Critical Description
We recently fixed up the handling of Go versions when invoking the build step ("make dist") for the K8S family products - see K8S-2729. However, this only corrects the build step. There's a separate step to create the Docker images from the artifacts in the "image" file which is created by the build step, as documented here: https://hub.internal.couchbase.com/confluence/display/CR/Grand+Unified+Build+and+Release+Process+for+Operator
This step expects the "image" file to be completely self-contained, which means that no --build-arg arguments are passed to the "docker build" command. So any ARGs will be built with their default values.
The operator-certification Dockerfiles have an ARG GO_VERSION, and the base image is determined by that ARG. That GO_VERSION is not currently related to the Go version from the manifest which is used to build the binaries, which could lead to strange runtime behaviour. Also, right now GO_VERSION is 1.17.6, which is an EOL version - the corresponding base Docker images may not even be receiving security updates, which could lead to shipping images with known security vulnerabilities.
Attachments
Issue Links
- mentioned in
-
Page Loading...
| For Gerrit Dashboard: K8S-2814 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 179816,2 | K8S-2814: Pass GO_VERSION to 'docker build' step also | master | build-tools | Status: MERGED | +2 | +1 |
