KMinion is a feature-rich Prometheus exporter for Apache Kafka written in Go. It is lightweight and highly configurable so that it will meet your requirements.
MIT License
610
stars
122
forks
source link
build: use the same alpine OS version in Dockerfile, update pkgs #211
Security audit for kminion used in Redpanda cloud offering currently reports the existing kminion package (2.2.4 & 2.2.3) is affected by CVE-2023-2650. The following OS packages are affected:
Libcrypto3 3.0.8-r3 - fixed in 3.0.9-r0 in Alpine 3.17
Libssl3 3.0.8-r3 - fixed in 3.0.9-r0 in Alpine 3.17
The issue can be mitigated by re-building the image while executing apk upgrade during the build:
This PR address this security vulnerability by adding apk upgrade --no-cache command to kminion Runtime image Dockerfile.
Additionally, I noticed, the alpine OS image version differs b/w the builder and the runtime image:
golang:1.20-alpine:
$ docker run -it --rm golang:1.20-alpine cat /etc/alpine-release
3.18.0
alpine:3.17
It is not a big deal, but as we copy ca-certificates b/w the images, it's better if these images are in sync so I added a small change to synchronize the alpine OS version and make it explicit.
Security audit for
kminion
used in Redpanda cloud offering currently reports the existingkminion
package (2.2.4
&2.2.3
) is affected by CVE-2023-2650. The following OS packages are affected:3.0.8-r3
- fixed in3.0.9-r0
in Alpine3.17
3.0.8-r3
- fixed in3.0.9-r0
in Alpine3.17
The issue can be mitigated by re-building the image while executing
apk upgrade
during the build:This PR address this security vulnerability by adding
apk upgrade --no-cache
command tokminion
Runtime image Dockerfile.Additionally, I noticed, the alpine OS image version differs b/w the
builder
and theruntime
image:golang:1.20-alpine
:alpine:3.17
It is not a big deal, but as we copy
ca-certificates
b/w the images, it's better if these images are in sync so I added a small change to synchronize the alpine OS version and make it explicit.