Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Image: adds cassandra #1164

Merged
merged 16 commits into from
Aug 11, 2023
Merged

Image: adds cassandra #1164

merged 16 commits into from
Aug 11, 2023

Conversation

mritunjaysharma394
Copy link
Contributor

@mritunjaysharma394 mritunjaysharma394 commented Jul 31, 2023
edited
Loading

Chainguard Images Pull Request Template

Image Size

  • The Image is smaller in size than its common public counterpart.
  • The Image is larger in size than its common public counterpart (please explain in the notes).

Notes:
Public counterpart: 342 MB
This image: 246 MB

Image Vulnerabilities

  • The Grype vulnerability scan returned 0 CVE(s).
  • The Grype vulnerability scan returned > 0 CVE(s) (please explain in the notes).

Notes:

This image has following vulnerabilities:

   ├── 1 critical, 7 high, 9 medium, 2 low, 0 negligible
   └── 10 fixed
NAME              INSTALLED  FIXED-IN  TYPE          VULNERABILITY        SEVERITY
fqltool                                java-archive  CVE-2020-13946       Medium
glibc             2.38-r0              apk           CVE-2023-0687        Critical
guava             27.0-jre             java-archive  CVE-2020-8908        Low
guava             27.0-jre             java-archive  CVE-2023-2976        High
guava             27.0-jre             java-archive  GHSA-5mg8-w23w-74h3  Low
guava             27.0-jre   32.0.0    java-archive  GHSA-7g45-4rm6-3mm3  Medium
jackson-databind  2.13.2.2             java-archive  CVE-2022-42003       High
jackson-databind  2.13.2.2             java-archive  CVE-2022-42004       High
jackson-databind  2.13.2.2             java-archive  CVE-2023-35116       Medium
jackson-databind  2.13.2.2   2.13.4    java-archive  GHSA-rgv9-q543-rqg4  High
jackson-databind  2.13.2.2   2.13.4.2  java-archive  GHSA-jjjh-jjxp-wpff  High
snakeyaml         1.26       1.31      java-archive  GHSA-3mc7-4q67-w48m  High
snakeyaml         1.26       1.31      java-archive  GHSA-98wm-3w3q-mw94  Medium
snakeyaml         1.26       1.31      java-archive  GHSA-c4r9-r8fh-9vj2  Medium
snakeyaml         1.26       1.31      java-archive  GHSA-hhhw-99gj-p3c3  Medium
snakeyaml         1.26       1.32      java-archive  GHSA-9w3m-gqgf-c4p9  Medium
snakeyaml         1.26       1.32      java-archive  GHSA-w37g-rhq8-7m4j  Medium
snakeyaml         1.26       2.0       java-archive  GHSA-mjmj-j48q-9wg2  High
stress                                 java-archive  CVE-2020-13946       Medium

The public image has following:

   ├── 0 critical, 8 high, 16 medium, 22 low, 4 negligible
   └── 18 fixed
NAME                            INSTALLED                 FIXED-IN            TYPE          VULNERABILITY        SEVERITY
coreutils                       8.30-3ubuntu2                                 deb           CVE-2016-2781        Low
curl                            7.68.0-1ubuntu2.18        7.68.0-1ubuntu2.19  deb           CVE-2023-28321       Low
curl                            7.68.0-1ubuntu2.18        7.68.0-1ubuntu2.19  deb           CVE-2023-28322       Low
fqltool                                                                       java-archive  CVE-2020-13946       Medium
github.com/opencontainers/runc  v1.1.0                    1.1.2               go-module     GHSA-f3fp-gc8g-vw66  Medium
github.com/opencontainers/runc  v1.1.0                    1.1.5               go-module     GHSA-g2j6-57v7-gm8c  Medium
github.com/opencontainers/runc  v1.1.0                    1.1.5               go-module     GHSA-m8cg-xc2p-r3fc  Low
github.com/opencontainers/runc  v1.1.0                    1.1.5               go-module     GHSA-vpvm-3wq2-2wvm  High
gpgv                            2.2.19-3ubuntu2.2                             deb           CVE-2022-3219        Low
guava                           27.0-jre                                      java-archive  CVE-2020-8908        Low
guava                           27.0-jre                                      java-archive  CVE-2023-2976        High
guava                           27.0-jre                                      java-archive  GHSA-5mg8-w23w-74h3  Low
guava                           27.0-jre                  32.0.0              java-archive  GHSA-7g45-4rm6-3mm3  Medium
jackson-databind                2.13.2.2                                      java-archive  CVE-2022-42003       High
jackson-databind                2.13.2.2                                      java-archive  CVE-2022-42004       High
jackson-databind                2.13.2.2                                      java-archive  CVE-2023-35116       Medium
jackson-databind                2.13.2.2                  2.13.4              java-archive  GHSA-rgv9-q543-rqg4  High
jackson-databind                2.13.2.2                  2.13.4.2            java-archive  GHSA-jjjh-jjxp-wpff  High
libc-bin                        2.31-0ubuntu9.9                               deb           CVE-2016-20013       Negligible
libc6                           2.31-0ubuntu9.9                               deb           CVE-2016-20013       Negligible
libcurl4                        7.68.0-1ubuntu2.18        7.68.0-1ubuntu2.19  deb           CVE-2023-28321       Low
libcurl4                        7.68.0-1ubuntu2.18        7.68.0-1ubuntu2.19  deb           CVE-2023-28322       Low
libldap-2.4-2                   2.4.49+dfsg-2ubuntu1.9                        deb           CVE-2023-2953        Low
libldap-common                  2.4.49+dfsg-2ubuntu1.9                        deb           CVE-2023-2953        Low
libpcre3                        2:8.39-12ubuntu0.1                            deb           CVE-2017-11164       Negligible
libpng16-16                     1.6.37-2                                      deb           CVE-2022-3857        Low
libpython3.8-minimal            3.8.10-0ubuntu1~20.04.8                       deb           CVE-2021-28861       Low
libpython3.8-minimal            3.8.10-0ubuntu1~20.04.8                       deb           CVE-2023-27043       Medium
libpython3.8-stdlib             3.8.10-0ubuntu1~20.04.8                       deb           CVE-2021-28861       Low
libpython3.8-stdlib             3.8.10-0ubuntu1~20.04.8                       deb           CVE-2023-27043       Medium
libsystemd0                     245.4-4ubuntu3.22                             deb           CVE-2023-26604       Low
libudev1                        245.4-4ubuntu3.22                             deb           CVE-2023-26604       Low
locales                         2.31-0ubuntu9.9                               deb           CVE-2016-20013       Negligible
login                           1:4.8.1-1ubuntu5.20.04.4                      deb           CVE-2013-4235        Low
login                           1:4.8.1-1ubuntu5.20.04.4                      deb           CVE-2023-29383       Low
passwd                          1:4.8.1-1ubuntu5.20.04.4                      deb           CVE-2013-4235        Low
passwd                          1:4.8.1-1ubuntu5.20.04.4                      deb           CVE-2023-29383       Low
python3.8                       3.8.10-0ubuntu1~20.04.8                       deb           CVE-2021-28861       Low
python3.8                       3.8.10-0ubuntu1~20.04.8                       deb           CVE-2023-27043       Medium
python3.8-minimal               3.8.10-0ubuntu1~20.04.8                       deb           CVE-2021-28861       Low
python3.8-minimal               3.8.10-0ubuntu1~20.04.8                       deb           CVE-2023-27043       Medium
snakeyaml                       1.26                      1.31                java-archive  GHSA-3mc7-4q67-w48m  High
snakeyaml                       1.26                      1.31                java-archive  GHSA-98wm-3w3q-mw94  Medium
snakeyaml                       1.26                      1.31                java-archive  GHSA-c4r9-r8fh-9vj2  Medium
snakeyaml                       1.26                      1.31                java-archive  GHSA-hhhw-99gj-p3c3  Medium
snakeyaml                       1.26                      1.32                java-archive  GHSA-9w3m-gqgf-c4p9  Medium
snakeyaml                       1.26                      1.32                java-archive  GHSA-w37g-rhq8-7m4j  Medium
snakeyaml                       1.26                      2.0                 java-archive  GHSA-mjmj-j48q-9wg2  High
stress                                                                        java-archive  CVE-2020-13946       Medium
wget                            1.20.3-1ubuntu2                               deb           CVE-2021-31879       Medium

Basic Testing - K8s cluster

  • The container image was successfully loaded into a kind cluster.
  • The container image could not be loaded into a kind cluster (please explain in the notes).

Notes: N/A?

Basic Testing - Package/Application

  • The application is accessible to the user/cluster/etc. after start-up.
  • The application is not accessible to the user/cluster/etc. after start-up. (please explain in the notes).

Notes: N/A?

Helm

  • A Helm chart has been provided and the container image can be used with the chart. If needed, please add a -compat package to close any gaps with the public helm chart.
  • A Helm chart has been provided and the container image is not working with the chart (please explain in the notes).
  • A Helm chart was not provided.

Notes:

Processor Architectures

  • The image was built and tested for x86_64.
  • The image could not be built for x86_64 (please explain in the notes).
  • The image was built and tested for aarch64.
  • The image could not be built for aarch64. (please explain in the notes).

Notes:

Functional Testing + Documentation

  • Functional tests have been included and the tests are passing. All tests have been documnted in the notes section.

Notes:

docker logs "${container_name}" | grep "Startup complete" helps us achieve that

Environment Testing + Documentation

  • There has not been a request and/or there is no indication that this image needs tested on a public cloud provider.
  • The container image has been tested successfully on a public cloud provider (AWS, GCP, Azure).
  • The container image has not been tested successfully on a public cloud provider (AWS, GCP, Azure) (please explain in the notes).

Notes:

Version

  • The package version is the latest version of the package. The latest tag points to this version.
  • The package version is the not the latest version of the package (please explain in the notes).

Notes:

Dev Tag Availability

  • There is a dev tag available that includes a shell and apk tools (by depending on 'wolfi-base')
  • There is not a dev tag available that includes a shell and apk tools (by depending on 'wolfi-base') (please explain in the notes).

Notes:

Access Control + Authentication

  • The image runs as nonroot and GID/UID are set to 65532 or upstream default
  • Alternatively the username and GID/UID may be a commonly used one from the ecosystem e.g: postgres
  • The image requires a non-standard username or non-standard GID/UID (please explain in the notes).

Notes: I guess it requires

accounts:
  groups:
    - groupname: cassandra
      gid: 999
  users:
    - username: cassandra
      uid: 999

ENTRYPOINT

  • applications/servers/utilities set to call main program with no arguments e.g. [redis-server]
  • applications/servers/utilities not set to call main program with no arguments e.g. [redis-server] (please explain in the notes)
  • base images leave empty.
  • base image and not empty (please explain in the notes).
  • dev variants is set to entrypoint script that falls back to system.
  • dev variants is not set to entrypoint script that falls back to system (please explain in the notes).

CMD

  • For server applications give arguments to start in daemon mode (may be empty)
  • For utilities/tooling bring up help e.g. –help
  • For base images with a shell, call it e.g. [/bin/sh]

Environment Variables

  • Environment variables added.
  • Environment variables not added and not required.

SIGTERM

  • The image responds to SIGTERM (e.g., docker kill $(docker run -d --rm cgr.dev/chainguard/nginx))

Logs

  • Error logs write to stderr and normal logs to stdout. Logs DO NOT write to file.

Documentation - README

  • A README file has been provided and it follows the README template.

@mritunjaysharma394
attempt to add cassandra
24183f6 
Signed-off-by: Mritunjay <[email protected]>
@mritunjaysharma394 mritunjaysharma394 changed the title attempt to add cassandra WIP: adds cassandra Jul 31, 2023
@mritunjaysharma394
cassandra fixes
ec56cca 
Signed-off-by: Mritunjay <[email protected]>
@mritunjaysharma394
testing with new chanegs
aa61957 
Signed-off-by: Mritunjay <[email protected]>
@mritunjaysharma394
using cassandra -f
64f81b5 
Signed-off-by: Mritunjay <[email protected]>
@mritunjaysharma394
adding workdir
90c5c86 
Signed-off-by: Mritunjay <[email protected]>
@mritunjaysharma394
fixes in tests
497e0e4 
Signed-off-by: Mritunjay <[email protected]>
@mritunjaysharma394 mritunjaysharma394 marked this pull request as ready for review August 1, 2023 18:27
@mritunjaysharma394 mritunjaysharma394 requested a review from a team as a code owner August 1, 2023 18:27
@mritunjaysharma394 mritunjaysharma394 changed the title WIP: adds cassandra Image: adds cassandra Aug 1, 2023
rawlingsj
rawlingsj reviewed Aug 1, 2023
View reviewed changes
images/cassandra/configs/latest.apko.yaml Outdated Show resolved Hide resolved
images/cassandra/tests/main.tf Outdated Show resolved Hide resolved
@mritunjaysharma394
removes bash
b9563f7 
Signed-off-by: Mritunjay <[email protected]>
@mritunjaysharma394
adds k8s manifest and tests
02ec01c 
Signed-off-by: Mritunjay <[email protected]>
@mritunjaysharma394
terraform fmts
003b4da 
Signed-off-by: Mritunjay <[email protected]>
@mritunjaysharma394
fixes template file
2d64084 
Signed-off-by: Mritunjay <[email protected]>
@mritunjaysharma394
uses kubectl manifest
d640a1c 
Signed-off-by: Mritunjay <[email protected]>
joshrwolf
joshrwolf reviewed Aug 11, 2023
View reviewed changes
main.tf Outdated Show resolved Hide resolved
@mritunjaysharma394
minor refactors
9d45ebb 
Signed-off-by: Mritunjay <[email protected]>
joshrwolf
joshrwolf approved these changes Aug 11, 2023
View reviewed changes
Copy link
Contributor

@joshrwolf joshrwolf left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for sticking with all the nits and changes, great work!

@joshrwolf joshrwolf merged commit 4128e35 into chainguard-images:main Aug 11, 2023
developer-guy pushed a commit to Dentrax/images that referenced this pull request Feb 12, 2024
@chainguardian @wolfi-bot
eks-distro-kubernetes-csi-node-driver-registrar-1.25/1.25.28 package …
cbed270 
…update (chainguard-images#1164)

Signed-off-by: wolfi-bot <[email protected]>
Co-authored-by: wolfi-bot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonjohnsonjr jonjohnsonjr jonjohnsonjr left review comments

@strongjz strongjz strongjz left review comments

@rawlingsj rawlingsj rawlingsj left review comments

@joshrwolf joshrwolf joshrwolf approved these changes

@ajayk ajayk Awaiting requested review from ajayk ajayk was automatically assigned from chainguard-images/images-repository-maintainers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mritunjaysharma394 @rawlingsj @strongjz @jonjohnsonjr @joshrwolf