Commit Graph

98 Commits

Author SHA1 Message Date
ce92965408 Update 'Dockerfile'
Some checks failed
continuous-integration/drone/push Build is failing
2023-10-31 14:45:58 +00:00
92a9f8093f Update 'Dockerfile'
Some checks reported errors
continuous-integration/drone/push Build encountered an error
2023-10-31 14:08:09 +00:00
089c872190 Update 'Dockerfile'
Some checks failed
continuous-integration/drone/push Build is failing
2023-10-31 13:57:38 +00:00
0a2f6e4e7a Update 'Dockerfile'
Some checks failed
continuous-integration/drone/push Build is failing
2023-10-31 13:56:11 +00:00
85e3359831 Update 'Dockerfile'
Some checks failed
continuous-integration/drone/push Build is failing
2023-10-31 13:50:59 +00:00
Joshua Casey
ec532f622f Bump golang to 1.21.3 in Dockerfiles 2023-10-16 08:28:13 -05:00
Joshua Casey
1409f236da Bump dockerfiles to golang:1.21.2 2023-10-09 09:28:27 -05:00
Ryan Richard
776e436e35 Support building and deploying multi-arch linux amd64 and arm64 images 2023-10-04 08:55:26 -07:00
Joshua Casey
1bab4ccdb7 Bump to go1.20.1 2023-09-10 19:35:31 -05:00
Joshua Casey
5effb1a89b Bump to golang 1.21.0, and bump all golang deps 2023-09-06 14:52:01 -05:00
Joshua Casey
38230fc518 Use pversion to retrieve buildtime information 2023-08-28 11:54:27 -05:00
Joshua Casey
8dec84b3b2 Bump golang to 1.20.7 2023-08-03 13:39:51 -05:00
Joshua Casey
38c281331a Bump base images to go1.20.6 in Dockerfiles 2023-07-19 13:25:57 -05:00
Joshua Casey
314ec48f46 Bump to golang:1.20.5 2023-07-06 16:48:25 -07:00
Ryan Richard
4756df08cb Bump golang from 1.20.3 to 1.20.4 2023-05-10 10:36:03 -07:00
Joshua Casey
93f51c1a1d Bump Dockerfiles to go1.20.3 2023-04-05 09:12:10 -05:00
Joshua Casey
a783a5d6b2 Bump to golang 1.20.2 2023-03-16 09:42:15 -05:00
Joshua Casey
2bd24f674a Bump golang in Dockerfiles to 1.20.1 2023-02-27 14:16:49 -06:00
Joshua Casey
6926c1ab64 Bump Golang to 1.19.5
Resolves #1368
2023-01-17 21:20:37 -06:00
Ryan Richard
6d3ed73eee Bump Go 1.19.1 -> 1.19.4, and go-boringcrypto 1.18.6b7 -> 1.18.9b7 2022-12-15 09:40:32 -08:00
Ryan Richard
bad95c072e Upgrade project dependencies to latest
- Upgrade Go used in CI from 1.19.0 to 1.19.1
- Upgrade all go.mod direct dependencies to latest available versions
- Upgrade distroless base image to latest available version
- Upgrade Go fips compiler to to latest available version

Note that upgrading the go-oidc library changed an error message
returned by that library, so update the places where tests were
expecting that error message.
2022-09-23 14:41:54 -07:00
dependabot[bot]
f320a04125
Bump distroless/static from 2556293 to 66cd130
Bumps distroless/static from `2556293` to `66cd130`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-24 23:40:35 +00:00
Ryan Richard
fe083f73fc Bump to golang 1.19.0 and to latest distroless base image
For fips dockerfile, the fips 1.19 compiler has not been released yet,
so bump to the latest available.
2022-08-24 11:18:53 -07:00
Ryan Richard
7751c0bf59
Bump project deps, including kube 0.23.6->0.24.1 and Go 1.18.1->1.18.3
Several API changes in Kube required changes in Pinniped code.

Signed-off-by: Monis Khan <mok@vmware.com>
2022-06-07 15:26:30 -04:00
dependabot[bot]
2fa81546f3
Bump distroless/static from 80c956f to 2556293
Bumps distroless/static from `80c956f` to `2556293`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-14 14:51:17 +00:00
Monis Khan
8fd77b72df
Bump to go1.18.1 and fix linter errors
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-13 16:43:06 -04:00
Ryan Richard
25d20d4081 Merge branch 'main' into disable_http 2022-04-05 09:00:26 -07:00
Monis Khan
15bc6a4a67
Add more details to FIPS comments
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:56:38 -04:00
Ryan Richard
8d12c1b674 HTTP listener: default disabled and may only bind to loopback interfaces 2022-03-24 15:46:10 -07:00
dependabot[bot]
8182a233d1
Bump golang from 1.17.7 to 1.17.8
Bumps golang from 1.17.7 to 1.17.8.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-07 01:20:25 +00:00
dependabot[bot]
93e4d5d956
Bump golang from 1.17.6 to 1.17.7
Bumps golang from 1.17.6 to 1.17.7.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-11 01:13:54 +00:00
Ryan Richard
814399324f Merge branch 'main' into upstream_access_revocation_during_gc 2022-01-14 10:49:22 -08:00
dependabot[bot]
f2b4d667d1
Bump golang from 1.17.5 to 1.17.6
Bumps golang from 1.17.5 to 1.17.6.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-07 01:04:10 +00:00
dependabot[bot]
a0ddf4a945
Bump distroless/static from bca3c20 to 80c956f
Bumps distroless/static from `bca3c20` to `80c956f`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-27 01:17:24 +00:00
dependabot[bot]
884d18bade
Bump golang from 1.17.4 to 1.17.5
Bumps golang from 1.17.4 to 1.17.5.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-10 17:03:50 +00:00
dependabot[bot]
db68fc3a2b
Bump golang from 1.17.3 to 1.17.4
Bumps golang from 1.17.3 to 1.17.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-06 01:14:25 +00:00
Ryan Richard
2383a88612 Add aggregatedAPIServerPort to the Concierge's static ConfigMap
- Allow the port number to be configured to any value within the
  range 1024 to 65535
- This commit does not include adding new config knobs to the ytt
  values file, so while it is possible to change this port without
  needing to recompile, it is not convenient
2021-11-16 16:43:51 -08:00
dependabot[bot]
2aeb464b43
Bump golang from 1.17.2 to 1.17.3
Bumps golang from 1.17.2 to 1.17.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-06 00:55:39 +00:00
Monis Khan
a042f74a88
Dockerfile: build all files and trim file system paths
Use "..." instead of "main.go" as the build target since we may have
extra files in the future.

https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies

-trimpath
	remove all file system paths from the resulting executable.
	Instead of absolute file system paths, the recorded file names
	will begin with either "go" (for the standard library),
	or a module path@version (when using modules),
	or a plain import path (when using GOPATH).

Signed-off-by: Monis Khan <mok@vmware.com>
2021-11-03 10:26:13 -04:00
dependabot[bot]
1c3545e234
Bump distroless/static from 07869ab to bca3c20
Bumps distroless/static from `07869ab` to `bca3c20`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-28 01:02:33 +00:00
Monis Khan
7921a58988
Use 65532 instead of 1001 as non-root user
Signed-off-by: Monis Khan <mok@vmware.com>
2021-10-25 16:21:54 -04:00
dependabot[bot]
d1d954bb3b
Bump golang from 1.17.1 to 1.17.2
Bumps golang from 1.17.1 to 1.17.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-10-08 01:03:52 +00:00
dependabot[bot]
19cecc3235
Bump distroless/static from be5d77c to 7cb5539
Bumps distroless/static from `be5d77c` to `7cb5539`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-30 17:09:57 +00:00
dependabot[bot]
92ccc0ec84
Bump golang from 1.17.0 to 1.17.1
Bumps golang from 1.17.0 to 1.17.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-13 01:13:32 +00:00
dependabot[bot]
1bb8a43e04
Bump distroless/static from c9f9b04 to be5d77c
Bumps distroless/static from `c9f9b04` to `be5d77c`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-02 03:00:24 +00:00
Monis Khan
44f03af4b9
Bump to Go 1.17.0
Signed-off-by: Monis Khan <mok@vmware.com>
2021-08-27 09:00:49 -04:00
Monis Khan
25b4d82d87
Bump to Go 1.16.7 and Kube v0.22.0
Signed-off-by: Monis Khan <mok@vmware.com>
2021-08-09 15:32:13 -04:00
Matt Moyer
58bbffded4
Switch to a slimmer distroless base image.
At a high level, it switches us to a distroless base container image, but that also includes several related bits:

- Add a writable /tmp but make the rest of our filesystems read-only at runtime.

- Condense our main server binaries into a single pinniped-server binary. This saves a bunch of space in
  the image due to duplicated library code. The correct behavior is dispatched based on `os.Args[0]`, and
  the `pinniped-server` binary is symlinked to `pinniped-concierge` and `pinniped-supervisor`.

- Strip debug symbols from our binaries. These aren't really useful in a distroless image anyway and all the
  normal stuff you'd expect to work, such as stack traces, still does.

- Add a separate `pinniped-concierge-kube-cert-agent` binary with "sleep" and "print" functionality instead of
  using builtin /bin/sleep and /bin/cat for the kube-cert-agent. This is split from the main server binary
  because the loading/init time of the main server binary was too large for the tiny resource footprint we
  established in our kube-cert-agent PodSpec. Using a separate binary eliminates this issue and the extra
  binary adds only around 1.5MiB of image size.

- Switch the kube-cert-agent code to use a JSON `{"tls.crt": "<b64 cert>", "tls.key": "<b64 key>"}` format.
  This is more robust to unexpected input formatting than the old code, which simply concatenated the files
  with some extra newlines and split on whitespace.

- Update integration tests that made now-invalid assumptions about the `pinniped-server` image.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-08-09 15:05:13 -04:00
Monis Khan
32c9aa5087
Bump to Go 1.16.6 and Kube v0.21.3
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-27 14:18:08 -04:00
dependabot[bot]
125d891cd5
Bump debian from 10.9-slim to 10.10-slim
Bumps debian from 10.9-slim to 10.10-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-23 01:02:44 +00:00