diff --git a/charts/cf-runtime/Chart.yaml b/charts/cf-runtime/Chart.yaml index 24575de6..2d7dd1af 100644 --- a/charts/cf-runtime/Chart.yaml +++ b/charts/cf-runtime/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart for Codefresh Runner name: cf-runtime -version: 9.0.3 +version: 9.0.4 keywords: - codefresh - runner @@ -18,18 +18,17 @@ annotations: # Supported kinds: `added`, `changed`, `deprecated`, `removed`, `fixed`, `security`: artifacthub.io/changes: | - kind: changed - description: "Update \"engine\" to 2.1.0." - - kind: fixed - description: "Prevent \"on_finish\" and \"on_elected\" pipeline hooks from executing in the middle if paused for \"pending-approval\" step." - - kind: deprecated - description: "Print deprecation warning in build logs if Docker daemon is running on cgroup v1" - links: - - name: Docker cgroup v1 deprecation notice - url: https://docs.docker.com/engine/deprecated/#support-for-cgroup-v1 + description: 'Update "dind" to 28.5.2-3.0.7.' - kind: changed - description: "Update \"cf-docker-builder\" to 1.5.3." + description: 'Update "dind-lv-monitor" to 1.30.2.' + - kind: changed + description: 'Update "compose" to 2.40.3-1.5.8.' + - kind: changed + description: 'Update "qemu" to 10.0.4.' + - kind: changed + description: 'Update "volumePermissions" images to "alpine:3.23".' - kind: security - description: "Fix various security vulnerabilities in \"cf-docker-builder\"." + description: 'Fix various security vulnerabilities in multiple runtime components.' dependencies: - name: cf-common repository: oci://quay.io/codefresh/charts diff --git a/charts/cf-runtime/README.md b/charts/cf-runtime/README.md index 371c7769..78a2e47f 100644 --- a/charts/cf-runtime/README.md +++ b/charts/cf-runtime/README.md @@ -1,6 +1,6 @@ ## Codefresh Runner -![Version: 9.0.3](https://img.shields.io/badge/Version-9.0.3-informational?style=flat-square) +![Version: 9.0.4](https://img.shields.io/badge/Version-9.0.4-informational?style=flat-square) Helm chart for deploying [Codefresh Runner](https://codefresh.io/docs/docs/installation/codefresh-runner/) to Kubernetes. @@ -1319,7 +1319,7 @@ Install the Helm chart | runtime.accounts | list | `[]` | (for On-Premise only) Assign accounts to runtime (list of account ids) | | runtime.agent | bool | `true` | (for On-Premise only) Enable agent | | runtime.description | string | `""` | Runtime description | -| runtime.dind | object | `{"affinity":{},"containerSecurityContext":{},"env":{"CLEAN_DOCKER":true,"CLEAN_PERIOD_BUILDS":"5","CLEAN_PERIOD_SECONDS":"21600","DISK_USAGE_THRESHOLD":"0.8","IMAGE_RETAIN_PERIOD":"14400","INODES_USAGE_THRESHOLD":"0.8","VOLUMES_RETAIN_PERIOD":"14400"},"image":{"digest":"sha256:3d823bcbdf7437fc4262f5b307e1ba2d0fa0c59afd43cbd0ad74198d11868d1c","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.5.1-3.0.5"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"pvcs":{"dind":{"annotations":{},"name":"dind","reuseVolumeSelector":"codefresh-app,io.codefresh.accountName","reuseVolumeSortOrder":"pipeline_id","storageClassName":"{{ include \"dind-volume-provisioner.storageClassName\" . }}","volumeSize":"16Gi"}},"resources":{"limits":{"cpu":"400m","memory":"800Mi"},"requests":null},"schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":30,"tolerations":[],"userAccess":true,"userVolumeMounts":{},"userVolumes":{},"volumePermissions":{"enabled":false,"image":{"digest":"sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f","registry":"docker.io","repository":"alpine","tag":3.18},"resources":{},"securityContext":{"runAsUser":0}}}` | Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). | +| runtime.dind | object | `{"affinity":{},"containerSecurityContext":{},"env":{"CLEAN_DOCKER":true,"CLEAN_PERIOD_BUILDS":"5","CLEAN_PERIOD_SECONDS":"21600","DISK_USAGE_THRESHOLD":"0.8","IMAGE_RETAIN_PERIOD":"14400","INODES_USAGE_THRESHOLD":"0.8","VOLUMES_RETAIN_PERIOD":"14400"},"image":{"digest":"sha256:1c53d5dfb9428d2f917d6786f2fa13dc2e07192b71fe762e2a8280af4f12c90d","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.5.2-3.0.7"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"pvcs":{"dind":{"annotations":{},"name":"dind","reuseVolumeSelector":"codefresh-app,io.codefresh.accountName","reuseVolumeSortOrder":"pipeline_id","storageClassName":"{{ include \"dind-volume-provisioner.storageClassName\" . }}","volumeSize":"16Gi"}},"resources":{"limits":{"cpu":"400m","memory":"800Mi"},"requests":null},"schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":30,"tolerations":[],"userAccess":true,"userVolumeMounts":{},"userVolumes":{},"volumePermissions":{"enabled":false,"image":{"digest":"sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62","registry":"docker.io","repository":"alpine","tag":3.23},"resources":{},"securityContext":{"runAsUser":0}}}` | Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). | | runtime.dind.affinity | object | `{}` | Set affinity | | runtime.dind.containerSecurityContext | object | `{}` | Set container security context. | | runtime.dind.env | object | `{"CLEAN_DOCKER":true,"CLEAN_PERIOD_BUILDS":"5","CLEAN_PERIOD_SECONDS":"21600","DISK_USAGE_THRESHOLD":"0.8","IMAGE_RETAIN_PERIOD":"14400","INODES_USAGE_THRESHOLD":"0.8","VOLUMES_RETAIN_PERIOD":"14400"}` | Set additional env vars. | @@ -1330,7 +1330,7 @@ Install the Helm chart | runtime.dind.env.IMAGE_RETAIN_PERIOD | string | `"14400"` | Do not delete Docker images if they have events newer than `NOW minus IMAGE_RETAIN_PERIOD` | | runtime.dind.env.INODES_USAGE_THRESHOLD | string | `"0.8"` | Run cleanup if current inodes usage exceeds INODES_USAGE_THRESHOLD | | runtime.dind.env.VOLUMES_RETAIN_PERIOD | string | `"14400"` | Do not delete Docker volumes if they have events newer than `NOW minus VOLUMES_RETAIN_PERIOD` | -| runtime.dind.image | object | `{"digest":"sha256:3d823bcbdf7437fc4262f5b307e1ba2d0fa0c59afd43cbd0ad74198d11868d1c","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.5.1-3.0.5"}` | Set dind image. | +| runtime.dind.image | object | `{"digest":"sha256:1c53d5dfb9428d2f917d6786f2fa13dc2e07192b71fe762e2a8280af4f12c90d","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/dind","tag":"28.5.2-3.0.7"}` | Set dind image. | | runtime.dind.nodeSelector | object | `{}` | Set node selector. | | runtime.dind.podAnnotations | object | `{}` | Set pod annotations. | | runtime.dind.podLabels | object | `{}` | Set pod labels. | @@ -1351,7 +1351,7 @@ Install the Helm chart | runtime.dind.userVolumeMounts | object | `{}` | Add extra volume mounts | | runtime.dind.userVolumes | object | `{}` | Add extra volumes | | runtime.dindDaemon | object | See below | DinD pod daemon config | -| runtime.engine | object | `{"affinity":{},"command":["node","dist/server/index.js"],"env":{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"},"image":{"digest":"sha256:a24c3a8412face62020661064323f10e1a9177a64a011bb49925c055e2a798b7","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"2.1.0"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"resources":{"limits":{"cpu":"1000m","memory":"2048Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"runtimeImages":{"alpine":{"digest":"sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","registry":"docker.io","repository":"alpine","tag":"edge"},"compose":{"digest":"sha256:19f212e9aee62f112f8a1df474122f850357f1c85521e804dcfc9a48b69a840f","registry":"quay.io","repository":"codefresh/compose","tag":"v2.37.0-1.5.6"},"container-logger":{"digest":"sha256:6459db2d486f89457ce347ecc1dc037d39c43fb0c1fb67ea6e9d6743e104642f","registry":"quay.io","repository":"codefresh/cf-container-logger","tag":"2.0.0"},"cosign-image-signer":{"digest":"sha256:316cd24c623a26edc59e0f5d9a3fd6269a1307c74e11cf523efa3a42a5573fb5","registry":"quay.io","repository":"codefresh/cf-cosign-image-signer","tag":"2.5.2-cf.3"},"default-qemu":{"digest":"sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6","registry":"docker.io","repository":"tonistiigi/binfmt","tag":"qemu-v9.2.2"},"docker-builder":{"digest":"sha256:5dc1194960b95b56096bbc97acd5593ceda9a9bc98afcc921dfe87e5fbfc68b3","registry":"quay.io","repository":"codefresh/cf-docker-builder","tag":"1.5.3"},"docker-puller":{"digest":"sha256:09725c496f66cace02b523e1e3be7434519e751b5a1a5927c76cf95fbb0dc7d7","registry":"quay.io","repository":"codefresh/cf-docker-puller","tag":"8.0.24"},"docker-pusher":{"digest":"sha256:5bf734ffea8f3bb9cdafeabbdcff7f26a2db68552cf7a91d48a5eff2699a57a8","registry":"quay.io","repository":"codefresh/cf-docker-pusher","tag":"6.0.23"},"docker-tag-pusher":{"digest":"sha256:69b6154fe34cda7a48b2e44cfe7667acdd79a6a5901001b092f8cf485b75ff3f","registry":"quay.io","repository":"codefresh/cf-docker-tag-pusher","tag":"1.3.20"},"fs-ops":{"digest":"sha256:cade5ace4d05528dfd0cbdbb96bd99c6ccae79dfeebe14661a4b7808e2131dc9","registry":"quay.io","repository":"codefresh/fs-ops","tag":"1.2.11"},"gc-builder":{"digest":"sha256:5405a4476420e21d12d4a80b030d8737dcae5262a8b20c0ea018e8db710e9d2c","registry":"quay.io","repository":"codefresh/gcloud-builder","tag":"0.5.6"},"git-cloner":{"digest":"sha256:ce1e922b94bbf1e5bd224468a2ccfe969200661ca2b6f0182b26ee0ad06e1a6d","registry":"quay.io","repository":"codefresh/cf-git-cloner","tag":"10.3.4"},"kube-deploy":{"digest":"sha256:ee9f56c8c5fc73dfd45511fb003dc53f35e0c46a78acdbb62ad386f33913b765","registry":"quay.io","repository":"codefresh/cf-deploy-kubernetes","tag":"17.0.0"},"pipeline-debugger":{"digest":"sha256:7f8867af5fd402a98159d674c30965d67861a4dc37e429db3ff0746a6454f88f","registry":"quay.io","repository":"codefresh/cf-debugger","tag":"1.3.11"},"template-engine":{"digest":"sha256:37ec7bed4b09e4055c3600a7805f84e37cccf8d849fe0fdd5b29f079de15010c","registry":"quay.io","repository":"codefresh/pikolo","tag":"0.14.8"}},"runtimeImagesRegistry":"","schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":180,"tolerations":[],"userEnvVars":[],"workflowLimits":{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_POST_STEPS_GRACE_PERIOD_MINUTES":30,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}}` | Parameters for Engine pod (aka "pipeline" orchestrator). | +| runtime.engine | object | `{"affinity":{},"command":["node","dist/server/index.js"],"env":{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"},"image":{"digest":"sha256:a24c3a8412face62020661064323f10e1a9177a64a011bb49925c055e2a798b7","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"2.1.0"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"resources":{"limits":{"cpu":"1000m","memory":"2048Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"runtimeImages":{"alpine":{"digest":"sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","registry":"docker.io","repository":"alpine","tag":"edge"},"compose":{"digest":"sha256:a393db5c299ec21c24a9c09e2dd233d30a38a0b7d21eb955d5464572867d3860","registry":"quay.io","repository":"codefresh/compose","tag":"v2.40.3-1.5.8"},"container-logger":{"digest":"sha256:6459db2d486f89457ce347ecc1dc037d39c43fb0c1fb67ea6e9d6743e104642f","registry":"quay.io","repository":"codefresh/cf-container-logger","tag":"2.0.0"},"cosign-image-signer":{"digest":"sha256:316cd24c623a26edc59e0f5d9a3fd6269a1307c74e11cf523efa3a42a5573fb5","registry":"quay.io","repository":"codefresh/cf-cosign-image-signer","tag":"2.5.2-cf.3"},"default-qemu":{"digest":"sha256:30cc9a4d03765acac9be2ed0afc23af1ad018aed2c28ea4be8c2eb9afe03fbd1","registry":"docker.io","repository":"tonistiigi/binfmt","tag":"qemu-v10.0.4"},"docker-builder":{"digest":"sha256:5dc1194960b95b56096bbc97acd5593ceda9a9bc98afcc921dfe87e5fbfc68b3","registry":"quay.io","repository":"codefresh/cf-docker-builder","tag":"1.5.3"},"docker-puller":{"digest":"sha256:09725c496f66cace02b523e1e3be7434519e751b5a1a5927c76cf95fbb0dc7d7","registry":"quay.io","repository":"codefresh/cf-docker-puller","tag":"8.0.24"},"docker-pusher":{"digest":"sha256:5bf734ffea8f3bb9cdafeabbdcff7f26a2db68552cf7a91d48a5eff2699a57a8","registry":"quay.io","repository":"codefresh/cf-docker-pusher","tag":"6.0.23"},"docker-tag-pusher":{"digest":"sha256:69b6154fe34cda7a48b2e44cfe7667acdd79a6a5901001b092f8cf485b75ff3f","registry":"quay.io","repository":"codefresh/cf-docker-tag-pusher","tag":"1.3.20"},"fs-ops":{"digest":"sha256:cade5ace4d05528dfd0cbdbb96bd99c6ccae79dfeebe14661a4b7808e2131dc9","registry":"quay.io","repository":"codefresh/fs-ops","tag":"1.2.11"},"gc-builder":{"digest":"sha256:5405a4476420e21d12d4a80b030d8737dcae5262a8b20c0ea018e8db710e9d2c","registry":"quay.io","repository":"codefresh/gcloud-builder","tag":"0.5.6"},"git-cloner":{"digest":"sha256:ce1e922b94bbf1e5bd224468a2ccfe969200661ca2b6f0182b26ee0ad06e1a6d","registry":"quay.io","repository":"codefresh/cf-git-cloner","tag":"10.3.4"},"kube-deploy":{"digest":"sha256:ee9f56c8c5fc73dfd45511fb003dc53f35e0c46a78acdbb62ad386f33913b765","registry":"quay.io","repository":"codefresh/cf-deploy-kubernetes","tag":"17.0.0"},"pipeline-debugger":{"digest":"sha256:7f8867af5fd402a98159d674c30965d67861a4dc37e429db3ff0746a6454f88f","registry":"quay.io","repository":"codefresh/cf-debugger","tag":"1.3.11"},"template-engine":{"digest":"sha256:37ec7bed4b09e4055c3600a7805f84e37cccf8d849fe0fdd5b29f079de15010c","registry":"quay.io","repository":"codefresh/pikolo","tag":"0.14.8"}},"runtimeImagesRegistry":"","schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":180,"tolerations":[],"userEnvVars":[],"workflowLimits":{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_POST_STEPS_GRACE_PERIOD_MINUTES":30,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}}` | Parameters for Engine pod (aka "pipeline" orchestrator). | | runtime.engine.affinity | object | `{}` | Set affinity | | runtime.engine.command | list | `["node","dist/server/index.js"]` | Set container command. | | runtime.engine.env | object | `{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"}` | Set additional env vars. | diff --git a/charts/cf-runtime/values-rootless.yaml b/charts/cf-runtime/values-rootless.yaml index d5d0b399..38cdcfc8 100644 --- a/charts/cf-runtime/values-rootless.yaml +++ b/charts/cf-runtime/values-rootless.yaml @@ -19,8 +19,8 @@ volumeProvisioner: runtime: dind: image: - tag: 28.5.1-3.0.5-rootless - digest: sha256:49d77f61e754db1329c7969cc20d2e6b6d034faa33b7303835eff318223e85ed + tag: 28.5.2-3.0.7-rootless + digest: sha256:399980d68e06b9622e89c79eccd4e62f19b9f5c24b88e3cbab559cde82039368 userVolumeMounts: dind: name: dind diff --git a/charts/cf-runtime/values.yaml b/charts/cf-runtime/values.yaml index fd17cb13..30238d02 100644 --- a/charts/cf-runtime/values.yaml +++ b/charts/cf-runtime/values.yaml @@ -201,8 +201,8 @@ volumeProvisioner: image: registry: quay.io repository: codefresh/dind-volume-utils - tag: 1.30.1 - digest: sha256:0e98fb2895b1a43f613e57f7be9e234808f0162175cabace51eb324d1a8c3c98 + tag: 1.30.2 + digest: sha256:4ba3029e7fe8fe9824749a93d7831cf0d7b0e8587f9eaa56e440cd453cf36989 podAnnotations: {} podSecurityContext: enabled: false @@ -221,8 +221,8 @@ volumeProvisioner: image: registry: docker.io repository: alpine - tag: 3.18 - digest: sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f + tag: 3.23 + digest: sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62 resources: {} securityContext: runAsUser: 0 # auto @@ -401,9 +401,9 @@ runtime: image: registry: quay.io repository: codefresh/dind - tag: 28.5.1-3.0.5 # use `latest-rootless/rootless/28.5.1-3.0.5-rootless` tags for rootless-dind + tag: 28.5.2-3.0.7 # use `latest-rootless/rootless/28.5.2-3.0.7-rootless` tags for rootless-dind pullPolicy: IfNotPresent - digest: sha256:3d823bcbdf7437fc4262f5b307e1ba2d0fa0c59afd43cbd0ad74198d11868d1c + digest: sha256:1c53d5dfb9428d2f917d6786f2fa13dc2e07192b71fe762e2a8280af4f12c90d # -- Set dind resources. resources: requests: null @@ -494,8 +494,8 @@ runtime: image: registry: docker.io repository: alpine - tag: 3.18 - digest: sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f + tag: 3.23 + digest: sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62 resources: {} securityContext: runAsUser: 0 # auto @@ -530,8 +530,8 @@ runtime: compose: registry: quay.io repository: codefresh/compose - tag: v2.37.0-1.5.6 - digest: sha256:19f212e9aee62f112f8a1df474122f850357f1c85521e804dcfc9a48b69a840f + tag: v2.40.3-1.5.8 + digest: sha256:a393db5c299ec21c24a9c09e2dd233d30a38a0b7d21eb955d5464572867d3860 container-logger: registry: quay.io repository: codefresh/cf-container-logger @@ -595,8 +595,8 @@ runtime: default-qemu: registry: docker.io repository: tonistiigi/binfmt - tag: qemu-v9.2.2 - digest: sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6 + tag: qemu-v10.0.4 + digest: sha256:30cc9a4d03765acac9be2ed0afc23af1ad018aed2c28ea4be8c2eb9afe03fbd1 alpine: registry: docker.io repository: alpine