public_git
/
postgres-operator
mirror of https://github.com/zalando/postgres-operator.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,387 Commits 372 Branches 26 Tags 102 MiB
Commit Graph

14 Commits

Author SHA1 Message Date
Matthias Adler 2ef7d58578
chore: update package dependencies when building image (#2665) 
* chore: update package dependencies when building image

Install available updates alongside installation of packages to remove known vulnerabilities from images.

Example for issues in plain alpine:3 image (v3.20):

```sh
$ grype alpine:3
 ✔ Vulnerability DB                [updated]
 ✔ Loaded image                                                            alpine:3
 ✔ Parsed image                    sha256:1d34ffeaf190be23d3de5a8de0a436676b758f48f
 ✔ Cataloged contents              dac15f325cac528994a5efe78787cd03bdd796979bda52fd
   ├── ✔ Packages                        [14 packages]
   ├── ✔ File digests                    [77 files]
   ├── ✔ File metadata                   [77 locations]
   └── ✔ Executables                     [17 executables]
 ✔ Scanned for vulnerabilities     [8 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 6 medium, 0 low, 0 negligible (2 unknown)
   └── by status:   8 fixed, 0 not-fixed, 0 ignored
NAME           INSTALLED   FIXED-IN    TYPE  VULNERABILITY   SEVERITY
busybox        1.36.1-r28  1.36.1-r29  apk   CVE-2023-42365  Medium
busybox        1.36.1-r28  1.36.1-r29  apk   CVE-2023-42364  Medium
busybox-binsh  1.36.1-r28  1.36.1-r29  apk   CVE-2023-42365  Medium
busybox-binsh  1.36.1-r28  1.36.1-r29  apk   CVE-2023-42364  Medium
libcrypto3     3.3.0-r2    3.3.0-r3    apk   CVE-2024-4741   Unknown
libssl3        3.3.0-r2    3.3.0-r3    apk   CVE-2024-4741   Unknown
ssl_client     1.36.1-r28  1.36.1-r29  apk   CVE-2023-42365  Medium
ssl_client     1.36.1-r28  1.36.1-r29  apk   CVE-2023-42364  Medium
```

Issue would be solved by also upgrading installed packages:

```sh
$ apk -U upgrade --no-cache
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz
(1/5) Upgrading busybox (1.36.1-r28 -> 1.36.1-r29)
Executing busybox-1.36.1-r29.post-upgrade
(2/5) Upgrading busybox-binsh (1.36.1-r28 -> 1.36.1-r29)
(3/5) Upgrading libcrypto3 (3.3.0-r2 -> 3.3.1-r0)
(4/5) Upgrading libssl3 (3.3.0-r2 -> 3.3.1-r0)
(5/5) Upgrading ssl_client (1.36.1-r28 -> 1.36.1-r29)
Executing busybox-1.36.1-r29.trigger
OK: 8 MiB in 14 packages
```

Furthermore, this commit reduces accidental complexity from the Docker build process.
Most notably, use pre-made official golang images for building postgres-operator.

* Update docker/DebugDockerfile

---------

Co-authored-by: Ida Novindasari <idanovinda@gmail.com>
 2024-06-18 17:21:03 +02:00
Håkon Solbjørg 06947eed28
chore(build): Add OCI label for container image source (#2541) 
As specified in the OpenContainers Annotations Spec:
https://specs.opencontainers.org/image-spec/annotations/
 2024-03-04 09:39:45 +01:00
Jan Mussler 9d52a95782
User Alpine 3 to stay up to date (#2488) 
User Alpine 3 to stay up to date
 2024-01-03 16:48:22 +01:00
Polina Bungina a9c6d46f7d
Add pipeline to publish ghcr multi-arch image (#2268) 
Refactor operator image build process
Add a pipeline to build and publish arm64/amd64 image in ghcr on every
pushed tag
 2023-04-17 15:28:27 +02:00
Philip Haberkern 920f3dee3e
bumped to alpine base image 3.15 (#2027) 
* Bumped Alpine to 3.15

Co-authored-by: Philip Haberkern <Philip.haberkern>
 2022-10-18 11:02:04 +02:00
Felix Kunde ff46bb069b
update docker base images and UI dependencies (#1302) 
* update docker base images and UI dependencies
* use latest compliant base image
 2021-01-13 10:40:55 +01:00
Tom Stewart f6c51abff6
update depreciated MAINTAINER field (#1276) 2021-01-04 11:52:08 +01:00
Jan Mussler 7f7beba66b
Improving e2e more (#1185) 
* Add curl to operator image.

* Wait for idle operator in delete.
 2020-10-29 13:59:22 +01:00
Felix Kunde 4fc5822b24
Update docs for v1.2 (#609) 
* update docs and move parts from README to index.md
* fix typos, headings and code alignment in docs
 2019-07-11 17:19:27 +02:00
Erik Inge Bolsø 028b834ea6 postgres-operator deployment template: run operator as non-root, and with readonly filesystem (#582) 2019-06-14 15:47:08 +02:00
Murat Kabilov ae77fa15e8 Pod Rolling update 
introduce Pod events channel;
add parsing of the MaintenanceWindows section;
skip deleting Etcd key on cluster delete;
use external etcd host;
watch for tpr/pods in the namespace of the operator pod only;
 2017-05-12 11:41:25 +02:00
Murat Kabilov 6e2d64bd50 Create human users from teams api 2017-05-12 11:37:09 +02:00
Murat Kabilov 75e6bfa55c makefile improvements 2017-05-12 11:37:07 +02:00
Oleksandr Shulgin 7974dc8c4e Move Dockerfile to a subdir for smaller build context 2017-05-12 11:36:22 +02:00