* Bump to golang-with-libgit2:1.1.1.6 to speed up build time when cross compiling. Previous version was compiling in emulation mode instead, which added +10x overhead.
* Ensure that make test is executed against the exact same libraries that will be shipped on the built image.
* Simplify Makefile to reduce its complexity.
* Libgit2 behaviour:
linux-amd64 download static libraries from the official container image.
linux-arm64 on top of the above, requires static musl tool chain (automatically downloaded).
darwin-amd64 and darwin-arm64 download universal static libraries for darwin from https://github.com/fluxcd/golang-with-libgit2 releases.
Co-authored-by: Paulo Gomes <paulo.gomes@weave.works>
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
Updating kyaml to match the version we use in other components. This
version's most significant change for us would be that kyaml will no
longer override indentations in the targeted files.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
ImageUpdateAutomation objects can now refer to GitRepository objects in other
namespaces. Implemented by switching sourceRef from a SourceReference to a
dependency.CrossNamespaceDependencyReference.
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
Sets a default value of -1 for the observedGeneration field of the
ImageUpdateAutomations type status.observedGeneration attribute.
This ensures that tools like kstatus do not consider the resource to be
in a Ready state prematurely because the generation and
observedGeneration attributes are briefly initialized with 0 values.
Signed-off-by: Sebastian Bernheim <sebastian@weave.works>
Further restricts the SecurityContext that the controller runs under, by enabling the default seccomp profile and dropping all linux capabilities.
This was set at container-level to ensure backwards compatibility with use cases in which sidecars are injected into the source-controller pod
without setting less restrictive settings.
Add a uid and gid for the container to enforce runAsNonRoot and ensure
the use of non root users.
BREAKING CHANGES:
1) The use of new seccomp API requires Kubernetes 1.19.
2) the controller container is now executed under 65534:65534 (userid:groupid).
This change may break deployments that hard-coded the user name 'controller' in their PodSecurityPolicy.
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
Co-authored-by: Paulo Gomes <paulo.gomes@weave.works>
Refactor logic to install helper tools into one function in the
Makefile. Add support for envtest to help install tools like kubectl,
etcd which helps users run tests more conveniently.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
os.RemoveAll can return an error; even if we're exiting the procedure
at the time, it's worth knowing when it's failing, because typically
the working directory is a memory-backed volume and you can run out
quite easily.
Signed-off-by: Michael Bridgen <michael@weave.works>
macOS support is broken for users who rely on the Makefile to install
libgit2 for them. libgit2.1.1.dylib could not be dynamically linked at runtime
because it couldn't be found. This patch makes the following changes to
the Makefile:
1) Respects the user's PKG_CONFIG_PATH present in the env so that both
libgit2.pc and openssl.pc are discoverable.
2) Embeds the required rpath in the binary at compile time, so that
libgit2.1.1.dylib can be found at runtime. For more info see:
https://github.com/fluxcd/source-controller/pull/515#discussion_r764245029
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Sanskar Jaiswal
Stefan Prodan
Michael Bridgen
Hidde Beydals
Paulo Gomes
Somtochi Onyekwere
Aurel Canciu
Yiannis
Sebastian Bernheim
Sunny
Aurélien GARNIER
Sanskar Jaiswal
Luke Mallon (Nalum)
Jonathan Innis
Kingdon Barrett