Merge branch 'development' into 'master'

Development to master

See merge request !14

Dockerfile

-ARG BASE_REGISTRY=registry1.dsop.io/ironbank
+ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
-ARG BASE_TAG=8.2
+ARG BASE_TAG=8.3
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS builder
 
@@ -10,7 +10,7 @@ COPY kubernetes.tar.gz /
 COPY go1.15.2.linux-amd64.tar.gz /
 RUN tar -C /usr/local -xzf go1.15.2.linux-amd64.tar.gz
 ENV PATH="$PATH:/usr/local/go/bin"
- 
+
 RUN dnf upgrade -y && \
     dnf update -y && \
     dnf install -y make diffutils rsync && \
@@ -24,22 +24,16 @@ RUN dnf upgrade -y && \
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
-LABEL org.opencontainers.image.title="kubeadm" \
-      org.opencontainers.image.description="kubeadm allows you to bootstrap a minimum viable Kubernetes cluster." \
-      org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.url="https://kubernetes.io/" \
-      org.opencontainers.image.version="v1.19.4" \
-      maintainer="cht@dsop.io"
 
 COPY --from=builder /src/k8s.io/kubernetes/_output/bin/kubeadm /opt/bin/
-COPY cni-plugins-linux-amd64-v0.8.7.tgz crictl-v1.19.0-linux-amd64.tar.gz /
+COPY cni-plugins-linux-amd64-v0.9.0.tgz crictl-v1.19.0-linux-amd64.tar.gz /
 RUN dnf upgrade -y && \
     dnf clean all && \
     rm -rf /var/cache/dnf && \
     chmod +x /opt/bin/kubeadm && \
     mkdir -p /opt/cni/bin && \
-    tar xzf cni-plugins-linux-amd64-v0.8.7.tgz -C /opt/cni/bin && \
-    rm -f cni-plugins-linux-amd64-v0.8.7.tgz && \
+    tar xzf cni-plugins-linux-amd64-v0.9.0.tgz -C /opt/cni/bin && \
+    rm -f cni-cni-plugins-linux-amd64-v0.9.0.tgz && \
     mkdir -p /opt/bin && \
     tar xzf crictl-v1.19.0-linux-amd64.tar.gz -C /opt/bin && \
     rm -rf crictl-v1.19.0-linux-amd64.tar.gz

Jenkinsfile

-@Library('DCCSCR@master') _
-dccscrPipeline( version: "v1.19.4")
\ No newline at end of file

download.yaml

----
-resources:
-  - url: https://github.com/kubernetes/kubernetes/archive/v1.19.4.tar.gz
-    filename: kubernetes.tar.gz
-    validation:
-      type: sha256
-      value: 2e2116141c436fdddb40e62eadce14e81337e4d059c1e33aac5733e614d1ad47
-  - url: https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.19.0/crictl-v1.19.0-linux-amd64.tar.gz
-    filename: crictl-v1.19.0-linux-amd64.tar.gz
-    validation:
-      type: sha256
-      value: 87d8ef70b61f2fe3d8b4a48f6f712fd798c6e293ed3723c1e4bbb5052098f0ae
-  - url: https://github.com/containernetworking/plugins/releases/download/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz
-    filename: cni-plugins-linux-amd64-v0.8.7.tgz
-    validation:
-      type: sha256
-      value: 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8
-  - url: https://golang.org/dl/go1.15.2.linux-amd64.tar.gz
-    filename: go1.15.2.linux-amd64.tar.gz
-    validation:
-      type: sha256
-      value: b49fda1ca29a1946d6bb2a5a6982cf07ccd2aba849289508ee0f9918f6bb4552

hardening_manifest.yaml

+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "opensource/kubernetes-1.19/kubeadm-1.19"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "v1.19.7"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_TAG: "8.3"
+
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "kubeadm-1.19"
+  ## Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "kubeadm allows you to bootstrap a minimum viable Kubernetes cluster."
+  ## License(s) under which contained software is distributed
+  org.opencontainers.image.licenses: "Apache-2.0"
+  ## URL to find more information on the image
+  org.opencontainers.image.url: "https://kubernetes.io/"
+  ## Name of the distributing entity, organization or individual
+  org.opencontainers.image.vendor: "opensource"
+  org.opencontainers.image.version: "v1.19.7"
+  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "kubernetes"
+  ## This value can be "opensource" or "commercial"
+  mil.dso.ironbank.image.type: "opensource"
+  ## Product the image belongs to for grouping multiple images
+  mil.dso.ironbank.product.name: "kubernetes"
+
+# List of resources to make available to the offline build context
+resources:
+- url: https://github.com/kubernetes/kubernetes/archive/v1.19.7.tar.gz
+  filename: kubernetes.tar.gz
+  validation:
+    type: sha256
+    value: f5cc6c88766a7759e049b1097492681268ed9ab36f139044ae5a180c42794c87
+- filename: crictl-v1.19.0-linux-amd64.tar.gz
+  url: https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.19.0/crictl-v1.19.0-linux-amd64.tar.gz
+  validation:
+    type: sha256
+    value: 87d8ef70b61f2fe3d8b4a48f6f712fd798c6e293ed3723c1e4bbb5052098f0ae
+- url: https://github.com/containernetworking/plugins/releases/download/v0.9.0/cni-plugins-linux-amd64-v0.9.0.tgz
+  filename: cni-plugins-linux-amd64-v0.9.0.tgz
+  validation:
+    type: sha256
+    value: 58a58d389895ba9f9bbd3ef330f186c0bb7484136d0bfb9b50152eed55d9ec24
+- filename: go1.15.2.linux-amd64.tar.gz
+  url: https://golang.org/dl/go1.15.2.linux-amd64.tar.gz
+  validation:
+    type: sha256
+    value: b49fda1ca29a1946d6bb2a5a6982cf07ccd2aba849289508ee0f9918f6bb4552
+
+# List of project maintainers
+# FIXME: Fill in the following details for the current container owner in the whitelist
+# FIXME: Include any other vendor information if applicable
+maintainers:
+maintainers:
+- email: "gavin.scallon@parsons.com"
+#   # The name of the current container owner
+  name: "Gavin Scallon"
+#   # The gitlab username of the current container owner
+  username: "gavin.scallon"
+  cht_member: true

renovate.json

 {
-    "assignees": ["@alexander.klepal"],
-    "baseBranches": ["development"],
-    "packageRules": [
-        {
-          "datasources": ["github-releases"],
-          "packageNames": ["kubernetes/kubernetes"],
-          "separateMinorPatch": true,
-          "minor": {
-            "enabled": false
-          }
-        }
-      ],
-    "regexManagers": [
-      {
-        "fileMatch": ["^Dockerfile$"],
-        "matchStrings": [
-          "version=\"(?<currentValue>.*?)\""
-        ],
-        "depNameTemplate": "kubernetes/kubernetes",
-        "datasourceTemplate": "github-releases"
-      },
-      {
-        "fileMatch": ["^Jenkinsfile$"],
-        "matchStrings": [
-          "version:\\s+\"(?<currentValue>.*?)\""
-        ],
-        "depNameTemplate": "kubernetes/kubernetes",
-        "datasourceTemplate": "github-releases"
+  "assignees": [
+    "@alexander.klepal"
+  ],
+  "baseBranches": [
+    "development"
+  ],
+  "packageRules": [
+    {
+      "datasources": [
+        "github-releases"
+      ],
+      "packageNames": [
+        "kubernetes/kubernetes"
+      ],
+      "separateMinorPatch": true,
+      "minor": {
+        "enabled": false
       }
-    ]
-  }
+    }
+  ],
+  "regexManagers": [
+    {
+      "fileMatch": [
+        "^Dockerfile$"
+      ],
+      "matchStrings": [
+        "version=\"(?<currentValue>.*?)\""
+      ],
+      "depNameTemplate": "kubernetes/kubernetes",
+      "datasourceTemplate": "github-releases"
+    },
+    {
+      "fileMatch": [
+        "^hardening_manifest.yaml$"
+      ],
+      "matchStrings": [
+        "org\\.opencontainers\\.image\\.version:\\s+\"(?<currentValue>.+?)\""
+      ],
+      "depNameTemplate": "kubernetes/kubernetes",
+      "datasourceTemplate": "github-releases"
+    },
+    {
+      "fileMatch": [
+        "^hardening_manifest.yaml$"
+      ],
+      "matchStrings": [
+        "tags:\\s+-\\s+\"(?<currentValue>.+?)\""
+      ],
+      "depNameTemplate": "kubernetes/kubernetes",
+      "datasourceTemplate": "github-releases"
+    }
+  ]
+}
\ No newline at end of file