From 52b59606d591c61f22b63e0b844312b592cf28e9 Mon Sep 17 00:00:00 2001 From: Ravi Singal <62086374+ravisingal@users.noreply.github.com> Date: Wed, 24 Apr 2024 12:05:35 +0530 Subject: [PATCH] chore: add image pull secrets to server tag job (#147) * chore: add image pull secrets to server tag job * update tirvy ignores --- .trivyignore | 4 ++++ helm/templates/server/tags-job.yaml | 5 ++--- helm/values.yaml | 9 ++++----- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.trivyignore b/.trivyignore index 87c2144..868b43d 100644 --- a/.trivyignore +++ b/.trivyignore @@ -3,3 +3,7 @@ CVE-2023-38647 exp:2024-06-30 # org.apache.avro:avro (from upstream opensource shaded dependency. will be taken care during upgrade.) CVE-2023-39410 exp:2024-06-30 + +# org.apache.commons:commons-compress +CVE-2024-25710 exp:2024-06-30 +CVE-2024-26308 exp:2024-06-30 diff --git a/helm/templates/server/tags-job.yaml b/helm/templates/server/tags-job.yaml index 52631ea..5c42775 100644 --- a/helm/templates/server/tags-job.yaml +++ b/helm/templates/server/tags-job.yaml @@ -23,6 +23,8 @@ spec: spec: restartPolicy: Never serviceAccountName: {{ include "pinot.server.serviceAccountName" . }} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} containers: - name: {{ include "pinot.server.fullname" . }}-tags image: {{ .Values.server.tagJob.image.repository }}:{{ .Values.server.tagJob.image.tag }} @@ -36,9 +38,6 @@ spec: exit $code } trap finish EXIT - {{- if .Values.server.tagJobWaitforSideCar }} - until curl -s --head localhost:15000; do echo "$(date) waiting for sidecar"; sleep 3; done - {{- end }} until [ "$(curl -s --head --connect-timeout 3 -o /dev/null -w '%{http_code}\n' 'http://{{ include "pinot.controller.fullname" . }}-svc:{{ int $.Values.controller.service.port }}/')" == "200" ]; do echo "$(date) waiting for {{ include "pinot.controller.fullname" . }} service" sleep 3 diff --git a/helm/values.yaml b/helm/values.yaml index ad671a2..8bf9e8f 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -150,7 +150,7 @@ controller: port: 7071 image: repository: hypertrace/prometheus-jmx-exporter - tag: 0.1.5 + tag: 0.1.6 pullPolicy: IfNotPresent resources: requests: @@ -266,7 +266,7 @@ broker: port: 7072 image: repository: hypertrace/prometheus-jmx-exporter - tag: 0.1.5 + tag: 0.1.6 pullPolicy: IfNotPresent resources: requests: @@ -374,7 +374,7 @@ minion: port: 7074 image: repository: hypertrace/prometheus-jmx-exporter - tag: 0.1.5 + tag: 0.1.6 pullPolicy: IfNotPresent resources: requests: @@ -486,7 +486,7 @@ server: port: 7073 image: repository: hypertrace/prometheus-jmx-exporter - tag: 0.1.5 + tag: 0.1.6 pullPolicy: IfNotPresent resources: requests: @@ -511,7 +511,6 @@ server: tier1: {} tagJobEnabled: false - tagJobWaitforSideCar: true tagJob: image: repository: curlimages/curl