hubble: fix Hubble Relay BASE_IMAGE #23636
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kaworu
added
kind/bug
rolinh
approved these changes
Feb 8, 2023
kaworu
force-pushed
the
pr/kaworu/fix-hubble-relay-BASE_IMAGE
branch
from
f3261fe
to
6003d73
Compare
rolinh
approved these changes
Feb 8, 2023
This reverts commit fc2ce0f. Hubble Relay's base image, distroless nonroot, already set WORKDIR to /home/nonroot so setting it in the Hubble Relay Dockerfile is a no-op: % docker image inspect -f '{{.Config.WorkingDir}}' gcr.io/distroless/static-debian11:nonroot /home/nonroot Signed-off-by: Alexandre Perrin <alex@isovalent.com>
95a4d37 ("hubble-relay: use distroless as the base image and run as non-root") attempted to use distroless as base image for Hubble Relay instead of scratch. However, when running `make docker-hubble-relay-image` the image would be built with `--build-arg BASE_IMAGE=scratch` effectively overriding the base image "back" to scratch. This patch make it so BASE_IMAGE is only overridden when set, and honor the Dockerfile's BASE_IMAGE otherwise. Signed-off-by: Alexandre Perrin <alex@isovalent.com>
Before this patch, it was not possible to disable gops for Hubble Relay through Helm. Signed-off-by: Alexandre Perrin <alex@isovalent.com>
kaworu
force-pushed
the
pr/kaworu/fix-hubble-relay-BASE_IMAGE
branch
from
6003d73
to
f256fad
Compare
|
/test Job 'Cilium-PR-K8s-1.16-kernel-4.9' hit: #22578 (97.53% similarity) |
gandro
approved these changes
Feb 9, 2023
|
/test-1.16-4.9 EDIT: previous run hit #22578 |
|
/ci-gke EDIT: previous run hit #22368 |
nebril
approved these changes
Feb 10, 2023
|
/ci-verifier EDIT: previous run stuck in Expected — Waiting for status to be reported |
maintainer-s-little-helper
bot
added
the
ready-to-merge
|
@kaworu FYI, you don't have to rerun the test if they failed with a known flake and it's clear it's unrelated. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
95a4d37 ("hubble-relay: use distroless as the base image and run as non-root") attempted to use distroless as base image for Hubble Relay instead of
scratch.However, when running
make docker-hubble-relay-imagethe image would be built with--build-arg BASE_IMAGE=scratcheffectively overriding the base image "back" toscratch.This patch make it so
BASE_IMAGEis only overridden when set, and honor the Dockerfile'sBASE_IMAGEotherwise.Fix #23374, #23533