Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update image base to gcr.io/distroless/base-debian10:latest #100566

Merged
merged 1 commit into from Mar 26, 2021
Merged

Update image base to gcr.io/distroless/base-debian10:latest #100566

merged 1 commit into from Mar 26, 2021

Conversation

dekkagaijin
Copy link
Contributor

This change:

/kind bug

NONE

Update image base to gcr.io/distroless/base-debian10:latest
2c16550 
This change:
* Updates the base image be based on `buster` (vs. the default `stretch`)
* Consumes the fix for [CVE-2021-3449](https://security-tracker.debian.org/tracker/CVE-2021-3449) in GoogleContainerTools/distroless#700
@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Mar 25, 2021
@dekkagaijin
Copy link
Contributor Author

/cc @justaugustus

@k8s-ci-robot k8s-ci-robot added the sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. label Mar 25, 2021
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Mar 25, 2021
@justaugustus
Copy link
Member

/assign
/hold
/area release-eng security
/sig release
/milestone v1.21

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. area/release-eng Issues or PRs related to the Release Engineering subproject labels Mar 25, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Mar 25, 2021
@k8s-ci-robot k8s-ci-robot added area/security sig/release Categorizes an issue or PR as relevant to SIG Release. labels Mar 25, 2021
@dekkagaijin
Copy link
Contributor Author

/retest

@justaugustus
Copy link
Member

/lgtm
/approve
(as an immediate fix, but I'm going to look into cleaning up some of the image tag selections in a follow-up)

/assign @liggitt
/hold cancel

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Mar 25, 2021
@justaugustus
Copy link
Member

/priority critical-urgent
/triage accepted

@k8s-ci-robot k8s-ci-robot added priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 25, 2021
@BenTheElder BenTheElder removed the needs-priority Indicates a PR lacks a `priority/foo` label and requires one. label Mar 25, 2021
@liggitt
Copy link
Member

liggitt commented Mar 25, 2021

I don't object to the change, but for criticality/urgency, do we even build/use this image?

@dims
Copy link
Member

dims commented Mar 25, 2021

@liggitt isn't it used in a conformance test?

@liggitt
Copy link
Member

liggitt commented Mar 25, 2021

@liggitt isn't it used in a conformance test?

I think the one used in conformance is https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/sample-apiserver/artifacts/simple-image/Dockerfile

@liggitt
Copy link
Member

liggitt commented Mar 25, 2021

/approve
/hold in case lack of use informs whether we want this in 1.21 or 1.22. unhold at will.

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 25, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dekkagaijin, justaugustus, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 25, 2021
@justaugustus
Copy link
Member

Thanks Jordan!
/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 26, 2021
@k8s-ci-robot k8s-ci-robot merged commit 30a261d into kubernetes:master Mar 26, 2021
@PushkarJ PushkarJ mentioned this pull request Sep 14, 2021
Open
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justaugustus justaugustus Awaiting requested review from justaugustus

@logicalhan logicalhan Awaiting requested review from logicalhan

@yue9944882 yue9944882 Awaiting requested review from yue9944882

Assignees

@justaugustus justaugustus

@liggitt liggitt

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/release-eng Issues or PRs related to the Release Engineering subproject area/security cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/release Categorizes an issue or PR as relevant to SIG Release. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@dekkagaijin @justaugustus @liggitt @dims @k8s-ci-robot @BenTheElder