From 47e1fda7456839c406b1fe5423dfc5e579006030 Mon Sep 17 00:00:00 2001 From: renovate Date: Sat, 20 Mar 2021 01:08:57 +0000 Subject: [PATCH 1/2] Update dependency kubernetes/kubernetes to v1.18.17 --- hardening_manifest.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index e52cfc1..8169827 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "opensource/kubernetes-1.18/kube-proxy-1.18" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "v1.18.16" +- "v1.18.17" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://kubernetes.io/" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "opensource" - org.opencontainers.image.version: "v1.18.16" + org.opencontainers.image.version: "v1.18.17" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "kubernetes" ## This value can be "opensource" or "commercial" @@ -37,11 +37,11 @@ labels: # List of resources to make available to the offline build context resources: -- url: https://github.com/kubernetes/kubernetes/archive/v1.18.16.tar.gz +- url: https://github.com/kubernetes/kubernetes/archive/v1.18.17.tar.gz filename: kubernetes.tar.gz validation: type: sha256 - value: 8c5b0376e330322715ede38b5d8b319cb0115669381431dfdfe4015693bccfd8 + value: 1dd9828185933c7dc89fd917bae7df6dd536d678e4c02a1349d88c9c97e15e89 - filename: texinfo.tar.gz url: "https://ftp.gnu.org/gnu/texinfo/texinfo-6.7.tar.gz" validation: -- GitLab From bb56b73d5c26f2366d884feddd27978e590ebf61 Mon Sep 17 00:00:00 2001 From: shen_vickie Date: Wed, 7 Apr 2021 16:01:18 -0400 Subject: [PATCH 2/2] added iptables-legacy settings --- Dockerfile | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4fea996..075e777 100644 --- a/Dockerfile +++ b/Dockerfile @@ -83,7 +83,24 @@ COPY --from=builder /usr/local/sbin/conntrack /usr/local/sbin/conntrack ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin RUN dnf upgrade -y && \ - dnf install -y iptables ipset kmod && \ + dnf install -y ipset iputils net-tools kmod procps iproute kmod iptables && \ + dnf install -y which findutils && \ + ln -fs /usr/sbin/xtables-legacy-multi /usr/sbin/iptables-restore && \ + ln -fs /usr/sbin/xtables-legacy-multi /usr/sbin/iptables-save && \ + ln -fs /usr/sbin/xtables-legacy-multi /usr/sbin/iptables-legacy && \ + ln -fs /usr/sbin/xtables-legacy-multi /usr/sbin/iptables-legacy-restore && \ + ln -fs /usr/sbin/xtables-legacy-multi /usr/sbin/iptables-legacy-save && \ + ln -fs /usr/sbin/xtables-legacy-multi /usr/sbin/ip6tables-legacy && \ + ln -fs /usr/sbin/xtables-legacy-multi /usr/sbin/ip6tables-legacy-restore && \ + ln -fs /usr/sbin/xtables-legacy-multi /usr/sbin/ip6tables-legacy-save && \ + ln -fs /usr/sbin/xtables-nft-multi /usr/sbin/iptables-nft && \ + ln -fs /usr/sbin/xtables-nft-multi /usr/sbin/iptables-nft-restore && \ + ln -fs /usr/sbin/xtables-nft-multi /usr/sbin/iptables-nft-save && \ + ln -fs /usr/sbin/xtables-nft-multi /usr/sbin/ip6tables-nft && \ + ln -fs /usr/sbin/xtables-nft-multi /usr/sbin/ip6tables-nft-restore && \ + ln -fs /usr/sbin/xtables-nft-multi /usr/sbin/ip6tables-nft-save && \ + alternatives --install /usr/sbin/iptables iptables /usr/sbin/iptables-legacy 1 && \ + alternatives --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tables-legacy 1 && \ dnf clean all && \ rm -rf /var/cache/dnf -- GitLab