-
Task
-
Resolution: Done
-
Critical
-
None
-
None
-
None
-
3
-
False
-
None
-
False
-
NEW
-
If Release Note Needed, Set a Value
-
-
-
Log Storage - Sprint 238
Summary
Kibana image needs to be properly scanned using prodsec tooling at build time. This comes from a higher company directive. The current image is missed in scanning because it is missing a dependency lock file. Additionally it packages a number of dependencies that may only be required by development.
Acceptance Criteria
This task would resolve that by:
- Adding a yarn.lock file to the repo
- Updating container.yaml to identify the dependency manager to be yarn
Challenges
- Kibana only builds and runs using node 10.x
- The build targets only work locally with 10.15.x
- The only node version available to us is 10.40.0 which is incompatible with the build targets
- The Dockerfile must install node 10 directly and will also need yarn, which may require a "2 stage" setup
Notes
One approach is to try to build from the actual Kibana src by:
- Updating the package.json to explicitly use the versions int the rh-manifest.txt
- If the above succeeds we may need to establish a kibana GH repo and abandon origin-aggregated-logging
Sample of projects using "2 stage" approach to make yarn available:
- clones
-
LOG-3395 Fix kibana packaging in order for it to be properly scanned by prod sec
- Closed
- mentioned on