Skip to content

FIPS: move to UBI 8.9

Mitchell Nielsen requested to merge ubi-8.9 into main

Summary

Update images to UBI 8.9

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/8.9_release_notes/index#overview-major-changes

This matches our current UBI base image version used in CNG (related MR).

Closes #15

Previous update: !14 (merged)

Test plan

Test images in an environment:

Images from job: https://gitlab.com/gitlab-org/cloud-native/charts/gitlab-ingress-nginx/-/jobs/6235655348:

  • UBI: registry.gitlab.com/gitlab-org/cloud-native/charts/gitlab-ingress-nginx/staging/controller:e0d72175-ubi8@sha256:9dc3b73d7fa845a2b2279985f525bbc01985419f605e15509cab7b45a2c93930
  • FIPS: registry.gitlab.com/gitlab-org/cloud-native/charts/gitlab-ingress-nginx/staging/controller:e0d72175-fips@sha256:d8f25a50d236d7139cb1e83738b83f56fd7ab3de0d1dc76c012e8adb92d42fc1

Steps taken in each scenario:

  1. Confirm Ingress objects are picked up by NGINX.
  2. Log in.
  3. Create a project.
  4. Edit a file and push the change.
  5. Create an issue with an image.

UBI

$ cat build/test.values.yaml
nginx-ingress:
  controller:
    image:
      repository: registry.gitlab.com/gitlab-org/cloud-native/charts/gitlab-ingress-nginx/staging/controller
      tag: e0d72175-ubi8
      digest: sha256:9dc3b73d7fa845a2b2279985f525bbc01985419f605e15509cab7b45a2c93930
$ kubectl get ingress
NAME                        CLASS          HOSTS                               ADDRESS          PORTS     AGE
gitlab-kas                  gitlab-nginx   kas.gke.mnielsen-sandbox.com        34.123.173.205   80, 443   9m7s
gitlab-minio                gitlab-nginx   minio.gke.mnielsen-sandbox.com      34.123.173.205   80, 443   9m7s
gitlab-registry             gitlab-nginx   registry.gke.mnielsen-sandbox.com   34.123.173.205   80, 443   9m7s
gitlab-webservice-default   gitlab-nginx   gitlab.gke.mnielsen-sandbox.com     34.123.173.205   80, 443   9m7s

FIPS

$ cat build/test.values.yaml
nginx-ingress:
  controller:
    image:
      repository: registry.gitlab.com/gitlab-org/cloud-native/charts/gitlab-ingress-nginx/staging/controller
      tag: e0d72175-fips
      digest: sha256:d8f25a50d236d7139cb1e83738b83f56fd7ab3de0d1dc76c012e8adb92d42fc1
$ kubectl get ingress
NAME                        CLASS          HOSTS                               ADDRESS          PORTS     AGE
gitlab-kas                  gitlab-nginx   kas.gke.mnielsen-sandbox.com        34.123.173.205   80, 443   15m
gitlab-minio                gitlab-nginx   minio.gke.mnielsen-sandbox.com      34.123.173.205   80, 443   15m
gitlab-registry             gitlab-nginx   registry.gke.mnielsen-sandbox.com   34.123.173.205   80, 443   15m
gitlab-webservice-default   gitlab-nginx   gitlab.gke.mnielsen-sandbox.com     34.123.173.205   80, 443   15m
Edited by Mitchell Nielsen

Merge request reports