apps: moved and uppdated our custom images

WIP-CHANGELOG.md

@@ -9,11 +9,19 @@
 
 - Increased window for `FrequentPacketsDroppedFromWorkload` and `FrequentPacketsDroppedToWorkload` alerts
  - To make it less sensitive to semi-consistent blocked network traffic.
+- Changed location for some dockerfiles to `/images`
+- Changed image location for some images from `elastisys/` to `ghcr.io/elastisys/`
 
 ### Fixed
 
 ### Updated
 
 - Upgraded Grafana chart version to `6.57.4` and app version to `9.5.5`
+- Upgraded backup-postgres image from ubuntu `18.04` to `22.04` and chart version to `1.3.0`
+- Upgraded calico-accountant image from golang `1.11.5` to `1.15.15`
+- Upgraded curl-jq:ubuntu image from ubuntu `20.04` to `rolling` and changed chart version to `1.0.0`
+- Upgraded compliantkubernetes-apps-log-manager image to a later `ubuntu:rolling` and chart version to `0.2.0`
+- Upgraded rclone-sync image app version from `v1.57.0` to `v1.63.0` chart version from `1.3.0` to `1.63.0`
+- Upgraded s3-exporter image app version from `0.4.0` to `0.5.0` chart version from `v0.4.0` to `0.5.0`
 
 ### Removed

helmfile/charts/calico-accountant/values.yaml

@@ -1,7 +1,7 @@
 calicoDataStore: "kubernetes"
 image:
- repository: elastisys/calico-accountant
- tag: v0.1.6
+ repository: ghcr.io/elastisys/calico-accountant
+ tag: 0.1.6
 resources:
  limits:
  cpu: 100m

helmfile/charts/harbor/harbor-backup/templates/harbor-backup-job.yaml

@@ -20,7 +20,7 @@ spec:
  fsGroup: 1000
  containers:
  - name: run
- image: elastisys/backup-postgres:1.2.0
+ image: ghcr.io/elastisys/backup-postgres:1.3.0
  command: ['/bin/bash', '/scripts/harbor-backup.sh']
  env:
  {{- if .Values.s3.enabled }}

helmfile/charts/log-manager/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: log-manager
 description: log manager for Compliant Kubernetes
 type: application
-appVersion: 0.1.0
+appVersion: 0.2.0
 version: 0.1.0

helmfile/charts/opensearch/backup/values.yaml

@@ -1,6 +1,6 @@
 image:
- repository: elastisys/curl-jq
- tag: ubuntu
+ repository: ghcr.io/elastisys/curl-jq
+ tag: 1.0.0
  pullPolicy: IfNotPresent
 
 imagePullSecrets: []

helmfile/charts/opensearch/slm/values.yaml

@@ -1,6 +1,6 @@
 image:
- repository: elastisys/curl-jq
- tag: ubuntu
+ repository: ghcr.io/elastisys/curl-jq
+ tag: 1.0.0
  pullPolicy: IfNotPresent
 
 imagePullSecrets: []

helmfile/charts/rclone-sync/files/rclone.conf

@@ -2,6 +2,7 @@
 [{{ .name }}]
 type = {{ .type }}
 {{- if eq .type "s3" }}
+provider = Other
 access_key_id = {{ .s3.accessKey }}
 secret_access_key = {{ .s3.secretKey }}
 region = {{ .s3.region }}

helmfile/charts/rclone-sync/templates/cronjob.yaml

@@ -36,7 +36,7 @@ spec:
  - dest-{{ .destinationType }}:{{ .destination }}
  {{- end }}
  - --log-level
- - DEBUG
+ - INFO
  {{- if $.Values.config.dryrun }}
  - --dry-run
  {{- end }}

helmfile/charts/rclone-sync/values.yaml

@@ -1,6 +1,6 @@
 image:
- repository: elastisys/rclone-sync
- tag: 1.3.0
+ repository: ghcr.io/elastisys/rclone-sync
+ tag: 1.63.0
 
 config:
  dryrun: false

helmfile/charts/s3-exporter/Chart.yaml

@@ -21,4 +21,4 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.4.0"
+appVersion: "0.5.0"

helmfile/charts/s3-exporter/values.yaml

@@ -19,7 +19,7 @@ serviceMonitor:
 replicaCount: 1
 
 image:
- repository: elastisys/s3_exporter
+ repository: ghcr.io/elastisys/s3-exporter
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""

images/backup-postgres/Dockerfile

@@ -0,0 +1,39 @@
+FROM ubuntu:22.04
+RUN apt-get update \
+ && apt-get install --no-install-recommends -y \
+ apt-utils \
+ apt-transport-https \
+ software-properties-common \
+ ca-certificates \
+ lsb-release \
+ tar \
+ python3-pip \
+ python3-setuptools \
+ curl \
+ jq \
+ gnupg \
+ && pip3 install --no-cache-dir awscli --upgrade \
+ && echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
+ && cat /etc/apt/sources.list.d/pgdg.list \
+ && curl --silent https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
+ && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \
+ && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - \
+ && add-apt-repository ppa:rmescandon/yq \
+ && apt-get update \
+ && apt-get install --no-install-recommends -y \
+ postgresql-client-14 \
+ postgresql-client-13 \
+ postgresql-client-12 \
+ postgresql-client-11 \
+ google-cloud-sdk \
+ yq \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
+
+RUN groupadd nonrootuser
+RUN useradd -g nonrootuser -d /home/nonrootuser nonrootuser
+RUN mkdir -p /home/nonrootuser
+RUN chown nonrootuser:nonrootuser /home/nonrootuser
+USER nonrootuser
+WORKDIR /home/nonrootuser
+ENTRYPOINT ["/bin/bash"]

images/curl-jq/Dockerfile

@@ -0,0 +1,6 @@
+FROM ubuntu:rolling
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+ jq \
+ curl \
+ && rm -rf /var/lib/apt/lists/*

images/fluentd-elasticsearch/README.md

@@ -0,0 +1 @@
+The Dockerfile is here: https://github.com/elastisys/fluentd-elasticsearch/

helmfile/charts/rclone-sync/Dockerfile → images/rclone-sync/Dockerfile

@@ -1,16 +1,16 @@
-FROM ubuntu:latest as download
+FROM ubuntu:rolling as download
 
 # Install dependencies
 RUN apt-get update && apt-get install -y curl unzip
 
 # Install rclone
-RUN curl -O https://downloads.rclone.org/rclone-current-linux-amd64.zip && \
- unzip rclone-current-linux-amd64.zip && \
+ENV RCLONE_VERSION="v1.63.0"
+RUN curl -O https://downloads.rclone.org/${RCLONE_VERSION}/rclone-${RCLONE_VERSION}-linux-amd64.zip && \
+ unzip rclone-${RCLONE_VERSION}-linux-amd64.zip && \
  cd rclone-*-linux-amd64 && \
  install rclone /usr/bin/rclone
 
-FROM ubuntu:latest as final
-
+FROM ubuntu:rolling as final
 
 # Install root certificates
 RUN apt-get update && \
@@ -22,7 +22,8 @@ RUN apt-get update && \
 COPY --from=download /usr/bin/rclone /usr/bin/rclone
 
 # Create rclone user
-RUN adduser --system --uid 10000 rclone
+RUN apt-get install adduser && \
+ adduser --system --home /home/rclone --uid 10000 rclone
 
 # Run as rclone user
 USER 10000

scripts/restore-sync/template.job.yaml

@@ -10,13 +10,13 @@ spec:
  restartPolicy: Never
  containers:
  - name: rclone
- image: elastisys/rclone-sync:1.3.0
+ image: ghcr.io/elastisys/rclone-sync:1.63.0
  args:
  - sync
  - "${SOURCE}"
  - "${DESTINATION}"
  - --log-level
- - DEBUG
+ - INFO
  volumeMounts:
  - name: rclone-config
  mountPath: /home/rclone/.config/rclone/

scripts/restore/restore-harbor-job.yaml

@@ -20,7 +20,7 @@ spec:
  restartPolicy: Never
  containers:
  - name: run
- image: elastisys/backup-postgres:1.2.0
+ image: ghcr.io/elastisys/backup-postgres:1.3.0
  command:
  - /bin/bash
  - /scripts/restore-harbor.sh