch-CVE-2021-25740 \
    && chmod +x /patch-CVE-2021-25740

ENTRYPOINT [ "/patch-CVE-2021-25740" ]
	FROM alpine

	ARG KUBECTL_VERSION="1.21.7"

	RUN apk add curl

	RUN curl -LO "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
	curl -LO "https://dl.k8s.io/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl.sha256" && \
	echo "$(cat kubectl.sha256) kubectl" \| sha256sum -c && \
	install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

	RUN curl -LO "https://github.com/kubernetes/kubernetes/files/6823580/aggregate_to_edit_no_endpoints.yaml.txt"

	RUN echo "kubectl annotate --overwrite clusterrole/system:aggregate-to-edit rbac.authorization.kubernetes.io/autoupdate=true" > /patch-CVE-2021-25740 \
	&& echo "kubectl auth reconcile --remove-extra-permissions -f aggregate_to_edit_no_endpoints.yaml.txt" >> /patch-CVE-2021-25740 \
	&& echo "kubectl annotate --overwrite clusterrole/system:aggregate-to-edit rbac.authorization.kubernetes.io/autoupdate=false" >> /patch-CVE-2021-25740 \
	&& chmod +x /patch-CVE-2021-25740

	ENTRYPOINT [ "/patch-CVE-2021-25740" ]