[skip-ci] Update artifacts

Merge pull request #281 from ruinshe/add-container-sc-support
Add container security context support for Helm chart
2026-02-14 18:09:50 +00:00 · 2022-02-27 18:58:50 +00:00 · 2022-02-27 19:50:15 +01:00 · 2022-02-27 18:40:03 +00:00 · 2022-02-27 19:31:29 +01:00 · 2022-02-27 10:16:42 +01:00
11 changed files with 67 additions and 25 deletions
--- a/17
+++ b/17
@@ -1,8 +1,13 @@
+ARG BUILDER_IMAGE
+ARG BASE_IMAGE
+
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM} golang:1.17.2 as builder
+FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.17.2} as builder

 ARG TARGETOS
 ARG TARGETARCH
+ARG GOPROXY
+ARG GOPRIVATE

 WORKDIR /workspace

@@ -19,11 +24,17 @@ COPY internal/ internal/
 COPY pkg/ pkg/

 # Build
-RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build  -mod=mod -a -o manager main.go
+RUN CGO_ENABLED=0 \
+    GOOS=${TARGETOS} \
+    GOARCH=${TARGETARCH} \
+    GOPROXY=${GOPROXY} \
+    GOPRIVATE=${GOPRIVATE} \
+    GO111MODULE=on \
+    go build -mod=mod -a -o manager main.go

 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM ${BASE_IMAGE:-gcr.io/distroless/static:nonroot}
 WORKDIR /
 COPY --from=builder /workspace/manager .
 USER 65532:65532
--- a/17
+++ b/17
@@ -6,7 +6,8 @@ OS ?= linux
 ARCH ?= ???
 ALL_ARCH ?= arm64 arm amd64

-BUILDER ?= reloader-builder-${ARCH}
+BUILDER_IMAGE ?=
+BASE_IMAGE    ?=
 BINARY ?= Reloader
 DOCKER_IMAGE ?= stakater/reloader

@@ -20,6 +21,8 @@ BUILD=
 GOCMD = go
 GOFLAGS ?= $(GOFLAGS:)
 LDFLAGS =
+GOPROXY   ?=
+GOPRIVATE ?=

 default: build test

@@ -33,7 +36,17 @@ build:
 	"$(GOCMD)" build ${GOFLAGS} ${LDFLAGS} -o "${BINARY}"

 build-image:
-	docker buildx build --platform ${OS}/${ARCH} --build-arg GOARCH=$(ARCH) -t "${REPOSITORY_ARCH}" --load -f Dockerfile .
+	docker buildx build \
+		--platform ${OS}/${ARCH} \
+		--build-arg GOARCH=$(ARCH) \
+		--build-arg BUILDER_IMAGE=$(BUILDER_IMAGE) \
+		--build-arg BASE_IMAGE=${BASE_IMAGE} \
+		--build-arg GOPROXY=${GOPROXY} \
+		--build-arg GOPRIVATE=${GOPRIVATE} \
+		-t "${REPOSITORY_ARCH}" \
+		--load \
+		-f Dockerfile \
+		.

 push:
 	docker push ${REPOSITORY_ARCH}
--- a/deployments/kubernetes/chart/reloader/Chart.yaml
+++ b/deployments/kubernetes/chart/reloader/Chart.yaml
@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: v0.0.106
-appVersion: v0.0.106
+version: v0.0.108
+appVersion: v0.0.108
 keywords:
  - Reloader
  - kubernetes
--- a/deployments/kubernetes/chart/reloader/templates/deployment.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/deployment.yaml
@@ -114,6 +114,10 @@ spec:
          periodSeconds: {{ .Values.reloader.deployment.readinessProbe.periodSeconds | default "10" }}
          successThreshold: {{ .Values.reloader.deployment.readinessProbe.successThreshold | default "1" }}

+      {{- with .Values.reloader.deployment.containerSecurityContext }}
+        securityContext: {{ toYaml . | nindent 10 }}
+      {{- end }}
+
      {{- if eq .Values.reloader.readOnlyRootFileSystem true }}
        volumeMounts:
          - mountPath: /tmp/
--- a/deployments/kubernetes/chart/reloader/values.yaml
+++ b/deployments/kubernetes/chart/reloader/values.yaml
@@ -43,6 +43,13 @@ reloader:
      runAsNonRoot: true
      runAsUser: 65534

+    containerSecurityContext: {}
+      # capabilities:
+      #   drop:
+      #     - ALL
+      # allowPrivilegeEscalation: false
+      # readOnlyRootFilesystem: true
+
    # A list of tolerations to be applied to the Deployment.
    # Example:
    #   tolerations:
@@ -55,10 +62,10 @@ reloader:
    labels:
      provider: stakater
      group: com.stakater.platform
-      version: v0.0.106
+      version: v0.0.108
    image:
      name: stakater/reloader
-      tag: v0.0.106
+      tag: v0.0.108
      pullPolicy: IfNotPresent
    # Support for extra environment variables.
    env:
--- a/deployments/kubernetes/manifests/clusterrole.yaml
+++ b/deployments/kubernetes/manifests/clusterrole.yaml
@@ -9,7 +9,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v0.0.106"
+    chart: "reloader-v0.0.108"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
--- a/deployments/kubernetes/manifests/clusterrolebinding.yaml
+++ b/deployments/kubernetes/manifests/clusterrolebinding.yaml
@@ -9,7 +9,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v0.0.106"
+    chart: "reloader-v0.0.108"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
--- a/deployments/kubernetes/manifests/deployment.yaml
+++ b/deployments/kubernetes/manifests/deployment.yaml
@@ -8,13 +8,13 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v0.0.106"
+    chart: "reloader-v0.0.108"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
    group: com.stakater.platform
    provider: stakater
-    version: v0.0.106
+    version: v0.0.108
  name: reloader-reloader
  namespace: default
 spec:
@@ -28,16 +28,16 @@ spec:
    metadata:
      labels:
        app: reloader-reloader
-        chart: "reloader-v0.0.106"
+        chart: "reloader-v0.0.108"
        release: "reloader"
        heritage: "Helm"
        app.kubernetes.io/managed-by: "Helm"
        group: com.stakater.platform
        provider: stakater
-        version: v0.0.106
+        version: v0.0.108
    spec:
      containers:
-      - image: "stakater/reloader:v0.0.106"
+      - image: "stakater/reloader:v0.0.108"
        imagePullPolicy: IfNotPresent
        name: reloader-reloader

--- a/deployments/kubernetes/manifests/serviceaccount.yaml
+++ b/deployments/kubernetes/manifests/serviceaccount.yaml
@@ -8,7 +8,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v0.0.106"
+    chart: "reloader-v0.0.108"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
--- a/deployments/kubernetes/reloader.yaml
+++ b/deployments/kubernetes/reloader.yaml
@@ -8,7 +8,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v0.0.106"
+    chart: "reloader-v0.0.108"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
@@ -25,7 +25,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v0.0.106"
+    chart: "reloader-v0.0.108"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
@@ -73,7 +73,7 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v0.0.106"
+    chart: "reloader-v0.0.108"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
@@ -97,13 +97,13 @@ metadata:
    meta.helm.sh/release-name: "reloader"
  labels:
    app: reloader-reloader
-    chart: "reloader-v0.0.106"
+    chart: "reloader-v0.0.108"
    release: "reloader"
    heritage: "Helm"
    app.kubernetes.io/managed-by: "Helm"
    group: com.stakater.platform
    provider: stakater
-    version: v0.0.106
+    version: v0.0.108
  name: reloader-reloader
  namespace: default
 spec:
@@ -117,16 +117,16 @@ spec:
    metadata:
      labels:
        app: reloader-reloader
-        chart: "reloader-v0.0.106"
+        chart: "reloader-v0.0.108"
        release: "reloader"
        heritage: "Helm"
        app.kubernetes.io/managed-by: "Helm"
        group: com.stakater.platform
        provider: stakater
-        version: v0.0.106
+        version: v0.0.108
    spec:
      containers:
-      - image: "stakater/reloader:v0.0.106"
+      - image: "stakater/reloader:v0.0.108"
        imagePullPolicy: IfNotPresent
        name: reloader-reloader

--- a/deployments/kubernetes/templates/chart/values.yaml.tmpl
+++ b/deployments/kubernetes/templates/chart/values.yaml.tmpl
@@ -43,6 +43,13 @@ reloader:
      runAsNonRoot: true
      runAsUser: 65534

+    containerSecurityContext: {}
+      # capabilities:
+      #   drop:
+      #     - ALL
+      # allowPrivilegeEscalation: false
+      # readOnlyRootFilesystem: true
+
    # A list of tolerations to be applied to the Deployment.
    # Example:
    #   tolerations:
Author	SHA1	Message	Date
stakater-user	5040a4236a	[skip-ci] Update artifacts	2022-02-27 18:58:50 +00:00
Faizan Ahmad	f6cbc005fc	Merge pull request #281 from ruinshe/add-container-sc-support Add container security context support for Helm chart	2022-02-27 19:50:15 +01:00
stakater-user	91774c941f	[skip-ci] Update artifacts	2022-02-27 18:40:03 +00:00
Faizan Ahmad	db0e127563	Merge pull request #282 from AyoyAB/feature/enable-internal-build Enable internal builds without direct Internet access	2022-02-27 19:31:29 +01:00
John Allberg	3671d33447	Enable setting GOPROXY and GOPRIVATE during build.	2022-02-27 10:16:42 +01:00
John Allberg	e85176b5a7	Make build command more readable.	2022-02-27 10:16:42 +01:00
John Allberg	7941de60ac	Enable setting builder and base image during build.	2022-02-27 10:16:38 +01:00
Ruins He	fa75df8e96	feat(kubernetes/chart): add container security context configuration into values.yaml.tpl Signed-off-by: Ruins He <lyhypacm@gmail.com>	2022-01-03 18:22:43 +08:00
Ruins He	21087aaddc	feat(kubernetes/chart): add container security context support for Helm chart Signed-off-by: Ruins He <lyhypacm@gmail.com>	2022-01-03 18:00:15 +08:00