CNG: kubectl binary download is not verified during build
Summary
Spawned by #1306 (closed)
The kubectl
binary that is downloaded during the build of kubectl image we use for shared-secrets
and certmanager-issuer
charts is not verified as viable & executable.
We should consider at least confirming the download is a binary 0
, and preferably actually returns Client Version: ${KUBECTL_VERSION}
.
Steps to reproduce
git checkout https://gitlab.com/gitlab-org/build/CNG.git
cd CNG/kubectl
docker build -t kubectl-chaos --build-arg KUBECTL_VERSION=chaos .
docker run --rm kubectl-chaos kubectl version --client=true --short