0a2f6e4e7a
Update 'Dockerfile'
continuous-integration/drone/push Build is failing
2023-10-31 13:56:11 +00:00
85e3359831
Update 'Dockerfile'
continuous-integration/drone/push Build is failing
2023-10-31 13:50:59 +00:00
Joshua Casey
ec532f622f
Bump golang to 1.21.3 in Dockerfiles
2023-10-16 08:28:13 -05:00
Joshua Casey
1409f236da
Bump dockerfiles to golang:1.21.2
2023-10-09 09:28:27 -05:00
Ryan Richard
776e436e35
Support building and deploying multi-arch linux amd64 and arm64 images
2023-10-04 08:55:26 -07:00
Joshua Casey
1bab4ccdb7
Bump to go1.20.1
2023-09-10 19:35:31 -05:00
Joshua Casey
5effb1a89b
Bump to golang 1.21.0, and bump all golang deps
2023-09-06 14:52:01 -05:00
Joshua Casey
38230fc518
Use pversion to retrieve buildtime information
2023-08-28 11:54:27 -05:00
Joshua Casey
8dec84b3b2
Bump golang to 1.20.7
2023-08-03 13:39:51 -05:00
Joshua Casey
38c281331a
Bump base images to go1.20.6 in Dockerfiles
2023-07-19 13:25:57 -05:00
Joshua Casey
314ec48f46
Bump to golang:1.20.5
2023-07-06 16:48:25 -07:00
Ryan Richard
4756df08cb
Bump golang from 1.20.3 to 1.20.4
2023-05-10 10:36:03 -07:00
Joshua Casey
93f51c1a1d
Bump Dockerfiles to go1.20.3
2023-04-05 09:12:10 -05:00
Joshua Casey
a783a5d6b2
Bump to golang 1.20.2
2023-03-16 09:42:15 -05:00
Joshua Casey
2bd24f674a
Bump golang in Dockerfiles to 1.20.1
2023-02-27 14:16:49 -06:00
Joshua Casey
6926c1ab64
Bump Golang to 1.19.5
...
Resolves #1368
2023-01-17 21:20:37 -06:00
Ryan Richard
6d3ed73eee
Bump Go 1.19.1 -> 1.19.4, and go-boringcrypto 1.18.6b7 -> 1.18.9b7
2022-12-15 09:40:32 -08:00
Ryan Richard
bad95c072e
Upgrade project dependencies to latest
...
- Upgrade Go used in CI from 1.19.0 to 1.19.1
- Upgrade all go.mod direct dependencies to latest available versions
- Upgrade distroless base image to latest available version
- Upgrade Go fips compiler to to latest available version
Note that upgrading the go-oidc library changed an error message
returned by that library, so update the places where tests were
expecting that error message.
2022-09-23 14:41:54 -07:00
dependabot[bot]
f320a04125
Bump distroless/static from 2556293
to 66cd130
...
Bumps distroless/static from `2556293` to `66cd130`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-24 23:40:35 +00:00
Ryan Richard
fe083f73fc
Bump to golang 1.19.0 and to latest distroless base image
...
For fips dockerfile, the fips 1.19 compiler has not been released yet,
so bump to the latest available.
2022-08-24 11:18:53 -07:00
Ryan Richard
7751c0bf59
Bump project deps, including kube 0.23.6->0.24.1 and Go 1.18.1->1.18.3
...
Several API changes in Kube required changes in Pinniped code.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-06-07 15:26:30 -04:00
dependabot[bot]
2fa81546f3
Bump distroless/static from 80c956f
to 2556293
...
Bumps distroless/static from `80c956f` to `2556293`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-14 14:51:17 +00:00
Monis Khan
8fd77b72df
Bump to go1.18.1 and fix linter errors
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-13 16:43:06 -04:00
Ryan Richard
25d20d4081
Merge branch 'main' into disable_http
2022-04-05 09:00:26 -07:00
Monis Khan
15bc6a4a67
Add more details to FIPS comments
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:56:38 -04:00
Ryan Richard
8d12c1b674
HTTP listener: default disabled and may only bind to loopback interfaces
2022-03-24 15:46:10 -07:00
dependabot[bot]
8182a233d1
Bump golang from 1.17.7 to 1.17.8
...
Bumps golang from 1.17.7 to 1.17.8.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-07 01:20:25 +00:00
dependabot[bot]
93e4d5d956
Bump golang from 1.17.6 to 1.17.7
...
Bumps golang from 1.17.6 to 1.17.7.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-11 01:13:54 +00:00
Ryan Richard
814399324f
Merge branch 'main' into upstream_access_revocation_during_gc
2022-01-14 10:49:22 -08:00
dependabot[bot]
f2b4d667d1
Bump golang from 1.17.5 to 1.17.6
...
Bumps golang from 1.17.5 to 1.17.6.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-07 01:04:10 +00:00
dependabot[bot]
a0ddf4a945
Bump distroless/static from bca3c20
to 80c956f
...
Bumps distroless/static from `bca3c20` to `80c956f`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-27 01:17:24 +00:00
dependabot[bot]
884d18bade
Bump golang from 1.17.4 to 1.17.5
...
Bumps golang from 1.17.4 to 1.17.5.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-10 17:03:50 +00:00
dependabot[bot]
db68fc3a2b
Bump golang from 1.17.3 to 1.17.4
...
Bumps golang from 1.17.3 to 1.17.4.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-06 01:14:25 +00:00
Ryan Richard
2383a88612
Add aggregatedAPIServerPort to the Concierge's static ConfigMap
...
- Allow the port number to be configured to any value within the
range 1024 to 65535
- This commit does not include adding new config knobs to the ytt
values file, so while it is possible to change this port without
needing to recompile, it is not convenient
2021-11-16 16:43:51 -08:00
dependabot[bot]
2aeb464b43
Bump golang from 1.17.2 to 1.17.3
...
Bumps golang from 1.17.2 to 1.17.3.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-11-06 00:55:39 +00:00
Monis Khan
a042f74a88
Dockerfile: build all files and trim file system paths
...
Use "..." instead of "main.go" as the build target since we may have
extra files in the future.
https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies
-trimpath
remove all file system paths from the resulting executable.
Instead of absolute file system paths, the recorded file names
will begin with either "go" (for the standard library),
or a module path@version (when using modules),
or a plain import path (when using GOPATH).
Signed-off-by: Monis Khan <mok@vmware.com>
2021-11-03 10:26:13 -04:00
dependabot[bot]
1c3545e234
Bump distroless/static from 07869ab
to bca3c20
...
Bumps distroless/static from `07869ab` to `bca3c20`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-10-28 01:02:33 +00:00
Monis Khan
7921a58988
Use 65532 instead of 1001 as non-root user
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-10-25 16:21:54 -04:00
dependabot[bot]
d1d954bb3b
Bump golang from 1.17.1 to 1.17.2
...
Bumps golang from 1.17.1 to 1.17.2.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-10-08 01:03:52 +00:00
dependabot[bot]
19cecc3235
Bump distroless/static from be5d77c
to 7cb5539
...
Bumps distroless/static from `be5d77c` to `7cb5539`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-09-30 17:09:57 +00:00
dependabot[bot]
92ccc0ec84
Bump golang from 1.17.0 to 1.17.1
...
Bumps golang from 1.17.0 to 1.17.1.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-09-13 01:13:32 +00:00
dependabot[bot]
1bb8a43e04
Bump distroless/static from c9f9b04
to be5d77c
...
Bumps distroless/static from `c9f9b04` to `be5d77c`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-09-02 03:00:24 +00:00
Monis Khan
44f03af4b9
Bump to Go 1.17.0
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-08-27 09:00:49 -04:00
Monis Khan
25b4d82d87
Bump to Go 1.16.7 and Kube v0.22.0
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-08-09 15:32:13 -04:00
Matt Moyer
58bbffded4
Switch to a slimmer distroless base image.
...
At a high level, it switches us to a distroless base container image, but that also includes several related bits:
- Add a writable /tmp but make the rest of our filesystems read-only at runtime.
- Condense our main server binaries into a single pinniped-server binary. This saves a bunch of space in
the image due to duplicated library code. The correct behavior is dispatched based on `os.Args[0]`, and
the `pinniped-server` binary is symlinked to `pinniped-concierge` and `pinniped-supervisor`.
- Strip debug symbols from our binaries. These aren't really useful in a distroless image anyway and all the
normal stuff you'd expect to work, such as stack traces, still does.
- Add a separate `pinniped-concierge-kube-cert-agent` binary with "sleep" and "print" functionality instead of
using builtin /bin/sleep and /bin/cat for the kube-cert-agent. This is split from the main server binary
because the loading/init time of the main server binary was too large for the tiny resource footprint we
established in our kube-cert-agent PodSpec. Using a separate binary eliminates this issue and the extra
binary adds only around 1.5MiB of image size.
- Switch the kube-cert-agent code to use a JSON `{"tls.crt": "<b64 cert>", "tls.key": "<b64 key>"}` format.
This is more robust to unexpected input formatting than the old code, which simply concatenated the files
with some extra newlines and split on whitespace.
- Update integration tests that made now-invalid assumptions about the `pinniped-server` image.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-08-09 15:05:13 -04:00
Monis Khan
32c9aa5087
Bump to Go 1.16.6 and Kube v0.21.3
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-27 14:18:08 -04:00
dependabot[bot]
125d891cd5
Bump debian from 10.9-slim to 10.10-slim
...
Bumps debian from 10.9-slim to 10.10-slim.
---
updated-dependencies:
- dependency-name: debian
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-06-23 01:02:44 +00:00
dependabot[bot]
f417f706b9
Bump golang from 1.16.4 to 1.16.5
...
Bumps golang from 1.16.4 to 1.16.5.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-06-04 06:00:24 +00:00
dependabot[bot]
2634c9f04a
Bump golang from 1.16.3 to 1.16.4
...
Bumps golang from 1.16.3 to 1.16.4.
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-07 05:49:58 +00:00
dependabot[bot]
30f476e1ac
Bump golang from 1.16.2 to 1.16.3
...
Bumps golang from 1.16.2 to 1.16.3.
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-02 05:56:43 +00:00