Kubebuilder: Update kube-rbac-proxy to v0.8.0 release

Created on 4 Nov 2020 · 14Comments · Source: kubernetes-sigs/kubebuilder

Per brancz/kube-rbac-proxy#99 (comment) has been pushed to quay.io/brancz/kube-rbac-proxy:v0.8.0. What is the process to update the gcr.io/kubebuilder/kube-rbac-proxy? Is this hand tagged and pushed by a maintainer?

Could you push it or retag it ? Thanks.

/kind bug

kinfeature prioritimportant-soon triagaccepted

Source

hectorj2f

Most helpful comment

just to register here: Why it is important we have the latest release for and update the kubebuilder scaffolds to use it as soon as possible?

The latest images contain a fix https://github.com/brancz/kube-rbac-proxy/pull/86 to make the images rootless to solve critical security concerns. More info: https://github.com/kubernetes-sigs/kubebuilder/issues/1637. So, I am setting its milestone as 3.1.0.

c/c @estroz @DirectXMan12 @droot

camilamacedo86 on 16 Dec 2020

❤1 👍1

All 14 comments

Hi @hectorj2f,

It has been done manually. @DirectXMan12 @vincepri @droot could you please give a hand with this one?

camilamacedo86 on 4 Nov 2020

Thanks @camilamacedo86.

hectorj2f on 5 Nov 2020

@DirectXMan12 @vincepri @droot Is there any way I could help with the release process/tagging for this new kube-rbac-proxy release 🙏🏻 ?

hectorj2f on 9 Nov 2020

Hi @hectorj2f,

In the Kubebuilder, Controller Runtime, and Controller Tools meeting latest week we spoke about it. The current images built and pushed manually to gcr.io/kubebuilder/kube-rbac-proxy . And then, the author of https://github.com/brancz/kube-rbac-proxy has the intention to donate the project to k8s org, however, until it be done we need to automate it from the repo https://github.com/brancz/kube-rbac-proxy.

Currently has a little people with the requires access to push the images, so @DirectXMan12 would like to address it via automation instead of we still manually doing this work. @paulfantom, could you give a hand to us to achieve it?

So, far as a workaround, you can update your manager manifest yaml files to use the https://github.com/brancz/kube-rbac-proxy released images directly instead of it.

camilamacedo86 on 9 Nov 2020

👍1

We need to the same that is done in https://github.com/brancz/kube-rbac-proxy/blob/master/.github/workflows/build.yml#L35-L42 to push the image to quay, however, to push the image to gcr.io/kubebuilder/kube-rbac-proxy

camilamacedo86 on 11 Nov 2020

Just to register. We need to use the latest version of kube-rbac-proxy because the previous one is not rotless. More info: https://github.com/kubernetes-sigs/kubebuilder/issues/1637

camilamacedo86 on 18 Nov 2020

@camilamacedo86 is there any update here ?

hectorj2f on 2 Dec 2020

Hi @hectorj2f,

Unfortunately, I didn't have time to continue to see it. Would you like to help us with this one?
If yes, please feel free to ping me in the slack. However, the what we need to do here is to:

Automate the building push to gcr.io/kubebuilder/kube-rbac-proxy when a new tag release is pushed in the brancz/kube-rbac-proxy#99. See: https://github.com/brancz/kube-rbac-proxy/blob/master/.github/workflows/build.yml#L35-L42
After we have a new image in gcr.io/kubebuilder/kube-rbac-proxy we can update the scaffolds.

camilamacedo86 on 7 Dec 2020

@camilamacedo86 I'd check what I can do ;), to speed things and get this done asap.

hectorj2f on 7 Dec 2020

🚀1

just to register here: Why it is important we have the latest release for and update the kubebuilder scaffolds to use it as soon as possible?

c/c @estroz @DirectXMan12 @droot

camilamacedo86 on 16 Dec 2020

❤1 👍1

@hectorj2f did you get a chance to look into building the latest kube-rbac-proxy image? We also share similar concerns in kubernetes-sigs/cluster-api. Happy to pick it up if you're not working on it.

/cc @vincepri