Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use SHA digests instead of tags in operator bundle #848

Merged
merged 1 commit into from
Sep 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ spec:
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=0
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
image: gcr.io/kubebuilder/kube-rbac-proxy@sha256:d4883d7c622683b3319b5e6b3a7edfbf2594c18060131a8bf64504805f875522
name: kube-rbac-proxy
ports:
- containerPort: 8443
Expand All @@ -245,7 +245,7 @@ spec:
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
- --leader-election-id=directpv-operator
image: quay.io/minio/directpv-operator:4.0.7
image: quay.io/minio/directpv-operator@sha256:dadf28674b15c256bc5dec3e99d90f811ea3ac1fdee17c51e2928063a5341e5e
livenessProbe:
httpGet:
path: /healthz
Expand Down
2 changes: 1 addition & 1 deletion operator/config/default/manager_auth_proxy_patch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ spec:
capabilities:
drop:
- "ALL"
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
image: gcr.io/kubebuilder/kube-rbac-proxy@sha256:d4883d7c622683b3319b5e6b3a7edfbf2594c18060131a8bf64504805f875522
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
Expand Down
6 changes: 3 additions & 3 deletions operator/config/manager/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@ resources:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
newName: quay.io/cniackz4/directpv-operator
newTag: 4.0.7
- digest: sha256:dadf28674b15c256bc5dec3e99d90f811ea3ac1fdee17c51e2928063a5341e5e
name: controller
newName: quay.io/minio/directpv-operator
9 changes: 8 additions & 1 deletion release-operator.sh
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,9 @@ function update_charts() {
function make_release() {
export IMAGE_TAG_BASE=quay.io/minio/directpv-operator
export IMG="${IMAGE_TAG_BASE}:${BUILD_VERSION}"
SHA_DIGEST=$("${PODMAN}" pull "${IMAGE_TAG_BASE}":"${BUILD_VERSION}" | grep Digest | awk -F ' ' '{print $2}')
export SHA_DIGEST
export DIGEST="${IMAGE_TAG_BASE}@${SHA_DIGEST}"
export BUNDLE_GEN_FLAGS="-q --overwrite --version ${BUILD_VERSION} --package minio-directpv-operator-rhmp"
export BUNDLE_IMG="${IMAGE_TAG_BASE}-bundle:v${BUILD_VERSION}"

Expand All @@ -124,7 +127,11 @@ function make_release() {
git_commit "Update operator for v${BUILD_VERSION}"

"${OPERATOR_SDK}" generate kustomize manifests --quiet --package minio-directpv-operator-rhmp
(cd config/manager && "${KUSTOMIZE}" edit set image controller="${IMG}")
# Controller image, should be in SHA Digest form for RHMP to pass test:
# verify-pinned-digest where all your container images should use SHA digests instead of tags.
# Example:
# (cd config/manager && kustomize edit set image controller=quay.io/cniackz4/directpv-operator@sha256:04fec2fbd0d17f449a17c0f509b359c18d6c662e0a22e84cd625b538ca2a1af2)
(cd config/manager && "${KUSTOMIZE}" edit set image controller="${DIGEST}")
# shellcheck disable=SC2086
"${KUSTOMIZE}" build config/manifests | "${OPERATOR_SDK}" generate bundle ${BUNDLE_GEN_FLAGS}
# Since above line overwrites our redhat annotation,
Expand Down
Loading