kubernetes-sigs/kustomize
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kustomize.git synced 2026-06-11 09:02:53 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

Pin kustomize image in cockroachdb example

Browse Source 
- Pin to v5.4.1 with sha256 as example of how to ensure supply-chain
  security. Pulling the latest kustomize image or source is insecure
  without checksum validation.
- Bump example image tag to v0.1.1
This commit is contained in:
Karl Isenberg
2024-05-06 11:02:20 -07:00
parent e244b83844
commit 6a829feef8
2 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
functions/examples/template-heredoc-cockroachdb/image/Dockerfile
View File

@@ -1,12 +1,10 @@
# Copyright 2019 The Kubernetes Authors.
# SPDX-License-Identifier: Apache-2.0
FROM golang:1.21-bullseye
ENV CGO_ENABLED=0
RUN go get -v sigs.k8s.io/kustomize/kustomize
ARG KUSTOMIZE_IMAGE_TAG
ARG KUSTOMIZE_IMAGE_SHA
FROM alpine:latest
FROM registry.k8s.io/kustomize/kustomize:${KUSTOMIZE_IMAGE_TAG}@${KUSTOMIZE_IMAGE_SHA}
RUN apk add --no-cache bash
COPY --from=0 /go/bin/kustomize /usr/local/bin
COPY cockroachdb-template.sh /usr/local/bin/config-function
CMD ["config-function"]