-
Notifications
You must be signed in to change notification settings - Fork 190
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security hardening of service controllers (#257)
Issue #, if available: aws-controllers-k8s/community#1112 Description of changes: * Update base image to `public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2021-12-01-1638322424` and golang image to `1.17.5` for building controller images * Updated the `deployment.yaml` files to runAsUser 1000. This userId was selected as random. * Updated ACK runtime to `v0.16.0` ---------------- * validated that controller runs correctly when executed as non root user * tested locally by running ecr-controller e2e tests * validated that there were no security vulnerabilities in generated image By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
- Loading branch information
Showing
10 changed files
with
505 additions
and
105 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,21 +1,90 @@ | ||
| module github.com/aws-controllers-k8s/code-generator | ||
|
|
||
| go 1.14 | ||
| go 1.17 | ||
|
|
||
| require ( | ||
| github.com/aws-controllers-k8s/runtime v0.15.2 | ||
| github.com/aws-controllers-k8s/runtime v0.16.0 | ||
| github.com/aws/aws-sdk-go v1.37.10 | ||
| github.com/dlclark/regexp2 v1.4.0 | ||
| // pin to v0.1.1 due to release problem with v0.1.2 | ||
| github.com/gertd/go-pluralize v0.1.1 | ||
| github.com/ghodss/yaml v1.0.0 | ||
| github.com/go-logr/logr v0.3.0 | ||
| github.com/go-logr/logr v1.2.0 | ||
| github.com/iancoleman/strcase v0.1.3 | ||
| github.com/operator-framework/api v0.6.0 | ||
| github.com/pkg/errors v0.9.1 | ||
| github.com/spf13/cobra v1.1.1 | ||
| github.com/spf13/cobra v1.2.1 | ||
| github.com/stretchr/testify v1.7.0 | ||
| golang.org/x/mod v0.4.1 | ||
| golang.org/x/mod v0.4.2 | ||
| gopkg.in/src-d/go-git.v4 v4.13.1 | ||
| k8s.io/apimachinery v0.20.1 | ||
| k8s.io/apimachinery v0.23.0 | ||
| sigs.k8s.io/controller-runtime v0.11.0 | ||
| ) | ||
|
|
||
| require ( | ||
| github.com/beorn7/perks v1.0.1 // indirect | ||
| github.com/blang/semver/v4 v4.0.0 // indirect | ||
| github.com/cespare/xxhash/v2 v2.1.1 // indirect | ||
| github.com/davecgh/go-spew v1.1.1 // indirect | ||
| github.com/emirpasic/gods v1.12.0 // indirect | ||
| github.com/evanphx/json-patch v4.12.0+incompatible // indirect | ||
| github.com/fsnotify/fsnotify v1.5.1 // indirect | ||
| github.com/go-logr/zapr v1.2.0 // indirect | ||
| github.com/gogo/protobuf v1.3.2 // indirect | ||
| github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect | ||
| github.com/golang/protobuf v1.5.2 // indirect | ||
| github.com/google/go-cmp v0.5.5 // indirect | ||
| github.com/google/gofuzz v1.1.0 // indirect | ||
| github.com/google/uuid v1.1.2 // indirect | ||
| github.com/googleapis/gnostic v0.5.5 // indirect | ||
| github.com/imdario/mergo v0.3.12 // indirect | ||
| github.com/inconshreveable/mousetrap v1.0.0 // indirect | ||
| github.com/jaypipes/envutil v1.0.0 // indirect | ||
| github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect | ||
| github.com/jmespath/go-jmespath v0.4.0 // indirect | ||
| github.com/json-iterator/go v1.1.12 // indirect | ||
| github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd // indirect | ||
| github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect | ||
| github.com/mitchellh/go-homedir v1.1.0 // indirect | ||
| github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect | ||
| github.com/modern-go/reflect2 v1.0.2 // indirect | ||
| github.com/pmezard/go-difflib v1.0.0 // indirect | ||
| github.com/prometheus/client_golang v1.11.0 // indirect | ||
| github.com/prometheus/client_model v0.2.0 // indirect | ||
| github.com/prometheus/common v0.28.0 // indirect | ||
| github.com/prometheus/procfs v0.6.0 // indirect | ||
| github.com/sergi/go-diff v1.0.0 // indirect | ||
| github.com/sirupsen/logrus v1.8.1 // indirect | ||
| github.com/spf13/pflag v1.0.5 // indirect | ||
| github.com/src-d/gcfg v1.4.0 // indirect | ||
| github.com/xanzy/ssh-agent v0.2.1 // indirect | ||
| go.uber.org/atomic v1.7.0 // indirect | ||
| go.uber.org/multierr v1.6.0 // indirect | ||
| go.uber.org/zap v1.19.1 // indirect | ||
| golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect | ||
| golang.org/x/net v0.0.0-20210825183410-e898025ed96a // indirect | ||
| golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect | ||
| golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8 // indirect | ||
| golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect | ||
| golang.org/x/text v0.3.7 // indirect | ||
| golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect | ||
| golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect | ||
| gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect | ||
| google.golang.org/appengine v1.6.7 // indirect | ||
| google.golang.org/protobuf v1.27.1 // indirect | ||
| gopkg.in/inf.v0 v0.9.1 // indirect | ||
| gopkg.in/src-d/go-billy.v4 v4.3.2 // indirect | ||
| gopkg.in/warnings.v0 v0.1.2 // indirect | ||
| gopkg.in/yaml.v2 v2.4.0 // indirect | ||
| gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect | ||
| k8s.io/api v0.23.0 // indirect | ||
| k8s.io/apiextensions-apiserver v0.23.0 // indirect | ||
| k8s.io/client-go v0.23.0 // indirect | ||
| k8s.io/component-base v0.23.0 // indirect | ||
| k8s.io/klog/v2 v2.30.0 // indirect | ||
| k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect | ||
| k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b // indirect | ||
| sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect | ||
| sigs.k8s.io/structured-merge-diff/v4 v4.2.0 // indirect | ||
| sigs.k8s.io/yaml v1.3.0 // indirect | ||
| ) |
Oops, something went wrong.