From 444c592d616299f7e261e44c52e5a2a0c964fc99 Mon Sep 17 00:00:00 2001 From: Jerry Sun Date: Wed, 31 Jan 2024 09:54:46 -0500 Subject: [PATCH] Upversion Portieris to 0.13.10 This commit upversions Portieris to version 0.13.10. The upversioning addresses CVEs in the previons (0.13.1) Portieris image. The additional toleration is to allow Portieris pods to be scheduled. Without it, application apply fails. The taint used to be "master" in older releases, but has been changed to "control-plane". Keeping both for backwards compatibility and upgrades. Test Cases: PASS: Apply new verison of Portieris. Apply an imagepolicy. Ensure that a signed image can be used and an unsigned image is denied according to the imagepolicy. PASS: Remove all user created imagepolicies and try to use the unsigned image. Ensure that by default, unsigned images are allowed. Closes-bug: 2051611 Change-Id: Id621d91ed41a705035713ff59439f59211e035f5 Signed-off-by: Jerry Sun --- portieris-helm/debian/deb_folder/rules | 2 +- portieris-helm/debian/meta_data.yaml | 6 +++--- .../fluxcd-manifests/portieris/helmrelease.yaml | 2 +- .../portieris/portieris-static-overrides.yaml | 7 +++++-- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/portieris-helm/debian/deb_folder/rules b/portieris-helm/debian/deb_folder/rules index ffe220c..bfbf7f4 100755 --- a/portieris-helm/debian/deb_folder/rules +++ b/portieris-helm/debian/deb_folder/rules @@ -3,7 +3,7 @@ export ROOT = debian/tmp export CHART_FOLDER = $(ROOT)/usr/lib/helm -export PORTIERIS_VERSION = v0.13.1 +export PORTIERIS_VERSION = v0.13.10 export PORTIERIS_TARBALL = portieris-$(PORTIERIS_VERSION).tgz %: diff --git a/portieris-helm/debian/meta_data.yaml b/portieris-helm/debian/meta_data.yaml index c925a4d..e6a7f27 100644 --- a/portieris-helm/debian/meta_data.yaml +++ b/portieris-helm/debian/meta_data.yaml @@ -2,9 +2,9 @@ debname: portieris-helm debver: 1.0-1 dl_path: - name: portieris-0.13.1.tgz - url: https://github.com/IBM/portieris/archive/refs/tags/v0.13.1.tar.gz - md5sum: 3c5b2a092172dfd0fd51d4319305680f + name: portieris-0.13.10.tgz + url: https://github.com/IBM/portieris/archive/refs/tags/v0.13.10.tar.gz + sha256sum: 8377029dc885bd50ff459ddc0d01aa274921b0024cc63bf969f2e72bf4b56f11 src_files: - files/index.yaml - files/repositories.yaml diff --git a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/helmrelease.yaml b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/helmrelease.yaml index f8b0f9b..9902a82 100644 --- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/helmrelease.yaml +++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/helmrelease.yaml @@ -15,7 +15,7 @@ spec: chart: spec: chart: portieris - version: 0.13.1 + version: 0.13.10 sourceRef: kind: HelmRepository name: stx-platform diff --git a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml index 982ede0..da14eaf 100644 --- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml +++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml @@ -8,15 +8,18 @@ replicaCount: 3 namespace: portieris images: tags: - portieris: icr.io/portieris/portieris:v0.13.1 + portieris: icr.io/portieris/portieris:v0.13.10 image: host: registry.local:9001/icr.io/portieris pullSecret: default-registry-key image: portieris - tag: v0.13.1 + tag: v0.13.10 tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" SkipSecretCreation: true UseCertManager: true