Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use non distroless image for dex #11219

Merged
merged 2 commits into from Nov 9, 2022
Merged

fix: use non distroless image for dex #11219

merged 2 commits into from Nov 9, 2022

Conversation

34fathombelow
Copy link
Member

@34fathombelow 34fathombelow commented Nov 7, 2022
edited

Signed-off-by: Justin Marquis 34fathombelow@protonmail.com
Closes #11182
Closes #11105
Closes #11071

This PR reverts using a distroless image for Dex. There are permission errors between ArgoCD-dex & Dex binaries.

Two workarounds were tested successfully

  1. Set securityContext.fsGroup=999 at the pod level
    or
  2. Set securityContext.runAsUser=999 at the container level.

First class stability and compatability should be provided. Rather than using a workaround that may be incompatible with certain cluster types.

Big thanks to @pdrastil for testing and verifying the workarounds and fix.

@34fathombelow
fix: use non distroless image for dex
66cc056 
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
@codecov
Copy link

codecov bot commented Nov 7, 2022
edited

Codecov Report

Base: 45.60% // Head: 45.60% // No change to project coverage 👍

Coverage data is based on head (4e03f52) compared to base (4d6d204).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #11219   +/-   ##
=======================================
  Coverage   45.60%   45.60%           
=======================================
  Files         239      239           
  Lines       28973    28973           
=======================================
  Hits        13214    13214           
  Misses      13940    13940           
  Partials     1819     1819
Impacted Files Coverage Δ
util/settings/settings.go 51.25% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@34fathombelow
change image in ci workflow
4e03f52 
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
crenshaw-dev
crenshaw-dev approved these changes Nov 7, 2022
View reviewed changes
Copy link
Collaborator

@crenshaw-dev crenshaw-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. Thanks to you both!

@crenshaw-dev crenshaw-dev added cherry-pick/2.5 cherry-pick/2.3 Candidate for cherry picking into the 2.3 release branch cherry-pick/2.4 Candidate for cherry picking into the 2.4 release branch labels Nov 7, 2022
This was referenced Nov 7, 2022
Closed
Merged
@crenshaw-dev crenshaw-dev merged commit 1a8dd24 into argoproj:master Nov 9, 2022
crenshaw-dev pushed a commit that referenced this pull request Nov 9, 2022
@34fathombelow @crenshaw-dev
fix: use non distroless image for dex (#11219)
64b29fe 
* fix: use non distroless image for dex

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* change image in ci workflow

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
crenshaw-dev pushed a commit that referenced this pull request Nov 9, 2022
@34fathombelow @crenshaw-dev
fix: use non distroless image for dex (#11219)
b8feaf4 
* fix: use non distroless image for dex

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* change image in ci workflow

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
crenshaw-dev pushed a commit that referenced this pull request Nov 9, 2022
@34fathombelow @crenshaw-dev
fix: use non distroless image for dex (#11219)
1963768 
* fix: use non distroless image for dex

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* change image in ci workflow

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
@crenshaw-dev
Copy link
Collaborator

Cherry-picked onto release-2.3 for 2.3.12, release-2.4 for 2.4.18, and release-2.5 for 2.5.3.

@34fathombelow 34fathombelow deleted the dex-nondistroless branch November 9, 2022 14:37
@mconigliaro mconigliaro mentioned this pull request Nov 21, 2022
Open
3 tasks
ashutosh16 pushed a commit to ashutosh16/argo-cd that referenced this pull request Nov 23, 2022
@34fathombelow @ashutosh16
fix: use non distroless image for dex (argoproj#11219)
f9749f5 
* fix: use non distroless image for dex

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* change image in ci workflow

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
emirot pushed a commit to emirot/argo-cd that referenced this pull request Jan 27, 2023
@34fathombelow @emirot
fix: use non distroless image for dex (argoproj#11219)
4f8c2c2 
* fix: use non distroless image for dex

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

* change image in ci workflow

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>

Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
Signed-off-by: emirot <emirot.nolan@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crenshaw-dev crenshaw-dev crenshaw-dev approved these changes

Assignees
No one assigned
Labels
cherry-pick/2.3 Candidate for cherry picking into the 2.3 release branch cherry-pick/2.4 Candidate for cherry picking into the 2.4 release branch cherry-pick/2.5
Projects
None yet
Milestone
No milestone
2 participants
@34fathombelow @crenshaw-dev