Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

figure out containarization #16

Open
v0lkan opened this issue Nov 10, 2024 · 5 comments · May be fixed by #99
Open

figure out containarization #16

v0lkan opened this issue Nov 10, 2024 · 5 comments · May be fixed by #99
Assignees
@strideynet @csoylu
Labels
enhancement New feature or request k8s

Comments

@v0lkan
Copy link
Contributor

v0lkan commented Nov 10, 2024

No description provided.

@v0lkan v0lkan converted this from a draft issue Nov 10, 2024
@strideynet
Copy link
Contributor

I'm happy to pick this up.

The way we've handled this on https://github.com/spiffe/aws-spiffe-workload-helper is:

  • Using Ko to build the OCI images. This produces effectively a very simple distroless image with the Go binary. This only works with CGO_ENABLED=0 though - so if BoringCrypto is a hard requirement, we'll have to take a different route here and create a Dockerfile.
  • Pushing the built images to the GitHub Container Registry. This seems like the most natural place.

Given how sensitive the data SPIKE handles is, we probably ought to investigate SigStore signing of the release images. This should be fairly trivial in GHA.

@v0lkan
Copy link
Contributor Author

v0lkan commented Jan 3, 2025
edited
Loading

Assigned.

Not boringcrypto, but CGO is a requirement (for sqlite at least)

We can discuss the details.

Also, @abhishek44sharma did the majority of helm charts work in VMware Secrets Manager; he might have ideas too.

Actually, we can even discuss that in our first contributor sync sometime :D

@csoylu
Copy link
Contributor

csoylu commented Feb 18, 2025

@strideynet Hey, are you still on this issue? If not i might be helpfull.

@strideynet
Copy link
Contributor

@strideynet Hey, are you still on this issue? If not i might be helpfull.

Happy to let you take it - I don't imagine I'll get around to it for a few weeks.

@v0lkan
Copy link
Contributor Author

v0lkan commented Feb 19, 2025

@strideynet @csoylu I'll let you folks figure it out :).

Assigned to both of you, just in case :) .

@v0lkan v0lkan added enhancement New feature or request k8s labels Feb 19, 2025
@csoylu csoylu linked a pull request Feb 19, 2025 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@strideynet strideynet

@csoylu csoylu

Labels
enhancement New feature or request k8s
Projects
SPIKE Roadmap
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(docker): Add flexible multi-stage Dockerfile for application builds csoylu/spike
3 participants
@v0lkan @strideynet @csoylu