File tree Expand file tree Collapse file tree 6 files changed +27
-10
lines changed
deploy/charts/istio-operator Expand file tree Collapse file tree 6 files changed +27
-10
lines changed Original file line number Diff line number Diff line change 1+ ARG GID=1000
2+ ARG UID=1000
3+
14# Build the manager binary
25FROM golang:1.18 as builder
6+ ARG GID
7+ ARG UID
8+
9+ # Create user and group
10+ RUN groupadd -g ${GID} appgroup && \
11+ useradd -u ${UID} --gid appgroup appuser
312
413WORKDIR /workspace
514# Copy the Go Modules manifests
@@ -29,8 +38,14 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 make build
2938# Use distroless as minimal base image to package the manager binary
3039# Refer to https://github.com/GoogleContainerTools/distroless for more details
3140FROM gcr.io/distroless/static:nonroot
41+ ARG GID
42+ ARG UID
43+
3244WORKDIR /
3345COPY --from=builder /workspace/bin/manager /manager
34- USER nonroot:nonroot
46+
47+ COPY --from=builder /etc/passwd /etc/passwd
48+ COPY --from=builder /etc/group /etc/group
49+ USER ${UID}:${GID}
3550
3651ENTRYPOINT ["/manager" ]
Original file line number Diff line number Diff line change @@ -17,7 +17,7 @@ EMBEDDED_CHART_REL_TAG ?= deploy/charts/v${CHART_VERSION}
1717HELM_CHART_REL_TAG ?= chart/istio-operator/${CHART_VERSION}
1818
1919GOLANGCI_VERSION = 1.45.2
20- LICENSEI_VERSION = 0.4 .0
20+ LICENSEI_VERSION = 0.7 .0
2121ENVTEST_K8S_VERSION = 1.24.2
2222KUSTOMIZE_VERSION = 4.1.2
2323ISTIO_VERSION = 1.16.1
Original file line number Diff line number Diff line change @@ -11,5 +11,5 @@ icon: https://istio.io/latest/img/istio-whitelogo-bluebackground-framed.svg
1111# Based on support status of Istio releases: https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases
1212kubeVersion : " >= 1.22.0-0 < 1.26.0-0"
1313
14- version : 2.1.0
15- appVersion : " v2.16.0 "
14+ version : 2.1.1
15+ appVersion : " v2.16.1 "
Original file line number Diff line number Diff line change @@ -33,7 +33,7 @@ The following table lists the configurable parameters of the Banzaicloud Istio O
3333| Parameter | Description | Default |
3434| ------------------------------------------------| -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------------------------------------------------------------------------------------|
3535| ` image.repository ` | Operator container image repository | ` ghcr.io/banzaicloud/istio-operator ` |
36- | ` image.tag ` | Operator container image tag | ` v2.16.0 ` |
36+ | ` image.tag ` | Operator container image tag | ` v2.16.1 ` |
3737| ` image.pullPolicy ` | Operator container image pull policy | ` IfNotPresent ` |
3838| ` replicaCount ` | Operator deployment replica count | ` 1 ` |
3939| ` extraArgs ` | Operator deployment arguments | ` [] ` |
Original file line number Diff line number Diff line change 4343 ports :
4444 - containerPort : 8443
4545 name : https
46+ securityContext :
47+ {{- toYaml .Values.securityContext | nindent 10 }}
4648 {{- end }}
4749 - command :
4850 - /manager
Original file line number Diff line number Diff line change 11image :
22 repository : ghcr.io/banzaicloud/istio-operator
3- tag : " v2.16.0 "
3+ tag : " v2.16.1 "
44 pullPolicy : IfNotPresent
55replicaCount : 1
66extraArgs : []
@@ -11,11 +11,11 @@ resources:
1111podAnnotations :
1212 sidecar.istio.io/inject : " false"
1313podSecurityContext :
14- fsGroup : 1337
15- securityContext :
16- runAsUser : 1337
17- runAsGroup : 1337
1814 runAsNonRoot : true
15+ seccompProfile :
16+ type : RuntimeDefault
17+ securityContext :
18+ allowPrivilegeEscalation : false
1919 capabilities :
2020 drop :
2121 - ALL
You can’t perform that action at this time.
0 commit comments