This avoids skipping the directories when generating the archive
tarball.
This makes it easier to scan directory trees.
Signed-off-by: Kevin McDermott <kevin@weave.works>
Ensure that directories are included.
This avoids skipping the directories when generating the archive
tarball.
This makes it easier to scan directory trees.
Signed-off-by: Kevin McDermott <kevin@weave.works>
BREAKING CHANGE: the controller container is now executed under 65534:65534 (userid:groupid). This change may break deployments that hard-coded the user name 'controller' in their PodSecurityPolicy.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Further restricts the SecurityContext that the controller runs under, by enabling the default seccomp profile and dropping all linux capabilities.
This was set at container-level to ensure backwards compatibility with
use cases in which sidecars are injected into the source-controller pod
without setting less restrictive settings.
BREAKING CHANGE: The use of new seccomp API requires Kubernetes 1.19.
Co-authored-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This configures ProxyOptions for all libgit2 Checkout functions when
cloning and configures the options based on current environment
settings using the git2go.ProxyTypeAuto option.
Refs: #131
Signed-off-by: Robert Clarke <rob@robertandrewclarke.com>
Co-authored-by: Aurélien GARNIER <aurelien.garnier@atos.net>
Refactor logic to install helper tools into one function in the
Makefile. Add support for envtest to help install tools like kubectl,
etcd which helps users run tests more conveniently.
Signed-off-by: Sanskar Jaiswal <sanskar.jaiswal@weave.works>
make verify is failing 'go mod tidy: go.mod file indicates go 1.16, but maximum supported version is 1.15' which indicates that the default go version on the runner is 1.15.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Leverage libraries installed in base-debian11 (glibc, libssl and openssl)
therefore refrain from linking libc/libdl and ignore unresolved symbols
at build time.
Libssl had to be kept as the behaviour without it is not consistent across
all supported architectures.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
The statically linked binary has lingering dependencing to glibc, which
leads to errors at runtime when using distroless/static. One key culprit is libnss,
which is not available in static form through package managers.
In order to support distroless/static, glibc would have to be recompiled using
the --enable-static-nss flag, and the resulting libnss_{dns,files}.a would need
to be linked during the build process.
Due to the unnecessary complexity mentioned above, distroless/base is being used
instead.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Adds an initial ATTRIBUTIONS.md file containing the open source
components that source-controller depends on, and their copyright
information.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
Paulo Gomes
Stefan Prodan
Hidde Beydals
Yiannis
Maksym Voitko
Sunny
Soule BA
Kevin McDermott
Robert Clarke
Sanskar Jaiswal