Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to distroless #658

Open
upodroid opened this issue Oct 27, 2022 · 8 comments
Open

Switch to distroless #658

upodroid opened this issue Oct 27, 2022 · 8 comments
Labels
area/release-eng Issues or PRs related to the Release Engineering subproject kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/release Categorizes an issue or PR as relevant to SIG Release.

Comments

@upodroid
Copy link
Member

A long-term optimization for the image-promoter is to switch the image to distroless. That means that everything has to be implemented in Go but we are making various os.exec calls in the code.

REDACTED  MCW0CDP3YY  ~  Desktop  Git  promo-tools   switch-to-distroless  1✎  1+  $   grep -r -e exec.Command -e gsutil -e gcloud . | grep -v e2e
./cmd/count-requests/main.go:   cmd = exec.Command("mktemp", "-d")
./cmd/count-requests/main.go:   cmd = exec.Command("git", "clone", "https://github.com/kubernetes/k8s.io.git", tmpDir)
./cmd/count-requests/main.go:   cmd = exec.Command("ls", subProjects)
./cmd/count-requests/main.go:   cmd = exec.Command("rm", "-r", tmpDir)
./cmd/kpromo/cmd/cip/cip.go:            "pass '--account=...' to all gcloud calls",
./cmd/kpromo/cmd/run/files.go:          "allow service account usage with gcloud calls",
./internal/legacy/gcloud/token.go:package gcloud
./internal/legacy/gcloud/token.go:// GetServiceAccountToken calls gcloud to get an access token for the specified
./internal/legacy/gcloud/token.go:      cmd := command.New("gcloud", args...)
./internal/legacy/gcloud/token.go:// ActivateServiceAccount activates the service account with gcloud.
./internal/legacy/gcloud/token.go:              "gcloud",
./internal/legacy/stream/subprocess.go: cmd := exec.Command(invocation[0], invocation[1:]...)
./internal/legacy/audit/types.go:       // for "gcloud logging logs list".
./internal/legacy/dockerregistry/inventory_test.go:             "gcloud",
./internal/legacy/dockerregistry/inventory_test.go:             "gcloud",
./internal/legacy/dockerregistry/inventory_test.go:             "gcloud",
./internal/legacy/dockerregistry/inventory_test.go:             "gcloud",
./internal/legacy/dockerregistry/types.go:      "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./internal/legacy/dockerregistry/types.go:// (e.g., a "gcloud" command, or perhaps in the future, a REST call).
./internal/legacy/dockerregistry/types.go:      Tokens            map[RootRepo]gcloud.Token
./internal/legacy/dockerregistry/types.go:// generates the set of "gcloud ..." commands used to manipulate Docker
./internal/legacy/dockerregistry/registry/registry.go:                          out, err := exec.Command("curl", imgEndpoint).Output()
./internal/legacy/dockerregistry/registry/registry.go:                          out, err := exec.Command("curl", imgEndpoint).Output()
./internal/legacy/dockerregistry/registry/context.go:   "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./internal/legacy/dockerregistry/registry/context.go:   Token          gcloud.Token   `yaml:"-"`
./internal/legacy/dockerregistry/inventory.go:  "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./internal/legacy/dockerregistry/inventory.go:          Tokens:            make(map[RootRepo]gcloud.Token),
./internal/legacy/dockerregistry/inventory.go:          token, err := gcloud.GetServiceAccountToken(rc.ServiceAccount, sc.UseServiceAccount)
./internal/legacy/dockerregistry/inventory.go:                          // overwriting), do not bother shelling out to gcloud. Instead just
./internal/legacy/dockerregistry/inventory.go:// GetWriteCmd generates a gcloud command that is used to make modifications to
./internal/legacy/dockerregistry/inventory.go:                  "gcloud",
./internal/legacy/dockerregistry/inventory.go:  return gcloud.MaybeUseServiceAccount(
./internal/legacy/dockerregistry/inventory.go:          "gcloud",
./internal/legacy/dockerregistry/inventory.go:  return gcloud.MaybeUseServiceAccount(
./internal/promoter/image/sign.go:      "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./internal/promoter/image/sign.go:              token     gcloud.Token
./internal/promoter/image/sign.go:                      token     gcloud.Token
./internal/promoter/image/impl.go:      "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./internal/promoter/image/impl.go:      if err := gcloud.ActivateServiceAccounts(opts.KeyFiles); err != nil {
./docs/github-promotion.md:This subcommand directly depends on `gcloud` and `gsutil` to be installed on
./docs/file-promotion.md:      --use-service-account     allow service account usage with gcloud calls
Binary file ./.git/objects/pack/pack-4d13f9e7c1f81fe8a82f984fcf8c36bf168faf5c.pack matches
Binary file ./.git/index matches
./promoter/file/token.go:       "sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
./promoter/file/token.go:// gcloudTokenSource implements oauth2.TokenSource.
./promoter/file/token.go:type gcloudTokenSource struct {
./promoter/file/token.go:func (s *gcloudTokenSource) Token() (*oauth2.Token, error) {
./promoter/file/token.go:       token, err := gcloud.GetServiceAccountToken(s.ServiceAccount, true)
./promoter/file/filestore.go:           ts := &gcloudTokenSource{ServiceAccount: filestore.ServiceAccount}

/area release-eng
/kind feature
@upodroid upodroid added area/release-eng Issues or PRs related to the Release Engineering subproject kind/bug Categorizes issue or PR as related to a bug. sig/release Categorizes an issue or PR as relevant to SIG Release. labels Oct 27, 2022
@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Oct 27, 2022
@saschagrunert
Copy link
Member

Hm yeah, that is a long term goal for our libraries.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 25, 2023
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Feb 24, 2023
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

@k8s-ci-robot k8s-ci-robot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 26, 2023
@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@upodroid
Copy link
Member Author

/reopen
/remove-lifecycle stale
/priority important-longterm

@k8s-ci-robot k8s-ci-robot added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Mar 26, 2023
@k8s-ci-robot
Copy link
Contributor

@upodroid: Reopened this issue.

In response to this:

/reopen
/remove-lifecycle stale
/priority important-longterm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot reopened this Mar 26, 2023
@BenTheElder
Copy link
Member

/remove-lifecyle rotten

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/release-eng Issues or PRs related to the Release Engineering subproject kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/release Categorizes an issue or PR as relevant to SIG Release.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@saschagrunert @BenTheElder @k8s-ci-robot @upodroid @k8s-triage-robot