use numeric user to avoid security errors, bump to 0.1.1 in preparati…

…on for operator hub sumbission Signed-off-by: Gabriel Bernal <gbernal@redhat.com>
perses · Feb 19, 2025 · 8f14e5b · 8f14e5b
1 parent 40a8651
commit 8f14e5b
Show file tree

Hide file tree

Showing 31 changed files with 1,268 additions and 63 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -5,11 +5,11 @@ FROM gcr.io/distroless/static-debian12
 
 LABEL maintainer="The Perses Authors <perses-team@googlegroups.com>"
 
-USER nobody
+USER 65532:65532
 
-COPY --chown=nobody:nobody bin/manager                   /bin/manager
-COPY --chown=nobody:nobody LICENSE                       /LICENSE
-COPY --from=build-env --chown=nobody:nobody              /etc/mime.types /etc/mime.types
+COPY --chown=65532:65532 bin/manager                   /bin/manager
+COPY --chown=65532:65532 LICENSE                       /LICENSE
+COPY --from=build-env --chown=65532:65532              /etc/mime.types /etc/mime.types
 
 EXPOSE     8080
 ENTRYPOINT [ "/bin/manager" ]
diff --git a/Dockerfile.dev b/Dockerfile.dev
@@ -11,11 +11,11 @@ FROM gcr.io/distroless/static-debian12
 
 LABEL maintainer="The Perses Authors <perses-team@googlegroups.com>"
 
-USER nobody
+USER 65532:65532
 
-COPY --from=build-env --chown=nobody:nobody /app/bin/manager  /bin/manager
-COPY --chown=nobody:nobody LICENSE                            /LICENSE
-COPY --from=build-env --chown=nobody:nobody                   /etc/mime.types /etc/mime.types
+COPY --from=build-env --chown=65532:65532 /app/bin/manager  /bin/manager
+COPY --chown=65532:65532 LICENSE                            /LICENSE
+COPY --from=build-env --chown=65532:65532                   /etc/mime.types /etc/mime.types
 
 EXPOSE     8080
 ENTRYPOINT [ "/bin/manager" ]
diff --git a/Makefile b/Makefile
@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 0.1.0
+VERSION ?= 0.1.1
 
 # DATE defines the building date. It is used mainly for goreleaser when generating the GitHub release.
 DATE := $(shell date +%Y-%m-%d)

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -5,4 +5,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: docker.io/persesdev/perses-operator
-  newTag: v0.1.0
+  newTag: v0.1.1
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -8,7 +8,6 @@ metadata:
     app.kubernetes.io/component: manager
     app.kubernetes.io/created-by: perses-operator
     app.kubernetes.io/part-of: perses-operator
-    app.kubernetes.io/managed-by: kustomize
   name: system
 ---
 apiVersion: apps/v1
@@ -23,7 +22,6 @@ metadata:
     app.kubernetes.io/component: manager
     app.kubernetes.io/created-by: perses-operator
     app.kubernetes.io/part-of: perses-operator
-    app.kubernetes.io/managed-by: kustomize
 spec:
   selector:
     matchLabels:
@@ -36,26 +34,20 @@ spec:
       labels:
         control-plane: controller-manager
     spec:
-      # TODO(user): Uncomment the following code to configure the nodeAffinity expression
-      # according to the platforms which are supported by your solution.
-      # It is considered best practice to support multiple architectures. You can
-      # build your manager image using the makefile target docker-buildx.
-      # affinity:
-      #   nodeAffinity:
-      #     requiredDuringSchedulingIgnoredDuringExecution:
-      #       nodeSelectorTerms:
-      #         - matchExpressions:
-      #           - key: kubernetes.io/arch
-      #             operator: In
-      #             values:
-      #               - amd64
-      #               - arm64
-      #               - ppc64le
-      #               - s390x
-      #           - key: kubernetes.io/os
-      #             operator: In
-      #             values:
-      #               - linux
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                - key: kubernetes.io/arch
+                  operator: In
+                  values:
+                    - amd64
+                    - arm64
+                - key: kubernetes.io/os
+                  operator: In
+                  values:
+                    - linux
       containers:
       - args:
         - --leader-elect
@@ -79,8 +71,6 @@ spec:
             port: 8081
           initialDelaySeconds: 5
           periodSeconds: 10
-        # TODO(user): Configure the resources accordingly based on the project requirements.
-        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
         resources:
           limits:
             cpu: 500m