How to exchange k8s-helper-linux image (OD-976)

Alex Ellwein opened 3 years ago

I'm searching for possibility to provide my own k8s-helper-linux image (not the 1dev/... one). It seems there is no configuration option for that, or i didn't find one.

I think it would be a nice addition to make this configurable, mainly for two reasons:

The project CERT team can react on 0-day exploits and mitigate them by exchanging the image with patched one (thus avoiding exploits in ci/cd chain)
Sometimes, special tools or scripts are needed to be pre-provisioned (e.g. buildkit or qemu or others), which can be used in custom images.

Of course, one still needs to take care that all necessary tools are installed, otherwise the build executor would end up with errors. WDYT?

Regards, Alexander

Activities

Robin Shen commented 3 years ago
Using custom k8s helper image may lead to api incompatibility issues if something changes. OneDev currently selects appropriate version of k8s helper image automatically based on project dependency information, so I do not need to maintain a server / helper image compatiblity matrix.

For your concerns:

If there is a security vulnerability of k8s helper image, please raise issues.

If additional tool needs to be installed, it should be installed to your docker image used in build steps instad.
Alex Ellwein commented 3 years ago

Ok, i see. Thanks! I will close this.
Alex Ellwein changed state to 'Closed' 3 years ago
Previous Value Current Value
Open

Closed
Login to comment

Previous Value	Current Value
Open	Closed

Type	New Feature
Priority	Normal
Assignee	Robin Shen

Issue Votes (0)

Watchers (3)

Reference

OD-976