133 enforce pinned image versions (#134)

slateci · Jun 21, 2023 · 3e7f3d0 · 3e7f3d0
1 parent ced5626
commit 3e7f3d0
Show file tree

Hide file tree

Showing 37 changed files with 37 additions and 84 deletions.
diff --git a/charts/condor-manager/Chart.yaml b/charts/condor-manager/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "10.0.2"
 description: HTCondor Central Manager Node
 name: condor-manager
-version: 0.2.3
+version: 0.2.4
diff --git a/charts/condor-manager/templates/deployment.yaml b/charts/condor-manager/templates/deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       containers:
       - name: condor-manager
-        image: hub.opensciencegrid.org/slate/condor-manager:{{ .Values.ContainerTags.CondorManagerImageVer }}
+        image: 'hub.opensciencegrid.org/slate/condor-manager:10.0.2'
         imagePullPolicy: "Always"
         ports:
         - name: condor-shared

diff --git a/charts/condor-manager/values.yaml b/charts/condor-manager/values.yaml
@@ -1,10 +1,6 @@
 # Generates app name as "connect-submit-[Instance]"
 Instance: ""
 
-#This is global config to specify which container image to pull. The image tag doesn't necessarily indicate or match the app version in the image.
-ContainerTags:
-  CondorManagerImageVer: '10.0.2'
-
 CondorConfig:
   # Extra configuration can be added via the ConfigFile parameter
   # ConfigFile: |+

diff --git a/charts/condor-worker/Chart.yaml b/charts/condor-worker/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "10.0.2"
 description: HTCondor distributed high-throughput computing system
 name: condor-worker
-version: 0.10.3
+version: 0.10.4
diff --git a/charts/condor-worker/templates/deployment.yaml b/charts/condor-worker/templates/deployment.yaml
@@ -97,7 +97,7 @@ spec:
       containers:
       {{ if .Values.HTTPLogger.Enabled }}
       - name: logging-sidecar
-        image: nginx:{{ .Values.ContainerTags.NginxImageVer }}
+        image: 'nginx:1.15.9'
         command: ["/bin/bash"]
         args: ["/usr/local/bin/start-nginx.sh"]
         imagePullPolicy: IfNotPresent
@@ -121,7 +121,7 @@ spec:
           subPath: start-nginx.sh
       {{ end }}
       - name: condor-worker-worker
-        image: hub.opensciencegrid.org/slate/condor-worker:{{ .Values.ContainerTags.CondorWorkerImageVer }}
+        image: 'hub.opensciencegrid.org/slate/condor-worker:10.0.2'
         imagePullPolicy: "Always"
         volumeMounts:
         {{ if .Values.HTTPLogger.Enabled }}

diff --git a/charts/condor-worker/values.yaml b/charts/condor-worker/values.yaml
@@ -1,11 +1,6 @@
 # Generates app name as "condor-worker-[Instance]"
 Instance: ""
 
-#This is global config to specify which container image to pull. The image tag doesn't necessarily indicate or match the app version in the image.
-ContainerTags:
-  NginxImageVer: '1.15.9'
-  CondorWorkerImageVer: '10.0.2'
-
 HTTPLogger:
   Enabled: false
   # You can refer to a password that has been hashed by `openssl passwd -apr1`

diff --git a/charts/faucet/Chart.yaml b/charts/faucet/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "1.9.9"
 description: Faucet OpenFlow SDN Controller
 name: faucet
-version: 1.2.2
+version: 1.2.3
diff --git a/charts/faucet/templates/deployment.yaml b/charts/faucet/templates/deployment.yaml
@@ -18,7 +18,6 @@ spec:
       instance: {{ .Values.Instance | quote }}
   template:
     metadata:
-      creationTimestamp: null
       labels:
         app: {{ template "faucet.name" . }}
         chart: {{ template "faucet.chart" . }}
@@ -29,7 +28,7 @@ spec:
       - env:
         - name: FAUCET_CONFIG_STAT_RELOAD
         - name: FAUCET_EVENT_SOCK
-        image: faucet/faucet:latest
+        image: 'faucet/faucet:1.9.9'
         name: faucet
         ports:
         - containerPort: 6653
@@ -49,4 +48,3 @@ spec:
       - name: faucet-{{ .Values.Instance }}-configuration
         configMap:
           name: faucet-{{ .Values.Instance }}-configuration
-status: {}
diff --git a/charts/globus-connect-v4/Chart.yaml b/charts/globus-connect-v4/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "4.0.63"
 description: Globus Connect data transfer service
 name: globus-connect-v4
-version: 0.7.8
+version: 0.7.9
diff --git a/charts/globus-connect-v4/templates/deployment.yaml b/charts/globus-connect-v4/templates/deployment.yaml
@@ -55,7 +55,7 @@ spec:
       hostNetwork: true
       containers:
       - name: "gcs4"
-        image: hub.opensciencegrid.org/slate/globus-connect-v4:{{ .Chart.AppVersion }}
+        image: 'hub.opensciencegrid.org/slate/globus-connect-v4:4.0.63'
         imagePullPolicy: Always
         command: ["/usr/local/bin/supervisord_startup.sh"]
         env: 

diff --git a/charts/globus-connect-v4/values.yaml b/charts/globus-connect-v4/values.yaml
@@ -49,7 +49,7 @@ GlobusConfig:
   #Uncomment this field if you need to set the MyProxy server and/or port
   #MyProxyServer:
   Security:
-     IdentityMethod: "CILogon"
+    IdentityMethod: "CILogon"
 
 # The path at which the storage should be mounted. 
 ExternalPath: /export

diff --git a/charts/globus-connect-v5/Chart.yaml b/charts/globus-connect-v5/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "5.4.61"
 description: Globus Connect data transfer service
 name: globus-connect-v5
-version: "0.14"
+version: "0.14.1"
diff --git a/charts/globus-connect-v5/templates/deployment.yaml b/charts/globus-connect-v5/templates/deployment.yaml
@@ -66,7 +66,7 @@ spec:
       hostNetwork: true
       containers:
       - name: "gcs5"
-        image: "hub.opensciencegrid.org/slate/globus-connect-v5:{{ .Values.ImageTag }}"
+        image: "hub.opensciencegrid.org/slate/globus-connect-v5:0.6"
         imagePullPolicy: Always
         command: ["/usr/local/bin/gcs-setup.sh"]
         lifecycle:

diff --git a/charts/globus-connect-v5/values.yaml b/charts/globus-connect-v5/values.yaml
@@ -43,13 +43,7 @@ ExternalPath: /export
 # The path for a backing filesystem to be mounted from the host system. 
 InternalPath: /tmp
 # The name of a PersistentVolumeClaim which should be mounted as backing storage.
-PVCName: 
-
-
-# Supported values are e.g. 'latest', '1.0.0', etc.. Consult 
-# https://hub.opensciencegrid.org/harbor/projects/50/repositories/globus-connect-v5/artifacts-tab
-# for available tags
-ImageTag: '0.6'
+PVCName:
 
 # The following settings only need to be changed if you
 # want to use the experimental auto-configuration features
@@ -66,13 +60,13 @@ StorageConfig:
   RestrictPaths: false  # Use GlobusRestrictConfig for restrictPaths 
   CustomIdentityMapping: false  # Use GlobusIdentityConfig for restrictPaths 
   CephConfig:           # only needed if StorageType is set to ceph
-      S3Endpoint: ""
-      AdminKey:  ""
-      SecretKey: ""
-      Bucket: ""
+    S3Endpoint: ""
+    AdminKey:  ""
+    SecretKey: ""
+    Bucket: ""
   PosixConfig:          # only needed if StorageType is set to posix
-      DeniedGroups: []
-      AllowedGroups: []
+    DeniedGroups: []
+    AllowedGroups: []
 
 CollectionConfig:
   BasePath: "" 

diff --git a/charts/jupyterlab/Chart.yaml b/charts/jupyterlab/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: "v2"
 name: "jupyterlab"
-version: 0.5.3
+version: 0.5.4
 appVersion: 3.6.1
 description: "A JupyterLab with a condor-submit capability"
 type: application
diff --git a/charts/jupyterlab/templates/deployment.yaml b/charts/jupyterlab/templates/deployment.yaml
@@ -93,7 +93,7 @@ spec:
       {{ end }}
       containers:
       - name: scipy-notebook
-        image: hub.opensciencegrid.org/slate/jupyterlab:{{ .Values.ContainerTags.JupyterLabImageVer }}
+        image: 'hub.opensciencegrid.org/slate/jupyterlab:0.2.1'
         imagePullPolicy: "Always"
         workingDir: /home/{{ .Values.Jupyter.NB_USER }}
         env:

diff --git a/charts/jupyterlab/values.yaml b/charts/jupyterlab/values.yaml
@@ -2,10 +2,6 @@
 # used to manage multiple instances of the same application
 Instance: ''
 
-#This is global config to specify which container image to pull. The image tag doesn't necessarily indicate or match the app version in the image.
-ContainerTags:
-  JupyterLabImageVer: '0.2.1'
-
 # Persistent Volume mounted as 'data' in the user's home directory
 PersistentVolume: 
 

diff --git a/charts/nginx/Chart.yaml b/charts/nginx/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: "v1"
 name: "nginx"
-version: 1.2.6
-appVersion: "latest"
+version: 1.2.7
+appVersion: "1.25.1"
 description: "A simple nginx deployment which serves a static page"
 maintainers:
   - name: slateci

diff --git a/charts/nginx/templates/deployment.yaml b/charts/nginx/templates/deployment.yaml
@@ -25,7 +25,7 @@ spec:
     spec:
       containers:
       - name: nginx
-        image: "nginx:{{ default .Chart.AppVersion .Values.Image.tag }}"
+        image: "nginx:1.25.1"
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: nginx-{{ .Values.Instance }}-configuration

diff --git a/charts/nginx/values.yaml b/charts/nginx/values.yaml
@@ -38,10 +38,6 @@ NetworkPolicy:
   AllowedCIDRs:
     - 0.0.0.0/0
 
-Image: {}
-  ## The tag of the nginx image.
-  # tag: "1.23"
-
 ### SLATE-START ###
 SLATE:
   Cluster:

diff --git a/charts/osg-frontier-squid/Chart.yaml b/charts/osg-frontier-squid/Chart.yaml
@@ -5,7 +5,7 @@ appVersion: 4.13-1.1
 description: A Helm chart for configuration and deployment of the Open Science Grid's Frontier Squid application.
 name: osg-frontier-squid
 # Chart version
-version: 1.8.6
+version: 1.8.7
 maintainers:
   - name: slateci
     email: [email protected]

diff --git a/charts/osg-frontier-squid/templates/deployment.yaml b/charts/osg-frontier-squid/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
       containers:
       # Container for the primary application, OSG Frontier Squid
       - name: osg-frontier-squid
-        image: "hub.opensciencegrid.org/opensciencegrid/frontier-squid:{{ .Values.ImageTag | default "release" }}"
+        image: "hub.opensciencegrid.org/opensciencegrid/frontier-squid:release"
         imagePullPolicy: Always
         env:
         - name: SQUID_IPRANGE

diff --git a/charts/osg-frontier-squid/values.yaml b/charts/osg-frontier-squid/values.yaml
@@ -14,11 +14,6 @@ SLATE:
     ID: "untagged"
 ### SLATE-END ###
 
-# Supported values are e.g. 'release' or 'testing' or 'development'. Default is
-# 'release'. Consult the opensciencegrid/frontier-squid docker image for other
-# tags.
-# ImageTag: release
-
 Service:
   # Port that the service will utilize.
   Port: 3128

diff --git a/charts/osg-hosted-ce/Chart.yaml b/charts/osg-hosted-ce/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v1
 appVersion: "5.1.5"
 description: OSG Hosted Compute Element
 name: osg-hosted-ce
-version: 4.5.0
+version: 4.5.1
 
diff --git a/charts/osg-hosted-ce/templates/deployment.yaml b/charts/osg-hosted-ce/templates/deployment.yaml
@@ -129,7 +129,7 @@ spec:
           name: osg-hosted-ce-{{ .Values.Instance }}-logger-startup
       initContainers:
       - name: logging-sidecar-init
-        image: "hub.opensciencegrid.org/opensciencegrid/hosted-ce:{{ .Values.ContainerTags.HostedCE }}"
+        image: "hub.opensciencegrid.org/opensciencegrid/hosted-ce:release"
         imagePullPolicy: Always
         command: ['/bin/chown','condor:condor','/var/log/condor-ce']
         volumeMounts:
@@ -166,7 +166,7 @@ spec:
         {{ end }}
       {{ end }}
       - name: osg-hosted-ce
-        image: hub.opensciencegrid.org/opensciencegrid/hosted-ce:{{ .Values.ContainerTags.HostedCE }}
+        image: 'hub.opensciencegrid.org/opensciencegrid/hosted-ce:release'
         imagePullPolicy: Always
         volumeMounts:
         - name: osg-hosted-ce-{{ .Values.Instance }}-configuration

diff --git a/charts/osg-hosted-ce/values.yaml b/charts/osg-hosted-ce/values.yaml
@@ -212,10 +212,6 @@ HostCredentials:
   # up a CE. NOT SUITABLE FOR PRODUCTION USE.
   LetsEncryptStaging: false
 
-# Choose which tag to use for the specified containers
-ContainerTags:
-  HostedCE: release
-
 Debug:
   # When 'ContinuOnError: true', ignore fatal errors on startup
   # (default: false)

diff --git a/charts/perfsonar-checker/Chart.yaml b/charts/perfsonar-checker/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "5.0.2"
 description: PerfSONAR checker app for running predefined network performance tests
 name: perfsonar-checker
-version: 1.2.1
+version: 1.2.2
diff --git a/charts/perfsonar-checker/templates/deployment.yaml b/charts/perfsonar-checker/templates/deployment.yaml
@@ -20,7 +20,6 @@ spec:
     type: Recreate
   template:
     metadata:
-      creationTimestamp: null
       labels:
         app: {{ template "perfsonar-checker.name" . }}
         chart: {{ template "perfsonar-checker.chart" . }}
@@ -52,7 +51,7 @@ spec:
           subPath: start-nginx.sh
       {{ end }}
       - name: perfsonar-testpoint
-        image: hub.opensciencegrid.org/slate/perfsonar-checker:5.0.2
+        image: 'hub.opensciencegrid.org/slate/perfsonar-checker:5.0.2'
         imagePullPolicy: Always
         securityContext: 
           privileged: true
@@ -91,4 +90,3 @@ spec:
         configMap:
           name: perfsonar-checker-{{ .Values.Instance }}-startup
       {{ end }}
-status: {}
diff --git a/charts/stashcache/Chart.yaml b/charts/stashcache/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: stashcache
 # Chart version
-version: 0.1.19
+version: 0.1.20
 description: StashCache is an XRootD-based caching service
 # Version of application packaged for installation
 appVersion: "v4.12.0-rc2"

diff --git a/charts/stashcache/templates/deployment.yaml b/charts/stashcache/templates/deployment.yaml
@@ -59,7 +59,7 @@ spec:
       {{ end }}
       containers:
       - name: stashcache
-        image: opensciencegrid/stash-cache:{{ .Values.ContainerTags.StashCache }}
+        image: 'opensciencegrid/stash-cache:fresh'
         imagePullPolicy: Always
         env:
         - name: XC_ROOTDIR

diff --git a/charts/stashcache/values.yaml b/charts/stashcache/values.yaml
@@ -38,9 +38,6 @@ StashCache:
     User-agent: *
     Disallow: /
 
-ContainerTags:
-  StashCache: fresh
-
 ### SLATE-START ###
 SLATE:
   Instance:

diff --git a/charts/v4a/Chart.yaml b/charts/v4a/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: v4a
 description: A Varnish for ATLAS Frontiers
 type: application
-version: 0.1.31
+version: 0.1.32
 appVersion: 1.29.0
 maintainers:
   - name: Ilija Vukotic

diff --git a/charts/v4a/templates/deployment.yaml b/charts/v4a/templates/deployment.yaml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: {{ .Chart.Name }}
-          image: "hub.opensciencegrid.org/slate/v4a:{{ .Values.ImageTag }}"
+          image: "hub.opensciencegrid.org/slate/v4a:1.0.0"
           imagePullPolicy: Always          
           env:
           - name: SITE

diff --git a/charts/v4a/values.yaml b/charts/v4a/values.yaml
@@ -51,7 +51,3 @@ SLATE:
   Instance:
     ID: "untagged"
 ### SLATE-END ###
-
-# Supported values are e.g. 'latest', '1.0.0', etc.. Consult the
-# hub.opensciencegrid.org/slate/v4a docker image for other tags.
-ImageTag: '1.0.0'
diff --git a/charts/v4cvmfs/Chart.yaml b/charts/v4cvmfs/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: v4cvmfs
 description: A Varnish for CVMFS
 type: application
-version: 0.1.50
+version: 0.1.51
 appVersion: 1.49.0
 maintainers:
   - name: Ilija Vukotic

diff --git a/charts/v4cvmfs/templates/deployment.yaml b/charts/v4cvmfs/templates/deployment.yaml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: {{ .Chart.Name }}
-          image: "hub.opensciencegrid.org/slate/v4a:{{ .Values.ImageTag }}"
+          image: "hub.opensciencegrid.org/slate/v4a:1.0.0"
           imagePullPolicy: Always
           env:
           - name: SITE

diff --git a/charts/v4cvmfs/values.yaml b/charts/v4cvmfs/values.yaml
@@ -52,7 +52,3 @@ SLATE:
   Instance:
     ID: "untagged"
 ### SLATE-END ###
-
-# Supported values are e.g. 'latest', '1.0.0', etc.. Consult the
-# hub.opensciencegrid.org/slate/v4a docker image for other tags.
-ImageTag: '1.0.0'