djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,553 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

98 Commits

Author SHA1 Message Date
Danny Bessems ce92965408 Update 'Dockerfile'
continuous-integration/drone/push Build is failing Details
2023-10-31 14:45:58 +00:00
Danny Bessems 92a9f8093f Update 'Dockerfile'
continuous-integration/drone/push Build encountered an error Details
2023-10-31 14:08:09 +00:00
Danny Bessems 089c872190 Update 'Dockerfile'
continuous-integration/drone/push Build is failing Details
2023-10-31 13:57:38 +00:00
Danny Bessems 0a2f6e4e7a Update 'Dockerfile'
continuous-integration/drone/push Build is failing Details
2023-10-31 13:56:11 +00:00
Danny Bessems 85e3359831 Update 'Dockerfile'
continuous-integration/drone/push Build is failing Details
2023-10-31 13:50:59 +00:00
Joshua Casey ec532f622f Bump golang to 1.21.3 in Dockerfiles 2023-10-16 08:28:13 -05:00
Joshua Casey 1409f236da Bump dockerfiles to golang:1.21.2 2023-10-09 09:28:27 -05:00
Ryan Richard 776e436e35 Support building and deploying multi-arch linux amd64 and arm64 images 2023-10-04 08:55:26 -07:00
Joshua Casey 1bab4ccdb7 Bump to go1.20.1 2023-09-10 19:35:31 -05:00
Joshua Casey 5effb1a89b Bump to golang 1.21.0, and bump all golang deps 2023-09-06 14:52:01 -05:00
Joshua Casey 38230fc518 Use pversion to retrieve buildtime information 2023-08-28 11:54:27 -05:00
Joshua Casey 8dec84b3b2 Bump golang to 1.20.7 2023-08-03 13:39:51 -05:00
Joshua Casey 38c281331a Bump base images to go1.20.6 in Dockerfiles 2023-07-19 13:25:57 -05:00
Joshua Casey 314ec48f46 Bump to golang:1.20.5 2023-07-06 16:48:25 -07:00
Ryan Richard 4756df08cb Bump golang from 1.20.3 to 1.20.4 2023-05-10 10:36:03 -07:00
Joshua Casey 93f51c1a1d Bump Dockerfiles to go1.20.3 2023-04-05 09:12:10 -05:00
Joshua Casey a783a5d6b2 Bump to golang 1.20.2 2023-03-16 09:42:15 -05:00
Joshua Casey 2bd24f674a Bump golang in Dockerfiles to 1.20.1 2023-02-27 14:16:49 -06:00
Joshua Casey 6926c1ab64 Bump Golang to 1.19.5 
Resolves #1368
 2023-01-17 21:20:37 -06:00
Ryan Richard 6d3ed73eee Bump Go 1.19.1 -> 1.19.4, and go-boringcrypto 1.18.6b7 -> 1.18.9b7 2022-12-15 09:40:32 -08:00
Ryan Richard bad95c072e Upgrade project dependencies to latest 
- Upgrade Go used in CI from 1.19.0 to 1.19.1
- Upgrade all go.mod direct dependencies to latest available versions
- Upgrade distroless base image to latest available version
- Upgrade Go fips compiler to to latest available version

Note that upgrading the go-oidc library changed an error message
returned by that library, so update the places where tests were
expecting that error message.
 2022-09-23 14:41:54 -07:00
dependabot[bot] f320a04125
Bump distroless/static from `2556293` to `66cd130` 
Bumps distroless/static from `2556293` to `66cd130`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-24 23:40:35 +00:00
Ryan Richard fe083f73fc Bump to golang 1.19.0 and to latest distroless base image 
For fips dockerfile, the fips 1.19 compiler has not been released yet,
so bump to the latest available.
 2022-08-24 11:18:53 -07:00
Ryan Richard 7751c0bf59
Bump project deps, including kube 0.23.6->0.24.1 and Go 1.18.1->1.18.3 
Several API changes in Kube required changes in Pinniped code.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-06-07 15:26:30 -04:00
dependabot[bot] 2fa81546f3
Bump distroless/static from `80c956f` to `2556293` 
Bumps distroless/static from `80c956f` to `2556293`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-14 14:51:17 +00:00
Monis Khan 8fd77b72df
Bump to go1.18.1 and fix linter errors 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-13 16:43:06 -04:00
Ryan Richard 25d20d4081 Merge branch 'main' into disable_http 2022-04-05 09:00:26 -07:00
Monis Khan 15bc6a4a67
Add more details to FIPS comments 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-01 10:56:38 -04:00
Ryan Richard 8d12c1b674 HTTP listener: default disabled and may only bind to loopback interfaces 2022-03-24 15:46:10 -07:00
dependabot[bot] 8182a233d1
Bump golang from 1.17.7 to 1.17.8 
Bumps golang from 1.17.7 to 1.17.8.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-07 01:20:25 +00:00
dependabot[bot] 93e4d5d956
Bump golang from 1.17.6 to 1.17.7 
Bumps golang from 1.17.6 to 1.17.7.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-11 01:13:54 +00:00
Ryan Richard 814399324f Merge branch 'main' into upstream_access_revocation_during_gc 2022-01-14 10:49:22 -08:00
dependabot[bot] f2b4d667d1
Bump golang from 1.17.5 to 1.17.6 
Bumps golang from 1.17.5 to 1.17.6.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-07 01:04:10 +00:00
dependabot[bot] a0ddf4a945
Bump distroless/static from `bca3c20` to `80c956f` 
Bumps distroless/static from `bca3c20` to `80c956f`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-27 01:17:24 +00:00
dependabot[bot] 884d18bade
Bump golang from 1.17.4 to 1.17.5 
Bumps golang from 1.17.4 to 1.17.5.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-10 17:03:50 +00:00
dependabot[bot] db68fc3a2b
Bump golang from 1.17.3 to 1.17.4 
Bumps golang from 1.17.3 to 1.17.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-06 01:14:25 +00:00
Ryan Richard 2383a88612 Add aggregatedAPIServerPort to the Concierge's static ConfigMap 
- Allow the port number to be configured to any value within the
  range 1024 to 65535
- This commit does not include adding new config knobs to the ytt
  values file, so while it is possible to change this port without
  needing to recompile, it is not convenient
 2021-11-16 16:43:51 -08:00
dependabot[bot] 2aeb464b43
Bump golang from 1.17.2 to 1.17.3 
Bumps golang from 1.17.2 to 1.17.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-06 00:55:39 +00:00
Monis Khan a042f74a88
Dockerfile: build all files and trim file system paths 
Use "..." instead of "main.go" as the build target since we may have
extra files in the future.

https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies

-trimpath
	remove all file system paths from the resulting executable.
	Instead of absolute file system paths, the recorded file names
	will begin with either "go" (for the standard library),
	or a module path@version (when using modules),
	or a plain import path (when using GOPATH).

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-11-03 10:26:13 -04:00
dependabot[bot] 1c3545e234
Bump distroless/static from `07869ab` to `bca3c20` 
Bumps distroless/static from `07869ab` to `bca3c20`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-28 01:02:33 +00:00
Monis Khan 7921a58988
Use 65532 instead of 1001 as non-root user 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-10-25 16:21:54 -04:00
dependabot[bot] d1d954bb3b
Bump golang from 1.17.1 to 1.17.2 
Bumps golang from 1.17.1 to 1.17.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-08 01:03:52 +00:00
dependabot[bot] 19cecc3235
Bump distroless/static from `be5d77c` to `7cb5539` 
Bumps distroless/static from `be5d77c` to `7cb5539`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-30 17:09:57 +00:00
dependabot[bot] 92ccc0ec84
Bump golang from 1.17.0 to 1.17.1 
Bumps golang from 1.17.0 to 1.17.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-13 01:13:32 +00:00
dependabot[bot] 1bb8a43e04
Bump distroless/static from `c9f9b04` to `be5d77c` 
Bumps distroless/static from `c9f9b04` to `be5d77c`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-02 03:00:24 +00:00
Monis Khan 44f03af4b9
Bump to Go 1.17.0 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-08-27 09:00:49 -04:00
Monis Khan 25b4d82d87
Bump to Go 1.16.7 and Kube v0.22.0 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-08-09 15:32:13 -04:00
Matt Moyer 58bbffded4
Switch to a slimmer distroless base image. 
At a high level, it switches us to a distroless base container image, but that also includes several related bits:

- Add a writable /tmp but make the rest of our filesystems read-only at runtime.

- Condense our main server binaries into a single pinniped-server binary. This saves a bunch of space in
  the image due to duplicated library code. The correct behavior is dispatched based on `os.Args[0]`, and
  the `pinniped-server` binary is symlinked to `pinniped-concierge` and `pinniped-supervisor`.

- Strip debug symbols from our binaries. These aren't really useful in a distroless image anyway and all the
  normal stuff you'd expect to work, such as stack traces, still does.

- Add a separate `pinniped-concierge-kube-cert-agent` binary with "sleep" and "print" functionality instead of
  using builtin /bin/sleep and /bin/cat for the kube-cert-agent. This is split from the main server binary
  because the loading/init time of the main server binary was too large for the tiny resource footprint we
  established in our kube-cert-agent PodSpec. Using a separate binary eliminates this issue and the extra
  binary adds only around 1.5MiB of image size.

- Switch the kube-cert-agent code to use a JSON `{"tls.crt": "<b64 cert>", "tls.key": "<b64 key>"}` format.
  This is more robust to unexpected input formatting than the old code, which simply concatenated the files
  with some extra newlines and split on whitespace.

- Update integration tests that made now-invalid assumptions about the `pinniped-server` image.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-08-09 15:05:13 -04:00
Monis Khan 32c9aa5087
Bump to Go 1.16.6 and Kube v0.21.3 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-07-27 14:18:08 -04:00
dependabot[bot] 125d891cd5
Bump debian from 10.9-slim to 10.10-slim 
Bumps debian from 10.9-slim to 10.10-slim.

---
updated-dependencies:
- dependency-name: debian
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-23 01:02:44 +00:00