OneDev
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server
Code
Pull Requests
Issues
List
Boards
Milestones
Builds
Packages
Statistics
Child Projects
OneDev 10.6.0
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-976
How to exchange k8s-helper-linux image (OD-976)
Closed
Alex Ellwein opened 2 years ago

I'm searching for possibility to provide my own k8s-helper-linux image (not the 1dev/... one). It seems there is no configuration option for that, or i didn't find one.

I think it would be a nice addition to make this configurable, mainly for two reasons:

  • The project CERT team can react on 0-day exploits and mitigate them by exchanging the image with patched one (thus avoiding exploits in ci/cd chain)
  • Sometimes, special tools or scripts are needed to be pre-provisioned (e.g. buildkit or qemu or others), which can be used in custom images.

Of course, one still needs to take care that all necessary tools are installed, otherwise the build executor would end up with errors. WDYT?

Regards, Alexander
Robin Shen commented 2 years ago

Using custom k8s helper image may lead to api incompatibility issues if something changes. OneDev currently selects appropriate version of k8s helper image automatically based on project dependency information, so I do not need to maintain a server / helper image compatiblity matrix.

For your concerns:

  1. If there is a security vulnerability of k8s helper image, please raise issues.
  2. If additional tool needs to be installed, it should be installed to your docker image used in build steps instad.
Alex Ellwein commented 2 years ago

Ok, i see. Thanks! I will close this.
Alex Ellwein changed state to 'Closed' 2 years ago
Previous Value Current Value 
Open
 
Closed
issue 1 of 1
Type
New Feature
Priority
Normal
Assignee
Robin Shen
Issue Votes (0)
Login to vote
Watchers (3)
Reference
OD-976
Please wait...
Page is in error, reload to recover