-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Addon: add inspektor-gadget #15869
Addon: add inspektor-gadget #15869
Conversation
Hi @yolossn. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Can one of the admins verify this patch? |
b1c1af5
to
d04a4aa
Compare
The CLA needs to be signed, also, scanning the image there are four high CVEs in the image. CVE-2022-27664 CVE-2022-3515 CVE-2023-0286 |
Hi.
Sorry for this, I will address those issues as much as possible! Best regards. |
For sure, just ping me when you have an update, thanks |
Hi @spowelljr. Thank you for your patience, we normally addressed all the CVEs and set up scans so we should no more ship CVE in our tool! Best regards and thank you in advance. |
Scan output:
|
Oh sorry 😅, indeed the |
Yes, feel free to push a newer version, just ensure to use a version tag and sha256 like the PR is already using. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for working on this!
We just released v0.13.1
which normally addresses the CVE issues found there.
Can you please modify the files to point to this release?
6c31692
to
383bd61
Compare
383bd61
to
897e448
Compare
@spowelljr can you please take another look? The image is updated to fix the CVE issues. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to automatically install the latest version?
Or we would need to update this each time we do a new release?
95db24a
to
e7fbbbf
Compare
AFAIK we cannot use the latest tag and we have to update after every new release. There is scope for automating this using Github Actions. |
Thank you for confirming! |
For Headlamp we have github actions in place to automatically create a PR for changing the latest image version and SHA. |
Hi! I normally addressed everything regarding having both Best regards and thank you in advance! |
Image is secure! |
Perfect! Thank you :D :D :D |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should do the trick :D:
ba28632
to
9b87ee5
Compare
@yolossn @eiffel-fl Promise I'm not trying to be a pain, but the
|
No problem at all, to be honest, I was sort of expecting this kind of stuff. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, these packages were added in inspektor-gadget/inspektor-gadget#1563 and we already removed them in inspektor-gadget/inspektor-gadget#1596 which was sadly not packaged in the release.
Bumping the image to sha256:3acd2756a8dde2a994b57a0982b84b86eb404a1dbd6169b9b95135dc078877cc
should do the trick.
Can confirm that image has no CVEs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We just release v0.16.1
as bugfix release to avoid shipping the faulted packages.
We should normally be almost ready for the merge!
For the above suggestions, just remember to include the |
Signed-off-by: yolossn <sannagaraj@microsoft.com>
6980851
to
9f7d997
Compare
9f7d997
to
f7c0a00
Compare
/ok-to-test |
f7c0a00
to
c6878c4
Compare
/retest |
kvm2 driver with docker runtime
Times for minikube ingress: 27.2s 27.2s 28.6s 26.6s 27.6s Times for minikube start: 52.7s 52.6s 51.3s 54.8s 52.2s docker driver with docker runtime
Times for minikube start: 24.7s 25.5s 22.1s 22.8s 26.1s Times for minikube ingress: 24.4s 21.4s 21.4s 20.9s 22.4s docker driver with containerd runtime
Times for minikube start: 21.4s 21.2s 20.9s 21.2s 23.4s Times for minikube ingress: 31.4s 31.4s 31.4s 31.4s 31.3s |
These are the flake rates of all failed tests.
Too many tests failed - See test logs for more details. To see the flake rates of all tests by environment, click here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addon looks good, thank you for your patience!
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: spowelljr, yolossn The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Thank you @spowelljr for being patient and helping us identify CVEs in this process, much appreciated. |
I joined @yolossn to also thank you @spowelljr as the process was pretty long with a lof ot back and forth! Also, thank you @yolossn for your patience addressing all my comments (and sorry for forgetting the comma 😅) 🔥 🔥 🔥 ! |
No description provided.