Kubectl image fix (#209)

* set kubectl image with cve fixes * revert kubectl changes * revert kubectl changes * revert kubectl changes * updated all relative paths of sh in kubectl image
nirmata · Dec 30, 2023 · 28334c7 · 28334c7
1 parent aab1c8e
commit 28334c7
Show file tree

Hide file tree

Showing 12 changed files with 20 additions and 20 deletions.
diff --git a/charts/nirmata/Chart.yaml b/charts/nirmata/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 type: application
 name: kyverno
-version: 3.0.14
+version: 3.0.15
 appVersion: v1.10.6-n4k.nirmata.3
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 description: Kubernetes Native Policy Management

diff --git a/charts/nirmata/README.md b/charts/nirmata/README.md
@@ -672,7 +672,7 @@ The chart values are organised per component.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | webhooksCleanup.enabled | bool | `true` | Create a helm pre-delete hook to cleanup webhooks. |
-| webhooksCleanup.image | string | `"bitnami/kubectl:latest"` | `kubectl` image to run commands for deleting webhooks. |
+| webhooksCleanup.image | string | `"ghcr.io/nirmata/kubectl:1.28.5"` | `kubectl` image to run commands for deleting webhooks. |
 | webhooksCleanup.imagePullSecrets | list | `[]` | Image pull secrets |
 | webhooksCleanup.nodeAffinity | object | `{}` | Node affinity constraints. |
 | webhooksCleanup.nodeSelector | object | `{}` | Node labels for pod assignment |
@@ -706,8 +706,8 @@ The chart values are organised per component.
 | cleanupJobs.admissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
 | cleanupJobs.admissionReports.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
 | cleanupJobs.admissionReports.image.registry | string | `nil` | Image registry |
-| cleanupJobs.admissionReports.image.repository | string | `"bitnami/kubectl"` | Image repository |
-| cleanupJobs.admissionReports.image.tag | string | `"1.26.4"` | Image tag Defaults to `latest` if omitted |
+| cleanupJobs.admissionReports.image.repository | string | `"ghcr.io/nirmata/kubectl"` | Image repository |
+| cleanupJobs.admissionReports.image.tag | string | `"1.28.5"` | Image tag Defaults to `latest` if omitted |
 | cleanupJobs.admissionReports.imagePullSecrets | list | `[]` | Image pull secrets |
 | cleanupJobs.admissionReports.nodeAffinity | object | `{}` | Node affinity constraints. |
 | cleanupJobs.admissionReports.nodeSelector | object | `{}` | Node labels for pod assignment |
@@ -725,8 +725,8 @@ The chart values are organised per component.
 | cleanupJobs.clusterAdmissionReports.history | object | `{"failure":1,"success":1}` | Cronjob history |
 | cleanupJobs.clusterAdmissionReports.image.pullPolicy | string | `nil` | Image pull policy Defaults to image.pullPolicy if omitted |
 | cleanupJobs.clusterAdmissionReports.image.registry | string | `nil` | Image registry |
-| cleanupJobs.clusterAdmissionReports.image.repository | string | `"bitnami/kubectl"` | Image repository |
-| cleanupJobs.clusterAdmissionReports.image.tag | string | `"1.26.4"` | Image tag Defaults to `latest` if omitted |
+| cleanupJobs.clusterAdmissionReports.image.repository | string | `"ghcr.io/nirmata/kubectl"` | Image repository |
+| cleanupJobs.clusterAdmissionReports.image.tag | string | `"1.28.5"` | Image tag Defaults to `latest` if omitted |
 | cleanupJobs.clusterAdmissionReports.imagePullSecrets | list | `[]` | Image pull secrets |
 | cleanupJobs.clusterAdmissionReports.nodeAffinity | object | `{}` | Node affinity constraints. |
 | cleanupJobs.clusterAdmissionReports.nodeSelector | object | `{}` | Node labels for pod assignment |

diff --git a/charts/nirmata/templates/cleanup/cleanup-admission-reports.yaml b/charts/nirmata/templates/cleanup/cleanup-admission-reports.yaml
@@ -34,7 +34,7 @@ spec:
             image: {{ (include "kyverno.image" .Values.cleanupJobs.admissionReports) | quote }}
             imagePullPolicy: {{ .Values.cleanupJobs.admissionReports.image.pullPolicy }}
             command:
-            - /bin/sh
+            - sh
             - -c
             - |
               COUNT=$(kubectl get admissionreports.kyverno.io -A | wc -l)

diff --git a/charts/nirmata/templates/cleanup/cleanup-cluster-admission-reports.yaml b/charts/nirmata/templates/cleanup/cleanup-cluster-admission-reports.yaml
@@ -34,7 +34,7 @@ spec:
             image: {{ (include "kyverno.image" .Values.cleanupJobs.clusterAdmissionReports) | quote }}
             imagePullPolicy: {{ .Values.cleanupJobs.clusterAdmissionReports.image.pullPolicy }}
             command:
-            - /bin/sh
+            - sh
             - -c
             - |
               COUNT=$(kubectl get clusteradmissionreports.kyverno.io -A | wc -l)

diff --git a/charts/nirmata/templates/tests/admission-controller-liveness.yaml b/charts/nirmata/templates/tests/admission-controller-liveness.yaml
@@ -22,6 +22,6 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       command:
-        - /bin/sh
+        - sh
         - -c
         - sleep 20 ; wget -O- -S --no-check-certificate https://{{ template "kyverno.admission-controller.serviceName" . }}.{{ template "kyverno.namespace" . }}:{{ .Values.admissionController.service.port }}/health/liveness
diff --git a/charts/nirmata/templates/tests/admission-controller-metrics.yaml b/charts/nirmata/templates/tests/admission-controller-metrics.yaml
@@ -23,7 +23,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       command:
-        - /bin/sh
+        - sh
         - -c
         - sleep 20 ; wget -O- -S --no-check-certificate http://{{ template "kyverno.admission-controller.serviceName" . }}-metrics.{{ template "kyverno.namespace" . }}:{{ .Values.admissionController.metricsService.port }}/metrics
 {{- end -}}
diff --git a/charts/nirmata/templates/tests/admission-controller-readiness.yaml b/charts/nirmata/templates/tests/admission-controller-readiness.yaml
@@ -22,6 +22,6 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       command:
-        - /bin/sh
+        - sh
         - -c
         - sleep 20 ; wget -O- -S --no-check-certificate https://{{ template "kyverno.admission-controller.serviceName" . }}.{{ template "kyverno.namespace" . }}:{{ .Values.admissionController.service.port }}/health/readiness
diff --git a/charts/nirmata/templates/tests/cleanup-controller-liveness.yaml b/charts/nirmata/templates/tests/cleanup-controller-liveness.yaml
@@ -23,7 +23,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       command:
-        - /bin/sh
+        - sh
         - -c
         - sleep 20 ; wget -O- -S --no-check-certificate https://{{ template "kyverno.cleanup-controller.name" . }}.{{ template "kyverno.namespace" . }}:{{ .Values.cleanupController.service.port }}/health/liveness
 {{- end -}}
diff --git a/charts/nirmata/templates/tests/cleanup-controller-metrics.yaml b/charts/nirmata/templates/tests/cleanup-controller-metrics.yaml
@@ -23,7 +23,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       command:
-        - /bin/sh
+        - sh
         - -c
         - sleep 20 ; wget -O- -S --no-check-certificate http://{{ template "kyverno.cleanup-controller.name" . }}-metrics.{{ template "kyverno.namespace" . }}:{{ .Values.cleanupController.metricsService.port }}/metrics
 {{- end -}}
diff --git a/charts/nirmata/templates/tests/cleanup-controller-readiness.yaml b/charts/nirmata/templates/tests/cleanup-controller-readiness.yaml
@@ -23,7 +23,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       command:
-        - /bin/sh
+        - sh
         - -c
         - sleep 20 ; wget -O- -S --no-check-certificate https://{{ template "kyverno.cleanup-controller.name" . }}.{{ template "kyverno.namespace" . }}:{{ .Values.cleanupController.service.port }}/health/readiness
 {{- end -}}
diff --git a/charts/nirmata/templates/tests/reports-controller-metrics.yaml b/charts/nirmata/templates/tests/reports-controller-metrics.yaml
@@ -23,7 +23,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       command:
-        - /bin/sh
+        - sh
         - -c
         - sleep 20 ; wget -O- -S --no-check-certificate http://{{ template "kyverno.reports-controller.name" . }}-metrics.{{ template "kyverno.namespace" . }}:{{ .Values.reportsController.metricsService.port }}/metrics
 {{- end -}}
diff --git a/charts/nirmata/values.yaml b/charts/nirmata/values.yaml
@@ -316,7 +316,7 @@ webhooksCleanup:
   # -- Create a helm pre-delete hook to cleanup webhooks.
   enabled: true
   # -- `kubectl` image to run commands for deleting webhooks.
-  image: bitnami/kubectl:latest
+  image: ghcr.io/nirmata/kubectl:1.28.5
   # -- Image pull secrets
   imagePullSecrets: []
 
@@ -433,10 +433,10 @@ cleanupJobs:
       # -- (string) Image registry
       registry: ~
       # -- Image repository
-      repository: bitnami/kubectl
+      repository: ghcr.io/nirmata/kubectl
       # -- Image tag
       # Defaults to `latest` if omitted
-      tag: '1.26.4'
+      tag: '1.28.5'
       # -- (string) Image pull policy
       # Defaults to image.pullPolicy if omitted
       pullPolicy: ~
@@ -504,10 +504,10 @@ cleanupJobs:
       # -- (string) Image registry
       registry: ~
       # -- Image repository
-      repository: bitnami/kubectl
+      repository: ghcr.io/nirmata/kubectl
       # -- Image tag
       # Defaults to `latest` if omitted
-      tag: '1.26.4'
+      tag: '1.28.5'
       # -- (string) Image pull policy
       # Defaults to image.pullPolicy if omitted
       pullPolicy: ~