Updated the underlying haproxy version from 2.2 to 3.2.4 #156
Conversation
|
Are you aware of the problems depicted here: #149 (comment) ? |
|
@pedrobaeza - Yes, I am aware of #149 , that is why I am not starting the container as root, also no docker group addition is required in this setup. I tested this setup on multiple open source services, it is working as expected. Please let me know, if you feel otherwise. This setup does not requires any group addition in docker as was discussed in #149 (comment) |
|
OK, great, but please check CI. |
|
I'm stuck in fixing the CI 😞. It would be of great help if someone could help me on that. |
|
First of all, you could run |
|
@josep-tecnativa - I ran, then I see all files find themselves in Git Staging Area, where I was expecting only haproxy.cfg and Dockerfile to only be in staging area. Kinda confused on this behavior. |
|
@pedrobaeza - Ok, finally I fixed CI part. Requesting you to please check. |
|
Hello @josep-tecnativa, @pedrobaeza, |
|
@josep-tecnativa / @pedrobaeza - Could you please approve the workflow, so that I can check if something went wrong down the line. Thanks! |
|
Done, @Programmer-Admin |
|
Many thanks @pedrobaeza. Seems like all checks passed. Now over to you for approval. |
|
OK, my colleague @josep-tecnativa will check, but at least the commits should be squashed into one. |
|
Looks good to me! Just squash your commits and we will merge. |
| http-request deny | ||
| default_backend dockerbackend | ||
|
|
||
| default_backend dockerbackend |
There was a problem hiding this comment.
Restore the line as it was for not having unneeded diff, please.
There was a problem hiding this comment.
@pedrobaeza - I was actually thinking of keeping the use_backend and default_backend in separate section. Can we have that like this way? Or you want me to remove the new line before default_backend
There was a problem hiding this comment.
They are not different sections in fact. I prefer to keep the diff minimal and don't add noise in any change.
There was a problem hiding this comment.
@pedrobaeza - Could you please check now?
|
Please squash together all the commits. |
I am unfamiliar with the squashing command. Can you please help me out? What command to issue for achieving squash. |
You can squash the commits using an interactive rebase. For example: In the editor that opens, leave the first commit as pick and change all the others to f (for fixup) or s (for squash). Then save and close the editor. This will combine all the commits into a single one on top of master. Finally,you will need to push with force:
|
Programmer-Admin
force-pushed
the
dsp-haproxy-3.2.4
branch
from
12bdf4b to
bb334d2
Compare
|
Thanks for the help @josep-tecnativa. Commits successfully squashed. |
Programmer-Admin
force-pushed
the
dsp-haproxy-3.2.4
branch
from
bb334d2 to
7bc0a0a
Compare
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
Fixed CI Reverted conftests.py, Added root user before CMD in Dockerfile, to respect existing setups version pinned and comment removed from cfg Removed extra empty lines Addressed extra newline in haproxy.cfg
Programmer-Admin
force-pushed
the
dsp-haproxy-3.2.4
branch
from
7bc0a0a to
210c1f8
Compare
|
Hi, |
|
@niklasteichmann - you are correct, it's not a good practice of giving Root user access inside docker image. But, if you see the original docker socket proxy image, even though we are not defining root in Dockerfile in the earlier version, if you |
|
@josep-tecnativa - can we please check on the merge status? Many Thanks |
|
@Programmer-Admin Yeah, I understand that. It's the same level of security as before the base image upgrade. Maybe this can be resolved in a future PR, I'll keep using my fork for now. |
|
Sorry for the delay @Programmer-Admin , i was on holidays. Looks good to me, LGTM! |
) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/tecnativa/docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy) | minor | `0.3.0` -> `v0.4.0` | --- ### Release Notes <details> <summary>Tecnativa/docker-socket-proxy (ghcr.io/tecnativa/docker-socket-proxy)</summary> ### [`v0.4.0`](https://github.com/Tecnativa/docker-socket-proxy/releases/tag/v0.4.0) [Compare Source](Tecnativa/docker-socket-proxy@v0.3.0...v0.4.0) #### What's Changed - test: check if connection upgrades work (using exec) by [@​proudier](https://github.com/proudier) in Tecnativa/docker-socket-proxy#139 - \[ADD] v1.51 version to README.md and Modernice CI by [@​josep-tecnativa](https://github.com/josep-tecnativa) in Tecnativa/docker-socket-proxy#152 - Updated the underlying haproxy version from 2.2 to 3.2.4 by [@​Programmer-Admin](https://github.com/Programmer-Admin) in Tecnativa/docker-socket-proxy#156 #### New Contributors - [@​Programmer-Admin](https://github.com/Programmer-Admin) made their first contribution in Tecnativa/docker-socket-proxy#156 **Full Changelog**: Tecnativa/docker-socket-proxy@v0.3.0...v0.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4zNS4wIiwidXBkYXRlZEluVmVyIjoiNDEuMzUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/1326 Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>
Changes Incorporated:
haproxyuser line #102, I placedhaproxy.cfgfile, inside /tmp. That makes no security tampering from USER side from inside of our Dockerfile.0.0.0to1.0.0, since we upgraded the haproxy to a major version.Happy to contribute.