chore: bump kube-rbac-proxy to fix CVE (#171)

* chore: bump kube-rbac-proxy to fix CVE Signed-off-by: ericsyh <[email protected]> * fix chart ci Signed-off-by: ericsyh <[email protected]> * fix Signed-off-by: ericsyh <[email protected]> * update Signed-off-by: ericsyh <[email protected]> * update test Signed-off-by: ericsyh <[email protected]> * update test Signed-off-by: ericsyh <[email protected]> * update test Signed-off-by: ericsyh <[email protected]> * fix ci Signed-off-by: ericsyh <[email protected]> * update test Signed-off-by: ericsyh <[email protected]> --------- Signed-off-by: ericsyh <[email protected]>
streamnative · Nov 13, 2023 · 2f6d270 · 2f6d270
1 parent ec44045
commit 2f6d270
Show file tree

Hide file tree

Showing 8 changed files with 18 additions and 48 deletions.
diff --git a/.github/workflows/chart-test.yml b/.github/workflows/chart-test.yml
@@ -61,9 +61,7 @@ jobs:
           python-version: '3.10'
 
       - name: Set up chart-testing
-        uses: helm/[email protected]
-        with:
-          version: v3.8.0
+        uses: helm/[email protected]
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -126,7 +124,7 @@ jobs:
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.0
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Create kind cluster
@@ -176,7 +174,7 @@ jobs:
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.0
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Create kind cluster
@@ -226,7 +224,7 @@ jobs:
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.0
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Create kind cluster
@@ -276,7 +274,7 @@ jobs:
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.0
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Create kind cluster
@@ -326,7 +324,7 @@ jobs:
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.0
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Create kind cluster
@@ -376,7 +374,7 @@ jobs:
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.0
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Create kind cluster
@@ -426,7 +424,7 @@ jobs:
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.0
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Create kind cluster
@@ -476,7 +474,7 @@ jobs:
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.0
         if: ${{ needs.lint-test.outputs.changed == 'true' }}
 
       - name: Create kind cluster

diff --git a/Makefile b/Makefile
@@ -54,7 +54,7 @@ IMG ?= controller:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.23
 
-KUBE_RBAC_PROXY_IMG ?= gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
+KUBE_RBAC_PROXY_IMG ?= gcr.io/kubebuilder/kube-rbac-proxy:v0.14.4
 
 REDHAT_SCAN_REGITRY ?= "quay.io"
 PROJECT_ID_PULSAR_RESOURCES_OPERATOR ?= "62f2585dfcd25442e1f1ee46"

diff --git a/charts/pulsar-resources-operator/ci/set-resources-values.yaml b/charts/pulsar-resources-operator/ci/set-resources-values.yaml
diff --git a/charts/pulsar-resources-operator/tests/deployment_test.yaml b/charts/pulsar-resources-operator/tests/deployment_test.yaml
@@ -28,10 +28,10 @@ tests:
           pattern: -pulsar-resources-operator$
       - equal:
           path: spec.template.spec.containers[0].image
-          value: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
+          value: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.4
       - equal:
           path: spec.template.spec.containers[1].image
-          value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.4.3
+          value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.4.4
       - equal:
           path: spec.template.spec.containers[1].imagePullPolicy
           value: IfNotPresent
@@ -57,11 +57,11 @@ tests:
 
   - it: should update the image version successfully
     set:
-      image.manager.tag: v0.0.1
+      image.manager.tag: v0.4.3
     asserts:
       - equal:
           path: spec.template.spec.containers[1].image
-          value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.0.1
+          value: docker.streamnative.io/streamnative/operators/pulsar-resources-operator:v0.4.3
 
   - it: should update the replicas successfully
     set:

diff --git a/charts/pulsar-resources-operator/values.schema.json b/charts/pulsar-resources-operator/values.schema.json
@@ -126,14 +126,14 @@
                             "default": "",
                             "title": "The tag Schema",
                             "examples": [
-                                "v0.14.1"
+                                "v0.14.4"
                             ]
                         }
                     },
                     "examples": [{
                         "registry": "gcr.io",
                         "repository": "kubebuilder/kube-rbac-proxy",
-                        "tag": "v0.14.1"
+                        "tag": "v0.14.4"
                     }]
                 }
             },

diff --git a/charts/pulsar-resources-operator/values.yaml b/charts/pulsar-resources-operator/values.yaml
@@ -42,7 +42,7 @@ image:
     # -- The full repo name for image.
     repository: kubebuilder/kube-rbac-proxy
     # -- Image tag, it can override the image tag whose default is the chart appVersion.
-    tag: "v0.14.1"
+    tag: "v0.14.4"
 
 # -- Specifies image pull secrets for private registry, the format is `- name: gcr`
 imagePullSecrets: []

diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -24,7 +24,7 @@ spec:
     spec:
       containers:
       - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.4
         args:
         - "--secure-listen-address=0.0.0.0:8443"
         - "--upstream=http://127.0.0.1:8080/"

diff --git a/ct.yaml b/ct.yaml
@@ -29,7 +29,6 @@ target-branch: main
 # parameters for ct lint
 charts:
   - charts/pulsar-resources-operator
-helm-extra-args: --timeout 600s
 
 # Additional commands to run per chart.
 # Commands will be executed in the same order as provided in the list and will