Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update image tag in manifest #49474

Merged
merged 1 commit into from
Feb 13, 2025
Merged

update image tag in manifest #49474

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions ...cs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ broken states, and cannot recover except by being restarted. Kubernetes provides
liveness probes to detect and remedy such situations.

In this exercise, you create a Pod that runs a container based on the
`registry.k8s.io/busybox` image. Here is the configuration file for the Pod:
`registry.k8s.io/busybox:1.27.2` image. Here is the configuration file for the Pod:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this, @iheartNathan. I don't know if you have tried to use the latest tag lately, but it's working now.

To avoid the issue again, we need to stick to a specific busybox image version as @sftim suggested. But, it may not be great to use an image version, 1.27.2, from 17 August 2017. There would have been a lot of bug fixes or added features to it since then.

The most recent stable version, 1.36.1, is from 19 May 2023.

Since registry.k8s.io doesn't contain the most recent stable version, we may need to use the default docker public registry.

Let me know what you think.

Suggested change
`registry.k8s.io/busybox:1.27.2` image. Here is the configuration file for the Pod:
`busybox:1.36.1` image. Here is the configuration file for the Pod:

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

About the image working or not see #49406 (comment) and #49406 (comment) and #49406 (comment)
registry.k8s.io/busybox:1.27.2 has no CVE according to trivy image scan and registry.k8s.io/busybox:1.27.2 is stable, you're right though a more recent image might be best but the image should be from registry.k8s.io based on #49523 (comment) and https://kubernetes.io/blog/2022/11/28/registry-k8s-io-faster-cheaper-ga/

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran a CVE test on both images and they are both secure. We can use 1.27.2 on registry.k8s.io.
I don't know how images are published to registry.k8s.io yet, but I will suggest we push the newly updated busybox to it.

ubuntu $ trivy image docker.io/library/busybox:1.36.1
2025-01-25T12:20:14Z    INFO    [vuln] Vulnerability scanning is enabled
2025-01-25T12:20:14Z    INFO    [secret] Secret scanning is enabled
2025-01-25T12:20:14Z    INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-25T12:20:14Z    INFO    [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection

2025-01-25T12:20:15Z    INFO    Number of language-specific files       num=0
ubuntu $ 
ubuntu $ trivy image registry.k8s.io/busybox:1.27.2
2025-01-25T12:20:20Z    INFO    [vuln] Vulnerability scanning is enabled
2025-01-25T12:20:20Z    INFO    [secret] Secret scanning is enabled
2025-01-25T12:20:20Z    INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-25T12:20:20Z    INFO    [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection
2025-01-25T12:20:20Z    INFO    Number of language-specific files       num=0


{{% code_sample file="pods/probe/exec-liveness.yaml" %}}

Expand Down Expand Up @@ -101,8 +101,8 @@ The output indicates that no liveness probes have failed yet:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 11s default-scheduler Successfully assigned default/liveness-exec to node01
Normal Pulling 9s kubelet, node01 Pulling image "registry.k8s.io/busybox"
Normal Pulled 7s kubelet, node01 Successfully pulled image "registry.k8s.io/busybox"
Normal Pulling 9s kubelet, node01 Pulling image "registry.k8s.io/busybox:1.27.2"
Normal Pulled 7s kubelet, node01 Successfully pulled image "registry.k8s.io/busybox:1.27.2"
Normal Created 7s kubelet, node01 Created container liveness
Normal Started 7s kubelet, node01 Started container liveness
```
Expand All @@ -120,8 +120,8 @@ probes have failed, and the failed containers have been killed and recreated.
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 57s default-scheduler Successfully assigned default/liveness-exec to node01
Normal Pulling 55s kubelet, node01 Pulling image "registry.k8s.io/busybox"
Normal Pulled 53s kubelet, node01 Successfully pulled image "registry.k8s.io/busybox"
Normal Pulling 55s kubelet, node01 Pulling image "registry.k8s.io/busybox:1.27.2"
Normal Pulled 53s kubelet, node01 Successfully pulled image "registry.k8s.io/busybox:1.27.2"
Normal Created 53s kubelet, node01 Created container liveness
Normal Started 53s kubelet, node01 Started container liveness
Warning Unhealthy 10s (x3 over 20s) kubelet, node01 Liveness probe failed: cat: can't open '/tmp/healthy': No such file or directory
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/inject/dapi-envars-container.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
containers:
- name: test-container
image: registry.k8s.io/busybox:1.24
image: registry.k8s.io/busybox:1.27.2
command: [ "sh", "-c"]
args:
- while true; do
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/inject/dapi-envars-pod.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
containers:
- name: test-container
image: registry.k8s.io/busybox
image: registry.k8s.io/busybox:1.27.2
command: [ "sh", "-c"]
args:
- while true; do
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/inject/dapi-volume-resources.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
containers:
- name: client-container
image: registry.k8s.io/busybox:1.24
image: registry.k8s.io/busybox:1.27.2
command: ["sh", "-c"]
args:
- while true; do
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/inject/dapi-volume.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ metadata:
spec:
containers:
- name: client-container
image: registry.k8s.io/busybox
image: registry.k8s.io/busybox:1.27.2
command: ["sh", "-c"]
args:
- while true; do
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/pod-configmap-env-var-valueFrom.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
containers:
- name: test-container
image: registry.k8s.io/busybox
image: registry.k8s.io/busybox:1.27.2
command: [ "/bin/echo", "$(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)" ]
env:
- name: SPECIAL_LEVEL_KEY
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/pod-configmap-envFrom.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
containers:
- name: test-container
image: registry.k8s.io/busybox
image: registry.k8s.io/busybox:1.27.2
command: [ "/bin/sh", "-c", "env" ]
envFrom:
- configMapRef:
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/pod-configmap-volume-specific-key.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
containers:
- name: test-container
image: registry.k8s.io/busybox
image: registry.k8s.io/busybox:1.27.2
command: [ "/bin/sh","-c","cat /etc/config/keys" ]
volumeMounts:
- name: config-volume
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/pod-configmap-volume.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
containers:
- name: test-container
image: registry.k8s.io/busybox
image: registry.k8s.io/busybox:1.27.2
command: [ "/bin/sh", "-c", "ls /etc/config/" ]
volumeMounts:
- name: config-volume
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/pod-multiple-configmap-env-variable.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
containers:
- name: test-container
image: registry.k8s.io/busybox
image: registry.k8s.io/busybox:1.27.2
command: [ "/bin/sh", "-c", "env" ]
env:
- name: SPECIAL_LEVEL_KEY
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/pod-single-configmap-env-variable.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
containers:
- name: test-container
image: registry.k8s.io/busybox
image: registry.k8s.io/busybox:1.27.2
command: [ "/bin/sh", "-c", "env" ]
env:
# Define the environment variable
Expand Down
2 changes: 1 addition & 1 deletion content/en/examples/pods/probe/exec-liveness.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
spec:
containers:
- name: liveness
image: registry.k8s.io/busybox
image: registry.k8s.io/busybox:1.27.2
args:
- /bin/sh
- -c
Expand Down