From 37baf039711cd427c08c58c6a3e19b98d79f4e16 Mon Sep 17 00:00:00 2001 From: Stacky McStackface Date: Mon, 13 Dec 2021 12:11:37 +0000 Subject: [PATCH 1/2] Generated commit to update templated files based on rev 1c43a92 in stackabletech/operator-templating repo. Original commit message: Added an environment variable to disable lookups in log4j strings. (#32) This is in order to protect against Log4Shell (CVE-2021-44228). --- deploy/helm/kafka-operator/Chart.yaml | 9 +++++++-- docker/Dockerfile | 3 +++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/deploy/helm/kafka-operator/Chart.yaml b/deploy/helm/kafka-operator/Chart.yaml index 8a8ff195..609849ff 100644 --- a/deploy/helm/kafka-operator/Chart.yaml +++ b/deploy/helm/kafka-operator/Chart.yaml @@ -2,9 +2,11 @@ # This file is automatically generated from the templates in stackabletech/operator-templating # DON'T MANUALLY EDIT THIS FILE # ============= + apiVersion: v2 name: kafka-operator description: The Stackable Operator for Apache Kafka + # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives @@ -14,15 +16,18 @@ description: The Stackable Operator for Apache Kafka # a dependency of application charts to inject those utilities and functions into the rendering # pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application + maintainers: - name: stackable url: github.com/stackabletech + # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.0-nightly +version: + # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 0.5.0-nightly +appVersion: diff --git a/docker/Dockerfile b/docker/Dockerfile index 60d40a6b..a63ac402 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -20,4 +20,7 @@ RUN groupadd -g 1000 stackable && adduser -u 1000 -g stackable -c 'Stackable Ope USER 1000:1000 +# Mitigate CVE-2021-44228 (Log4Shell) +ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true + ENTRYPOINT ["/stackable-kafka-operator"] From e554692c1ea2c0a5d5904bc430ad92fa72dcb938 Mon Sep 17 00:00:00 2001 From: Stacky McStackface Date: Mon, 13 Dec 2021 12:13:20 +0000 Subject: [PATCH 2/2] Github Actions: Generated k8s manifest files --- deploy/helm/kafka-operator/Chart.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/deploy/helm/kafka-operator/Chart.yaml b/deploy/helm/kafka-operator/Chart.yaml index 609849ff..8a8ff195 100644 --- a/deploy/helm/kafka-operator/Chart.yaml +++ b/deploy/helm/kafka-operator/Chart.yaml @@ -2,11 +2,9 @@ # This file is automatically generated from the templates in stackabletech/operator-templating # DON'T MANUALLY EDIT THIS FILE # ============= - apiVersion: v2 name: kafka-operator description: The Stackable Operator for Apache Kafka - # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives @@ -16,18 +14,15 @@ description: The Stackable Operator for Apache Kafka # a dependency of application charts to inject those utilities and functions into the rendering # pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application - maintainers: - name: stackable url: github.com/stackabletech - # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: - +version: 0.5.0-nightly # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: +appVersion: 0.5.0-nightly