From d4f2816b7aeca1c3597ced4f21562f035e4b8c80 Mon Sep 17 00:00:00 2001 From: Vihas Splunk Date: Sun, 27 Aug 2023 23:10:20 +0530 Subject: [PATCH] fix: update ubi, fix cve, update ruby --- .github/workflows/ci_build_test.yaml | 3 +- .ruby-version | 2 +- ci_scripts/deploy_connector.sh | 5 +- docker/Dockerfile | 6 +-- docker/Gemfile | 7 +-- docker/Gemfile.lock | 71 +++++++++++++++------------- 6 files changed, 49 insertions(+), 45 deletions(-) diff --git a/.github/workflows/ci_build_test.yaml b/.github/workflows/ci_build_test.yaml index 67be8fb..1e5ff51 100644 --- a/.github/workflows/ci_build_test.yaml +++ b/.github/workflows/ci_build_test.yaml @@ -17,7 +17,7 @@ jobs: uses: ruby/setup-ruby@v1 with: bundler-cache: true - ruby-version: 2.7 + ruby-version: 3.1 - name: Install dependencies run: | @@ -67,6 +67,7 @@ jobs: CI_INDEX_EVENTS: ci_events CI_INDEX_OBJECTS: ci_objects CI_INDEX_METRICS: ci_metrics + # CI_SPLUNK_HOST: ${{ secrets.CI_SPLUNK_HOST }} KUBERNETES_VERSION: v1.23.2 MINIKUBE_VERSION: v1.24.0 MINIKUBE_NODE_COUNTS: 2 diff --git a/.ruby-version b/.ruby-version index a4dd9db..ff365e0 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.7.4 +3.1.3 diff --git a/ci_scripts/deploy_connector.sh b/ci_scripts/deploy_connector.sh index 25e7ab4..fff0e30 100755 --- a/ci_scripts/deploy_connector.sh +++ b/ci_scripts/deploy_connector.sh @@ -23,11 +23,12 @@ helm install ci-sck --set global.splunk.hec.token=$CI_SPLUNK_HEC_TOKEN \ --set splunk-kubernetes-logging.image.tag=recent \ --set splunk-kubernetes-logging.image.pullPolicy=IfNotPresent \ -f ci_scripts/sck_values.yml helm-chart/splunk-connect-for-kubernetes - +# kubectl get pod | grep "ci-sck-splunk-kubernetes-logging" | awk 'NR==1{print $1} kubectl get pod # wait for deployment to finish # metric and logging deamon set for each node + aggr + object + splunk PODS=$((MINIKUBE_NODE_COUNTS*2+2+1)) until kubectl get pod | grep Running | [[ $(wc -l) == $PODS ]]; do - sleep 1; + kubectl get pod + sleep 2; done diff --git a/docker/Dockerfile b/docker/Dockerfile index c182361..42f0dd0 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.7.4-buster as builder +FROM ruby:3.1.4-buster as builder ADD ./ /app/ WORKDIR /app @@ -8,7 +8,7 @@ RUN bundle install RUN bundle exec rake build -t -v -FROM registry.access.redhat.com/ubi8/ruby-27 +FROM registry.access.redhat.com/ubi9/ruby-31 ARG VERSION @@ -33,8 +33,6 @@ COPY --from=builder /app/LICENSE /licenses/LICENSE RUN dnf install -y jq COPY --from=builder /app/docker/Gemfile* ./ -RUN gem update date cgi -RUN rm -f /usr/share/gems/specifications/default/cgi-0.1.0.gemspec /usr/share/gems/specifications/default/date-3.0.0.gemspec RUN yum update -y \ && yum remove -y nodejs npm \ && gem install bundler \ diff --git a/docker/Gemfile b/docker/Gemfile index 3ae7adc..2890093 100644 --- a/docker/Gemfile +++ b/docker/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' # This is separate gemfile for building docker image that has all plugins # for kubernetes log collection agent # List all required gems here and install via bundler to resolve dependencies -gem "fluentd", ">=1.15" +gem "fluentd", "=1.15.3" gem "fluent-plugin-systemd", "=1.0.2" gem "fluent-plugin-concat", "=2.4.0" gem "fluent-plugin-prometheus", "=2.0.2" @@ -14,13 +14,14 @@ gem "oj", ">=3.11.2" gem 'multi_json', '~> 1.13' gem 'net-http-persistent', '~> 4.0' gem 'openid_connect', '~> 1.1.8' -gem 'prometheus-client', '>= 2.1.0' -gem 'activesupport', '~> 5.2.4.3' +gem 'prometheus-client', '=2.1.0' +gem 'activesupport', '~> 7.0.4.3' gem 'http_parser.rb', '=0.8.0' gem "rack", ">=3.0.0" gem "fluent-plugin-record-modifier", ">=2.1" gem 'json-jwt', '~> 1.15.0' gem 'rack-oauth2', '~> 1.19' +gem 'cgi', '~> 0.3.6' gem 'fluent-plugin-splunk-hec', path: 'gem/' diff --git a/docker/Gemfile.lock b/docker/Gemfile.lock index 0f608bc..0078b27 100644 --- a/docker/Gemfile.lock +++ b/docker/Gemfile.lock @@ -24,21 +24,23 @@ PATH GEM remote: https://rubygems.org/ specs: - activemodel (5.2.4.6) - activesupport (= 5.2.4.6) - activesupport (5.2.4.6) + activemodel (7.0.4.3) + activesupport (= 7.0.4.3) + activesupport (7.0.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + addressable (2.8.5) + public_suffix (>= 2.0.2, < 6.0) aes_key_wrap (1.1.0) attr_required (1.0.1) - bindata (2.4.14) - concurrent-ruby (1.1.9) - connection_pool (2.2.5) - cool.io (1.7.1) + bindata (2.4.15) + cgi (0.3.6) + concurrent-ruby (1.2.2) + connection_pool (2.4.1) + cool.io (1.8.0) + date (3.3.3) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) ffi (1.15.5) @@ -57,7 +59,7 @@ GEM fluent-plugin-prometheus (2.0.2) fluentd (>= 1.9.1, < 2) prometheus-client (>= 2.1.0) - fluent-plugin-record-modifier (2.1.0) + fluent-plugin-record-modifier (2.1.1) fluentd (>= 1.0, < 2) fluent-plugin-systemd (1.0.2) fluentd (>= 0.14.11, < 2) @@ -80,36 +82,36 @@ GEM http-form_data (~> 2.2) http-parser (~> 1.2.0) http-accept (1.7.0) - http-cookie (1.0.4) + http-cookie (1.0.5) domain_name (~> 0.5) http-form_data (2.3.0) http-parser (1.2.3) ffi-compiler (>= 1.0, < 2.0) http_parser.rb (0.8.0) httpclient (2.8.3) - i18n (1.9.1) + i18n (1.14.1) concurrent-ruby (~> 1.0) json-jwt (1.15.3) activesupport (>= 4.2) aes_key_wrap bindata httpclient - jsonpath (1.1.0) + jsonpath (1.1.3) multi_json lru_redux (1.1.0) mail (2.7.1) mini_mime (>= 0.1.1) mime-types (3.4.1) mime-types-data (~> 3.2015) - mime-types-data (3.2022.0105) - mini_mime (1.1.2) - minitest (5.15.0) - msgpack (1.6.0) + mime-types-data (3.2023.0808) + mini_mime (1.1.5) + minitest (5.19.0) + msgpack (1.7.2) multi_json (1.15.0) - net-http-persistent (4.0.0) + net-http-persistent (4.0.2) connection_pool (~> 2.2) netrc (0.11.0) - oj (3.11.2) + oj (3.16.0) openid_connect (1.1.8) activemodel attr_required (>= 1.0.0) @@ -121,9 +123,9 @@ GEM validate_url webfinger (>= 1.0.1) prometheus-client (2.1.0) - public_suffix (4.0.6) - rack (3.0.1) - rack-oauth2 (1.19.0) + public_suffix (5.0.3) + rack (3.0.8) + rack-oauth2 (1.21.3) activesupport attr_required httpclient @@ -146,18 +148,18 @@ GEM httpclient (>= 2.4) systemd-journal (1.3.3) ffi (~> 1.9) - thread_safe (0.3.6) - tzinfo (1.2.10) - thread_safe (~> 0.1) - tzinfo-data (1.2022.6) + timeout (0.4.0) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + tzinfo-data (1.2023.3) tzinfo (>= 1.0.0) unf (0.1.4) unf_ext - unf_ext (0.0.8) + unf_ext (0.0.8.2) validate_email (0.1.6) activemodel (>= 3.0) mail (>= 2.2.5) - validate_url (1.0.13) + validate_url (1.0.15) activemodel (>= 3.0.0) public_suffix webfinger (1.2.0) @@ -170,7 +172,8 @@ PLATFORMS ruby DEPENDENCIES - activesupport (~> 5.2.4.3) + activesupport (~> 7.0.4.3) + cgi (~> 0.3.6) fluent-plugin-concat (= 2.4.0) fluent-plugin-jq (= 0.5.1) fluent-plugin-kubernetes_metadata_filter (~> 3.1) @@ -178,7 +181,7 @@ DEPENDENCIES fluent-plugin-record-modifier (>= 2.1) fluent-plugin-splunk-hec! fluent-plugin-systemd (= 1.0.2) - fluentd (>= 1.15) + fluentd (= 1.15.3) http_parser.rb (= 0.8.0) json-jwt (~> 1.15.0) kubeclient! @@ -186,7 +189,7 @@ DEPENDENCIES net-http-persistent (~> 4.0) oj (>= 3.11.2) openid_connect (~> 1.1.8) - prometheus-client (>= 2.1.0) + prometheus-client (= 2.1.0) rack (>= 3.0.0) rack-oauth2 (~> 1.19)