Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: Migrate to rancher/kuberlr-kubectl #606

Merged
merged 3 commits into from
Jan 10, 2025
Merged

deps: Migrate to rancher/kuberlr-kubectl #606

merged 3 commits into from
Jan 10, 2025

Conversation

viccuad
Copy link
Member

@viccuad viccuad commented Jan 8, 2025
edited
Loading

Description

Fix kubewarden/kubewarden-controller#907

Test

E2E tests.

Additional Information

This PR bumps the kuberlr-kubectl image to v3.0.0. Once this is merged, I will have an eye for the updatecli automated bump to v4.0.0 as a means of testing that automation.

Tradeoff

Potential improvement

viccuad added 2 commits January 8, 2025 11:39
@viccuad
ci(updatecli): Migrate to rancher/kuberlr-kubectl
e3fb804 
Bump rancher/kuberlr-kubectl instead of kubewarden/kubectl.

Signed-off-by: Víctor Cuadrado Juan <[email protected]>
@viccuad
deps: Migrate to rancher/kuberlr-kubectl
c37ceff 
Instead of using a hardcoded kubectl version as we did with
kubewarden/kubectl image, migrate to `kuberlr-kubectl`.

kuberlr-kubectl image bundles several kubectl binaries that correspond
with the Kubernetes versions supported by Rancher. This simplifies
airgap installations.

In addition, kuberlr-kubectl will download a matching kubectl binary
if the Kubernetes API server is out of the Kubernetes version skew
policy of the kubectl binaries it bundles. This ensures we always
have a correct kubectl binary.

Signed-off-by: Víctor Cuadrado Juan <[email protected]>
@viccuad viccuad requested a review from a team as a code owner January 8, 2025 11:49
flavio
flavio approved these changes Jan 8, 2025
View reviewed changes
Copy link
Member

@flavio flavio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, the e2e tests failure seems a glitch unrelated with this PR.

@viccuad
fix: Set uid,gid for rancher/kuberlr-kubectl image
87acea5 
The image ships with the correct non root user and the corresponding
/etc/passwd & /etc/groups, yet one gets
"Error: container has runAsNonRoot and image has non-numeric user (kuberlr), cannot verify user is non-root"
if one doesn't set runAsUser,runAsGroup.

Signed-off-by: Víctor Cuadrado Juan <[email protected]>
@viccuad viccuad merged commit b62ceef into kubewarden:main Jan 10, 2025
3 of 4 checks passed
@kravciak kravciak mentioned this pull request Jan 13, 2025
Closed
@kravciak kravciak mentioned this pull request Feb 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flavio flavio flavio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ensure SLSA Lvl 3 for kubectl image in helm-charts
2 participants
@viccuad @flavio