Skip to content

Commit

Permalink
fix: resolve incorrect binary path for docker hub based images (#86)
Browse files Browse the repository at this point in the history 
- Fixes #83 reported by @JulianPedro 👍
- Development tooling tweaks to work on addressing some timeouts in
devcontainers.
This isn't confirmed resolved as not sure if vscode configuration issue,
codespaces issue, or something else causing this.
Local development works fine, but container based workspaces seem to
have timeouts randomly.
- Create a new dockerhub release.  
- fixes
[AB#483421](https://thycotic.visualstudio.com/4a89362e-1361-424f-a291-a8f57c2a8991/_workitems/edit/483421)
#83
  • Loading branch information
@sheldonhull
sheldonhull authored Jan 25, 2023
1 parent 1280534 commit 707a3d5
Show file tree
Hide file tree
Showing 25 changed files with 217 additions and 48 deletions.
10 changes: 0 additions & 10 deletions .changes/unreleased/🔨 Refactor-20230104-191219.yaml
View file

This file was deleted.

9 changes: 0 additions & 9 deletions .changes/unreleased/🤖 Development-20230104-184442.yaml
View file

This file was deleted.

2 changes: 2 additions & 0 deletions .devcontainer/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ ARG GOPATH
USER root
ENV DOCKER_BUILDKIT=1
ENV GOPATH=$GOPATH
# to avoid gcc compile issues as don't need gcc except for race conditions testing
ENV CGO_ENABLED=0
ENV MAGEFILE_ENABLE_COLOR=1
ENV TRUNK_LAUNCHER_QUIET=true
ENV PATH="$GOPATH/bin:/home/$DEVCONTAINER_USER/.local/share/aquaproj-aqua/bin:/home/$DEVCONTAINER_USER/go/bin:$PATH"
Expand Down
13 changes: 9 additions & 4 deletions .devcontainer/devcontainer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
"source=${localEnv:HOME}${localEnv:USERPROFILE}/.kube,target=/home/vscode/.kube/,type=bind,consistency=cached", // support for SSH keys
"source=${localEnv:HOME}${localEnv:USERPROFILE}/.ssh,target=/home/vscode/.ssh/,type=bind,consistency=cached", // support for SSH keys
"source=${localEnv:HOME}${localEnv:USERPROFILE}/.envrc,target=/home/vscode/.envrc,type=bind,consistency=cached", // envrc from home to allow direnv to mount credentials
"source=${localEnv:HOME}${localEnv:USERPROFILE}/.thy,target=/home/vscode/.thy/,type=bind,consistency=cached", // support for dsv-cli filestore based store
"source=${localEnv:HOME}${localEnv:USERPROFILE}/.dsv.yml,target=/home/vscode/.dsv.yml/,type=bind,consistency=cached", // mounting for dsv-config
// cache gopath directory
"source=go-path,target=/home/vscode/go/,type=volume"
],
Expand Down Expand Up @@ -61,12 +63,15 @@
// Use 'postCreateCommand' to run commands after the container is created.
// "postCreateCommand": "",
// Use 'postStartCommand' to run commands after the container is created like starting minikube.
"postStartCommand": "sudo chown -R vscode /home/vscode/go/ && export GOPATH=/home/vscode/go/ && echo '🔨 aqua tooling download' && aqua install && echo '✅ aqua install complete' && echo '🔨 running go mod download' && /home/vscode/.local/share/aquaproj-aqua/bin/go mod download && echo '✅ go mod download finished' && echo '🔨 downloading build tooling dependencies' && /home/vscode/.local/share/aquaproj-aqua/bin/mage && echo '✅ build tooling dependencies complete'",
"postStartCommand": "sudo chown -R vscode /home/vscode/go/ && export GOPATH=/home/vscode/go/ && echo '🔨 aqua tooling download' && aqua install && echo '✅ aqua install complete' && echo
'🔨 running go mod download' && /home/vscode/.local/share/aquaproj-aqua/bin/go mod download && echo '✅ go mod download finished' && echo '🔨 downloading build tooling dependencies' &&
/home/vscode/.local/share/aquaproj-aqua/bin/mage -compile ./magec && echo '✅ build tooling dependencies complete'",
// Minikube does not like running as root, so use a non-root user.
"remoteUser": "vscode",
"containerEnv": {
"ENABLE_NONROOT_DOCKER": "true",
"GITHUB_OATH_TOKEN": "${localEnv:GITHUB_OATH_TOKEN}"
"GITHUB_OATH_TOKEN": "${localEnv:GITHUB_OATH_TOKEN}",
"CGO_ENABLED": "false",
},
"remoteEnv": {
"ENABLE_NONROOT_DOCKER": "true"
Expand All @@ -85,10 +90,10 @@
"username": "vscode",
"installOhMyZsh": true
},
"ghcr.io/devcontainers/features/docker-in-docker:1.0.7": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {
"version": "latest",
"dockerDashComposeVersion": "v2",
"username": "vscode"
}
}
}
}
2 changes: 2 additions & 0 deletions .envrc
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
export PATH="${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH" # for those using aqua this will ensure it's in the path with all tools if loading from home
export DIRENV_WARN_TIMEOUT='10s'
export DIRENV_LOG_FORMAT=""

Expand All @@ -14,3 +15,4 @@ export DSV_CREDENTIALS_ANNOTATION_VALUE='app1'
export DSV_K8S_TEST_SECRET_PATH='k8s:sync:test'
# Without this codespaces might have an issues with loading with mage initially without gcc being installed
export CGO_ENABLED=0
export MAGEFILE_HASHFAST=1 # use mage -f to force recompile, this should make it faster if you aren't editing magefiles often
2 changes: 1 addition & 1 deletion .trunk/actions
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
/home/vscode/.cache/trunk/repos/d04a383d1909a139617b5284ddf891a9/actions
/Users/sheldon.hull/.cache/trunk/repos/f2d85cb9ef0af4dd9360d429942edea0/actions
2 changes: 1 addition & 1 deletion .trunk/notifications
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
/home/vscode/.cache/trunk/repos/d04a383d1909a139617b5284ddf891a9/notifications
/Users/sheldon.hull/.cache/trunk/repos/f2d85cb9ef0af4dd9360d429942edea0/notifications
14 changes: 8 additions & 6 deletions .trunk/trunk.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ version: 0.1
plugins:
sources:
- id: trunk
ref: v0.0.5
ref: v0.0.8
uri: https://github.com/trunk-io/plugins
actions:
enabled:
Expand Down Expand Up @@ -44,16 +44,18 @@ runtimes:
value: 1
enabled: [go@1.19, node@16.14.2, python@3.10.3]
cli:
version: 1.3.1
version: 1.3.2
lint:
disabled:
- cspell
enabled:
- cspell@6.19.2
#- cspell@6.19.2
- prettier@2.3.0
- git-diff-check
- prettier@2.8.3
- taplo@0.7.0
- yamllint@1.29.0
- actionlint@1.6.22
- gitleaks@8.15.2
- actionlint@1.6.23
- gitleaks@8.15.3
- gofmt@1.19.3
- golangci-lint@1.50.1
- hadolint@2.12.0
Expand Down
23 changes: 23 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,29 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html),
and is generated by [Changie](https://github.com/miniscruff/changie).

## v1.1.5 - 2023-01-24

### 🔨 Refactor

- Point the helm charts towards docker hub based images, instead of quay, as these are now iterated on with changelog driven release instead of each commit. This should reduce frequency of needless version updates.

### 🐛 Bug Fix

- Docker Hub published images did not have the correct path to the injector and syncer, resulting in an invalid entrypoint. This is fixed and should now correctly resolve when using the updated helm charts that provide a qualified path. For example: `/app/dsv-injector` instead of just saying `dsv-injector` now. This is due to using a minimal distroless image and not copying binaries into a path that is assumed to be resolved automatically by `PATH`, such as `/usr/local/bin`. Now the path to the binary is explicitly set and should resolve any path resolution issues.

### 🤖 Development

- Bump aqua tooling and include dsv-cli in the project setup. Include `CGO_ENABLED=0` to avoid issues with running commands in devcontainers & codespaces.

### Related

- fixes AB#483421
- [Issue 83 Fixed](https://github.com/DelineaXPM/dsv-k8s/issues/83). Thank you @JulianPedro for helping identify this and opening the descriptive issue. 👍

### Contributors

- [sheldonhull](https://github.com/sheldonhull)

## v1.1.4 - 2022-10-11

### Security
Expand Down
2 changes: 2 additions & 0 deletions aqua.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,5 @@ packages:
version: v1.25.2
- name: helm/helm@v3.10.3
- name: DelineaXPM/dsv-cli@v1.39.11
- name: kubernetes/minikube@v1.28.0
- name: stern/stern@v1.22.0
2 changes: 1 addition & 1 deletion charts/dsv-injector/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ keywords:
- secrets
- vault
type: application
version: 0.2.2
version: 0.2.3
appVersion: latest
maintainers:
- name: Sheldon Hull
Expand Down
7 changes: 6 additions & 1 deletion charts/dsv-injector/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# dsv-injector

![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
![Version: 0.2.3](https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)

A Helm chart for the Delinea DevOps Secrets Vault (DSV) Injector Mutating Webhook.

Expand All @@ -18,6 +18,7 @@ A Helm chart for the Delinea DevOps Secrets Vault (DSV) Injector Mutating Webhoo
| containerPort | int | `18543` | containerPort is the port that the container itself listens on |
| credentialsJson | string | `"{\n \"default\": {\n \"credentials\": {\n \"clientId\": \"\",\n \"clientSecret\": \"\"\n },\n \"tenant\": \"example\"\n }\n}"` | credentialsJson contains the JSON-formatted credentials file (see README.md) @default - placeholder. _REQUIRED FIELD_ |
| fullnameOverride | string | `""` | |
| image.entrypoint | string | `"/app/dsv-injector"` | Entrypoint is the path to the binary. Since the container image could contain multiple binaries, this makes sure it's correctly mapped to the binary. |
| image.pullPolicy | string | `"Always"` | |
| image.repository | string | `"docker.io/delineaxpm/dsv-k8s"` | |
| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
Expand All @@ -33,3 +34,7 @@ A Helm chart for the Delinea DevOps Secrets Vault (DSV) Injector Mutating Webhoo
| webhookPort | int | 8543 | webhookPort is the port that the webhook endpoint is listening on |
| webhookScope | string | "Namespaced" | webhookScope specifies which resources are in scope, "Cluster", "Namespaced" or "\*" |
| webhookUri | string | `"/inject"` | webhookUri is path portion of the URL of the webhook endpoint |

---

Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
2 changes: 1 addition & 1 deletion charts/dsv-injector/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ spec:
{{- end }}
containers:
- name: {{ .Chart.Name }}
command: [{{ include "dsv.name" . }}]
command: [{{ .Values.image.entrypoint }}]
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
Expand Down
2 changes: 2 additions & 0 deletions charts/dsv-injector/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ image:
pullPolicy: Always
# -- Overrides the image tag whose default is the chart appVersion.
tag: ''
# -- Entrypoint is the path to the binary. Since the container image could contain multiple binaries, this makes sure it's correctly mapped to the binary.
entrypoint: /app/dsv-injector

imagePullSecrets: []
nameOverride: ''
Expand Down
2 changes: 1 addition & 1 deletion charts/dsv-syncer/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ keywords:
- secrets
- vault
type: application
version: 0.1.2
version: 0.1.3
appVersion: latest
maintainers:
- name: Sheldon Hull
Expand Down
Loading

0 comments on commit 707a3d5

Please sign in to comment.