JOBS-2480: Bump fluentd sidecar image to 4.20 (Helm values)#92
Open
hramisetty wants to merge 4 commits into
Open
JOBS-2480: Bump fluentd sidecar image to 4.20 (Helm values)#92hramisetty wants to merge 4 commits into
hramisetty wants to merge 4 commits into
Conversation
Pairs with the Echo base Dockerfile change (PR #91). Merge only after fluentd:4.20 is promoted to releases-docker.jfrog.io (JOBS-2478).
Mirror the datadog JOBS-2475 migration on the standalone build-your-own-image path so it matches the CHANGELOG 1.0.16 entry: - bitnami/fluentd:1.18.0 -> reg.echohq.com/fluentd:1.19.2 (fluentd 1.19.2) - consolidate plugin installs into one layer; pin fluent-plugin-jfrog-metrics ~> 0.2.17 - apt: --no-install-recommends + clean lists - write config to /fluentd/etc/fluent.conf and rely on the base image entrypoint (tini -- /bin/entrypoint.sh fluentd) - run as USER fluent (uid 999) instead of bitnami uid 1001 Remediates the Critical/High CVEs for customers who build the splunk sidecar image directly. K8s users already get Echo via the shared 4.20 image referenced by the Helm values.
…test) The Echo migration pinned fluent-plugin-jfrog-metrics to '~> 0.2.17', but the other plugins in this image and the shared buildx image install it unpinned. The config only requires >= 0.2.16, and 0.2.17 is currently the latest release, so dropping the cap installs the same version today while no longer blocking future updates.
The Echo base Dockerfile migration belongs in the Dockerfile-only PR #91 (JOBS-2477); keeping it here too duplicated the change. Restore docker-build/Dockerfile to master so this PR only bumps the Helm sidecar image 4.19 -> 4.20 (+ CHANGELOG). Also drop the now-inaccurate "pinned ~> 0.2.17" CHANGELOG line (the pin was removed in #91).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bumps the fluentd sidecar image from
4.19to4.20across all Helm value files (artifactory, artifactory-ha, xray) + CHANGELOG.4.20is the Echo secure base image (CVE remediation, JOBS-2475). The Dockerfile change is in #91.Merge order (do not merge early)
Merge this only after
releases-docker.jfrog.io/fluentd:4.20is built and promoted (JOBS-2478). These are public repos — merging before4.20is pullable causes ImagePullBackOff for customers deploying from master. See JOBS-2487.Changes
helm/artifactory-values.yaml,helm/artifactory-ha-values.yaml,helm/xray-values.yaml:fluentd:4.19->fluentd:4.20CHANGELOG.md: 4.20 release note