From 9ef6046f337e1e6e0bb73ff15ed7017b6c46cb62 Mon Sep 17 00:00:00 2001 From: Ruslan Aliev Date: Mon, 15 May 2023 16:00:39 -0500 Subject: [PATCH] Add whitelist of packages to bypass verification Change-Id: I459f4a241496cf98bd0bb00f3843f2b58bb397c1 Signed-off-by: Ruslan Aliev --- divingbell/templates/bin/_apt.sh.tpl | 8 +++++++- divingbell/templates/daemonset-exec.yaml | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/divingbell/templates/bin/_apt.sh.tpl b/divingbell/templates/bin/_apt.sh.tpl index 9a2b789..b2981b7 100644 --- a/divingbell/templates/bin/_apt.sh.tpl +++ b/divingbell/templates/bin/_apt.sh.tpl @@ -282,9 +282,15 @@ while read -r name version; do fi done < <(apt-cache madison "${!package_info[@]}" | awk '!a[$1]++ {print $1 " " $3}') +{{- if hasKey .Values.conf.apt "whitelistpkgs" }} +whitelist=({{ join " " .Values.conf.apt.whitelistpkgs }}) +{{- else }} +whitelist=() +{{- end }} + for pkg in "${!package_info[@]}"; do read -r before after available < <(echo "${package_info[$pkg]}") - if [[ "$after" != "N/A" && "$after" != "$available" ]]; then + if [[ "$after" != "N/A" && "$after" != "$available" && ! ${whitelist[*]} =~ "$pkg" ]]; then log.ERROR "Package $pkg was not properly installed/upgraded, installed version $after, available version $available" exit 1 fi diff --git a/divingbell/templates/daemonset-exec.yaml b/divingbell/templates/daemonset-exec.yaml index 2b69ef5..db3b6f2 100644 --- a/divingbell/templates/daemonset-exec.yaml +++ b/divingbell/templates/daemonset-exec.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} -{{- define "readinessProbeTemplate" }} +{{- define "readinessProbeExecTemplate" }} exec: command: - cat @@ -58,7 +58,7 @@ spec: imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.exec | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }} {{ dict "envAll" $envAll "application" "divingbell" "container" "exec" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }} -{{ dict "envAll" $envAll "component" "divingbell" "container" "exec" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 8 }} +{{ dict "envAll" $envAll "component" "divingbell" "container" "exec" "type" "readiness" "probeTemplate" (include "readinessProbeExecTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 8 }} command: - /tmp/{{ $daemonset }}.sh volumeMounts: