From 12fe4dee2b0d7ee76734e788620eda17dd72b3e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Thu, 27 May 2021 18:18:16 +0200 Subject: [PATCH] Update setcap to buster-v2.0.1 and add setcap to dependencies.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Mudrinić --- build/common.sh | 3 ++- build/dependencies.yaml | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/build/common.sh b/build/common.sh index d1fb1815b65..9829a5ccaac 100755 --- a/build/common.sh +++ b/build/common.sh @@ -88,6 +88,7 @@ readonly KUBE_CONTAINER_RSYNC_PORT=8730 # These are the default versions (image tags) for their respective base images. readonly __default_debian_iptables_version=buster-v1.6.1 readonly __default_go_runner_version=v2.3.1-go1.16.4-buster.0 +readonly __default_setcap_version=buster-v2.0.1 # These are the base images for the Docker-wrapped binaries. readonly KUBE_GORUNNER_IMAGE="${KUBE_GORUNNER_IMAGE:-$KUBE_BASE_IMAGE_REGISTRY/go-runner:$__default_go_runner_version}" @@ -97,7 +98,7 @@ readonly KUBE_SCHEDULER_BASE_IMAGE="${KUBE_SCHEDULER_BASE_IMAGE:-$KUBE_GORUNNER_ readonly KUBE_PROXY_BASE_IMAGE="${KUBE_PROXY_BASE_IMAGE:-$KUBE_BASE_IMAGE_REGISTRY/debian-iptables:$__default_debian_iptables_version}" # This is the image used in a multi-stage build to apply capabilities to Docker-wrapped binaries. -readonly KUBE_BUILD_SETCAP_IMAGE="${KUBE_BUILD_SETCAP_IMAGE:-$KUBE_BASE_IMAGE_REGISTRY/setcap:buster-v1.4.0}" +readonly KUBE_BUILD_SETCAP_IMAGE="${KUBE_BUILD_SETCAP_IMAGE:-$KUBE_BASE_IMAGE_REGISTRY/setcap:$__default_setcap_version}" # Get the set of master binaries that run in Docker (on Linux) # Entry format is ",". diff --git a/build/dependencies.yaml b/build/dependencies.yaml index 9301cdbd38b..6f31d50bab8 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -215,6 +215,12 @@ dependencies: - path: test/utils/image/manifest.go match: configs\[Pause\] = Config{list\.GcRegistry, "pause", "\d+\.\d+(.\d+)?"} + - name: "k8s.gcr.io/setcap: dependents" + version: buster-v2.0.1 + refPaths: + - path: build/common.sh + match: __default_setcap_version= + # metadata-concealment: bump this one first - name: "metadata-concealment" version: "1.6"