I'm searching for possibility to provide my own k8s-helper-linux image (not the 1dev/... one). It seems there is
no configuration option for that, or i didn't find one.
I think it would be a nice addition to make this configurable, mainly for two reasons:
The project CERT team can react on 0-day exploits and mitigate them by exchanging the image with patched one (thus avoiding exploits in ci/cd chain)
Sometimes, special tools or scripts are needed to be pre-provisioned (e.g. buildkit or qemu or others), which can be used in custom images.
Of course, one still needs to take care that all necessary tools are installed, otherwise the build executor would end up with errors.
WDYT?
Regards,
Alexander
Robin Shen commented 2 years ago
Using custom k8s helper image may lead to api incompatibility issues if something changes. OneDev currently selects appropriate version of k8s helper image automatically based on project dependency information, so I do not need to maintain a server / helper image compatiblity matrix.
For your concerns:
If there is a security vulnerability of k8s helper image, please raise issues.
If additional tool needs to be installed, it should be installed to your docker image used in build steps instad.
I'm searching for possibility to provide my own k8s-helper-linux image (not the 1dev/... one). It seems there is no configuration option for that, or i didn't find one.
I think it would be a nice addition to make this configurable, mainly for two reasons:
Of course, one still needs to take care that all necessary tools are installed, otherwise the build executor would end up with errors. WDYT?
Regards, Alexander