diff --git a/.image-gitlab-ci.yml b/.image-gitlab-ci.yml index 8344730a..2cc9563e 100644 --- a/.image-gitlab-ci.yml +++ b/.image-gitlab-ci.yml @@ -58,11 +58,6 @@ security_scan_trivy: --exit-code 0 --format table --output medium-vulns.txt - cat medium-vulns.txt - echo CVE-2023-2253 > .trivyignore - - echo TODO remove these exceptions when alpine:3.20 arrives - - echo CVE-2024-2398 >> .trivyignore - - echo CVE-2024-24806 >> .trivyignore - - echo CVE-2024-25062 >> .trivyignore - - echo CVE-2024-28085 >> .trivyignore - trivy image "${REGISTRY}/${IMAGE}:${TAG}" || echo Vulnerabilities Found cache: paths: [ .trivycache ] diff --git a/ansible/roles/docker_node/tasks/repos.yml b/ansible/roles/docker_node/tasks/repos.yml index a2a90713..8b2f300a 100644 --- a/ansible/roles/docker_node/tasks/repos.yml +++ b/ansible/roles/docker_node/tasks/repos.yml @@ -5,6 +5,14 @@ filename: ubuntu with_items: "{{ ubuntu_repos }}" + +# TODO remove this at next k8s and ubuntu update (24.04) +- name: Remove stale k8s repo + apt_repository: + filename: k8s + repo: "{{ k8s.apt_repo.repo }}" + state: absent + - name: Docker repo key get_url: url: "{{ docker.apt_repo.url }}" diff --git a/ansible/roles/kubernetes/tasks/main.yml b/ansible/roles/kubernetes/tasks/main.yml index de7fa392..428b394f 100644 --- a/ansible/roles/kubernetes/tasks/main.yml +++ b/ansible/roles/kubernetes/tasks/main.yml @@ -8,6 +8,8 @@ apt_repository: filename: k8s repo: "{{ k8s.apt_repo.repo }}" + # TODO restore this at next k8s and ubuntu update (24.04) + state: absent - name: Install system packages apt: diff --git a/images/data-sync/Dockerfile b/images/data-sync/Dockerfile index 43dc49c9..ee24949b 100644 --- a/images/data-sync/Dockerfile +++ b/images/data-sync/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF @@ -16,9 +16,9 @@ ENV PEERNAME= \ SSHKEY1=data-sync-sshkey1 \ SSHKEY2=data-sync-sshkey2 -ARG UNISON_VERSION=2.53.3 -ARG OCAML_VERSION=4.14.1-r3 -ARG UNISON_SHA=aaea04fc5bc76dcfe8627683c9659ee4c194d4f992cc8aaa15bbb2820fc8de46 +ARG UNISON_VERSION=2.53.5 +ARG OCAML_VERSION=4.14.2-r1 +ARG UNISON_SHA=330418ad130d93d0e13da7e7e30f9b829bd7c0e859355114bd4644c35fe08d23 ARG RRSYNC_SHA=b745a37909fc10087cc9c901ad7dfda8ad8b6b493097b156b68ba33db4a5a52f COPY src/ /root/src/ diff --git a/images/data-sync/helm/Chart.yaml b/images/data-sync/helm/Chart.yaml index 395377f1..58c5ee7c 100644 --- a/images/data-sync/helm/Chart.yaml +++ b/images/data-sync/helm/Chart.yaml @@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools sources: - https://github.com/instantlinux/docker-tools type: application -version: 0.1.12 -appVersion: "2.53.3-4.14.1-r3" +version: 0.1.13 +appVersion: "2.53.5-4.14.2-r1" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/git-dump/Dockerfile b/images/git-dump/Dockerfile index 7e0ea2ea..a8dc35b2 100644 --- a/images/git-dump/Dockerfile +++ b/images/git-dump/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF @@ -20,7 +20,7 @@ ENV API_TOKEN_SECRET= \ USERNAME=git-dump \ TZ=UTC -ARG GIT_VERSION=2.43.4-r0 +ARG GIT_VERSION=2.45.2-r0 ARG GROUP=care ARG GID=505 ARG UID=212 diff --git a/images/git-dump/helm/Chart.yaml b/images/git-dump/helm/Chart.yaml index 26b5ff2d..09d7e2bb 100644 --- a/images/git-dump/helm/Chart.yaml +++ b/images/git-dump/helm/Chart.yaml @@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools sources: - https://github.com/instantlinux/docker-tools type: application -version: 0.1.13 -appVersion: "2.43.4-r0" +version: 0.1.14 +appVersion: "2.45.2-r0" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/git-pull/Dockerfile b/images/git-pull/Dockerfile index 8e548b4e..c57c7983 100644 --- a/images/git-pull/Dockerfile +++ b/images/git-pull/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun ARG BUILD_DATE ARG VCS_REF @@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \ org.label-schema.vcs-ref=$VCS_REF \ org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools -ARG GIT_VERSION=2.43.4-r0 +ARG GIT_VERSION=2.52.2-r0 ENV DEST=. \ GIT_COMMIT=master \ GIT_HOST=github.com \ diff --git a/images/git-pull/helm/Chart.yaml b/images/git-pull/helm/Chart.yaml index 5ff245ae..bd002390 100644 --- a/images/git-pull/helm/Chart.yaml +++ b/images/git-pull/helm/Chart.yaml @@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools sources: - https://github.com/instantlinux/docker-tools type: application -version: 0.1.11 -appVersion: "2.43.4-r0" +version: 0.1.12 +appVersion: "2.45.2-r0" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/mysqldump/Dockerfile b/images/mysqldump/Dockerfile index 76d3f932..4de82fd9 100644 --- a/images/mysqldump/Dockerfile +++ b/images/mysqldump/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF @@ -18,7 +18,7 @@ ENV HOUR=3 MINUTE=30 \ TZ=UTC ARG UID=210 ARG BACKUP_GID=34 -ARG CLIENT_VERSION=10.11.6-r0 +ARG CLIENT_VERSION=10.11.8-r0 RUN RMGROUP=$(grep :$BACKUP_GID: /etc/group | cut -d: -f 1) && \ [ -z "$RMGROUP" ] || delgroup $RMGROUP && \ diff --git a/images/mysqldump/helm/Chart.yaml b/images/mysqldump/helm/Chart.yaml index a0a99a89..3a07c4cb 100644 --- a/images/mysqldump/helm/Chart.yaml +++ b/images/mysqldump/helm/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/mariadb/server/tree/10.5/client type: application -version: 0.1.9 -appVersion: "10.11.6-r0" +version: 0.1.10 +appVersion: "10.11.8-r0" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/nagios/Dockerfile b/images/nagios/Dockerfile index b9440ae9..11800ec4 100644 --- a/images/nagios/Dockerfile +++ b/images/nagios/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF @@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \ org.label-schema.vcs-ref=$VCS_REF \ org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools -ARG NAGIOS_VERSION=4.5.1-r0 +ARG NAGIOS_VERSION=4.5.2-r0 ARG NAGIOS_GID=1000 ARG NAGIOS_UID=999 ARG PLUGINS_VERSION=2.4.5-r1 diff --git a/images/nut-upsd/Dockerfile b/images/nut-upsd/Dockerfile index 8f18067b..3b9ddac6 100644 --- a/images/nut-upsd/Dockerfile +++ b/images/nut-upsd/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF diff --git a/images/openldap/Dockerfile b/images/openldap/Dockerfile index 2f1a90f5..ce930470 100644 --- a/images/openldap/Dockerfile +++ b/images/openldap/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF @@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \ org.label-schema.vcs-ref=$VCS_REF \ org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools -ARG OPENLDAP_VERSION=2.6.6-r1 +ARG OPENLDAP_VERSION=2.6.7-r0 ENV SLAPD_DN_ATTR=uid \ SLAPD_FQDN=example.com \ SLAPD_LOG_LEVEL=Config,Stats \ diff --git a/images/openldap/helm/Chart.yaml b/images/openldap/helm/Chart.yaml index f1e16393..cb98684e 100644 --- a/images/openldap/helm/Chart.yaml +++ b/images/openldap/helm/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://git.openldap.org/openldap/openldap type: application -version: 0.1.5 -appVersion: "2.6.6-r1" +version: 0.1.6 +appVersion: "2.6.7-r0" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/postfix-python/Dockerfile b/images/postfix-python/Dockerfile index 70db85fd..41ae94ff 100644 --- a/images/postfix-python/Dockerfile +++ b/images/postfix-python/Dockerfile @@ -1,4 +1,4 @@ -ARG POSTFIX_VERSION=3.8.6-r0 +ARG POSTFIX_VERSION=3.9.0-r1 FROM instantlinux/postfix:$POSTFIX_VERSION MAINTAINER Rich Braun "docker@instantlinux.net" @@ -21,7 +21,7 @@ ENV BLACKLIST_USER_SECRET=mysql-blacklist-user \ SPAMC_HOST=spamassassin ARG GETPIP_SHA=311afebb7cdd310eb3a3a6bb6fffef53d84493db98c7cebf4008a18d3418c8be ARG GETPIP_URI=https://bootstrap.pypa.io/pip/3.5/get-pip.py -ARG PYTHON_PIP_VERSION=23.3.2 +ARG PYTHON_PIP_VERSION=24.1.1 COPY requirements.txt /root/ COPY src/ /usr/local/bin/ diff --git a/images/postfix-python/helm/Chart.yaml b/images/postfix-python/helm/Chart.yaml index 8c0ab001..b692d925 100644 --- a/images/postfix-python/helm/Chart.yaml +++ b/images/postfix-python/helm/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/vdukhovni/postfix type: application -version: 0.1.13 -appVersion: "3.8.6-r0" +version: 0.1.14 +appVersion: "3.9.0-r1" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/postfix/Dockerfile b/images/postfix/Dockerfile index 937b4f6d..fab4af95 100644 --- a/images/postfix/Dockerfile +++ b/images/postfix/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF @@ -7,7 +7,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \ org.label-schema.name=postfix \ org.label-schema.vcs-ref=$VCS_REF \ org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools -ARG POSTFIX_VERSION=3.8.6-r0 +ARG POSTFIX_VERSION=3.9.0-r1 ENV SASL_PASSWD_SECRET=postfix-sasl-passwd \ TZ=UTC diff --git a/images/proftpd/Dockerfile b/images/proftpd/Dockerfile index a865bd6a..06824e57 100644 --- a/images/proftpd/Dockerfile +++ b/images/proftpd/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF @@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \ org.label-schema.vcs-ref=$VCS_REF \ org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools -ARG PROFTPD_VERSION=1.3.8b-r1 +ARG PROFTPD_VERSION=1.3.8b-r2 ENV ALLOW_OVERWRITE=on \ ANONYMOUS_DISABLE=off \ diff --git a/images/proftpd/helm/Chart.yaml b/images/proftpd/helm/Chart.yaml index b66cf0f5..0665d795 100644 --- a/images/proftpd/helm/Chart.yaml +++ b/images/proftpd/helm/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/proftpd/proftpd type: application -version: 0.1.8 -appVersion: "1.3.8b-r1" +version: 0.1.9 +appVersion: "1.3.8b-r2" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/rsyslogd/Dockerfile b/images/rsyslogd/Dockerfile index 8c687114..874a21de 100644 --- a/images/rsyslogd/Dockerfile +++ b/images/rsyslogd/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF @@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \ org.label-schema.vcs-ref=$VCS_REF \ org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools -ARG RSYSLOG_VERSION=8.2310.0-r0 +ARG RSYSLOG_VERSION=8.2404.0-r0 ENV TZ=UTC RUN apk add --update gzip logrotate rsyslog=$RSYSLOG_VERSION \ rsyslog-mysql=$RSYSLOG_VERSION tar xz && \ diff --git a/images/rsyslogd/helm/Chart.yaml b/images/rsyslogd/helm/Chart.yaml index fbeb69ce..f6e68628 100644 --- a/images/rsyslogd/helm/Chart.yaml +++ b/images/rsyslogd/helm/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/rsyslog/rsyslog type: application -version: 0.1.10 -appVersion: "8.2310.0-r0" +version: 0.1.11 +appVersion: "8.2404.0-r0" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/samba-dc/Dockerfile b/images/samba-dc/Dockerfile index 70f2bbe1..654afdc2 100644 --- a/images/samba-dc/Dockerfile +++ b/images/samba-dc/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF @@ -24,7 +24,7 @@ ENV ADMIN_PASSWORD_SECRET=samba-admin-password \ WINBIND_USE_DEFAULT_DOMAIN=yes \ WORKGROUP=AD -ARG SAMBA_VERSION=4.18.9-r0 +ARG SAMBA_VERSION=4.19.6-r0 COPY *.conf.j2 /root/ COPY entrypoint.sh /usr/local/bin/ diff --git a/images/samba-dc/helm/Chart.yaml b/images/samba-dc/helm/Chart.yaml index e6beaebc..807b1fc9 100644 --- a/images/samba-dc/helm/Chart.yaml +++ b/images/samba-dc/helm/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - ttps://gitlab.com/samba-team/samba type: application -version: 0.1.12 -appVersion: "4.18.9-r0" +version: 0.1.13 +appVersion: "4.19.6-r0" dependencies: - name: chartlib version: 0.1.8 diff --git a/images/samba/Dockerfile b/images/samba/Dockerfile index a7d65ecf..c326e388 100644 --- a/images/samba/Dockerfile +++ b/images/samba/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.20 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF @@ -8,7 +8,7 @@ LABEL org.label-schema.build-date=$BUILD_DATE \ org.label-schema.vcs-ref=$VCS_REF \ org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools -ARG SAMBA_VERSION=4.18.9-r0 +ARG SAMBA_VERSION=4.19.6-r0 ENV LOGON_DRIVE=H \ NETBIOS_NAME=samba \ SERVER_STRING="Samba Server" \ diff --git a/images/samba/helm/Chart.yaml b/images/samba/helm/Chart.yaml index 428e2ec3..099c5034 100644 --- a/images/samba/helm/Chart.yaml +++ b/images/samba/helm/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://gitlab.com/samba-team/samba type: application -version: 0.1.12 -appVersion: "4.18.9-r0" +version: 0.1.13 +appVersion: "4.19.6-r0" dependencies: - name: chartlib version: 0.1.8 diff --git a/k8s/helm/authelia/Chart.yaml b/k8s/helm/authelia/Chart.yaml index ab92fd31..68d6a30c 100644 --- a/k8s/helm/authelia/Chart.yaml +++ b/k8s/helm/authelia/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/authelia/authelia type: application -version: 0.1.5 -appVersion: "4.37.5" +version: 0.1.6 +appVersion: "4.38.9" dependencies: - name: chartlib version: 0.1.8 diff --git a/k8s/helm/gitea/Chart.yaml b/k8s/helm/gitea/Chart.yaml index 6911397f..21c4ef11 100644 --- a/k8s/helm/gitea/Chart.yaml +++ b/k8s/helm/gitea/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/go-gitea/gitea type: application -version: 0.1.0 -appVersion: 1.21.7-rootless +version: 0.1.1 +appVersion: 1.22.0-rootless dependencies: - name: chartlib version: 0.1.8 diff --git a/k8s/helm/nexus/Chart.yaml b/k8s/helm/nexus/Chart.yaml index 3cece312..8a373906 100644 --- a/k8s/helm/nexus/Chart.yaml +++ b/k8s/helm/nexus/Chart.yaml @@ -5,8 +5,8 @@ home: https://github.com/instantlinux/docker-tools sources: - https://github.com/instantlinux/docker-tools type: application -version: 0.1.9 -appVersion: "3.63.0" +version: 0.1.10 +appVersion: "3.69.0" dependencies: - name: chartlib version: 0.1.8 diff --git a/k8s/helm/restic/Chart.yaml b/k8s/helm/restic/Chart.yaml index 45e6379e..d7cb4f82 100644 --- a/k8s/helm/restic/Chart.yaml +++ b/k8s/helm/restic/Chart.yaml @@ -6,10 +6,10 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/restic/restic type: application -version: 0.1.8 +version: 0.1.10 # Remember to update restic== in values.yaml as releases are published; # the values.yaml file is not able to reference .Chart.appVersion -appVersion: "0.16.2-r1" +appVersion: "0.16.4-r4" dependencies: - name: chartlib version: 0.1.8 diff --git a/k8s/helm/restic/values.yaml b/k8s/helm/restic/values.yaml index 356b052e..12894cb6 100644 --- a/k8s/helm/restic/values.yaml +++ b/k8s/helm/restic/values.yaml @@ -16,7 +16,7 @@ deployment: mkdir -p /var/log/week && tail -f -n 0 /var/log/restic.log env: # Edit the version in Chart.yaml to keep consistent - app_version: 0.16.2-r1 + app_version: 0.16.4-r4 env: /etc/profile tz: UTC nodeSelector: @@ -94,7 +94,8 @@ volumes: image: repository: alpine pullPolicy: IfNotPresent - tag: 3.19 + # tag: 3.20 + tag: latest nameOverride: "" fullnameOverride: "" diff --git a/k8s/helm/splunk/Chart.yaml b/k8s/helm/splunk/Chart.yaml index 2daf9c5a..e2babc09 100644 --- a/k8s/helm/splunk/Chart.yaml +++ b/k8s/helm/splunk/Chart.yaml @@ -15,8 +15,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://hub.docker.com/r/splunk/splunk type: application -version: 0.1.9 -appVersion: "9.1.2" +version: 0.1.10 +appVersion: "9.2.1" dependencies: - name: chartlib version: 0.1.8