new image: rabbitmq-default-user-credential-updater

[cmdpdx]

New Image Pull Request Template

Image Size

• The Image is smaller in size than its common public counterpart.
• The Image is larger in size than its common public counterpart (please explain in the notes).

Notes:

 $ docker inspect -f "{{ .Size }}" k3d-k3d.localhost:5005/rabbitmq-default-user-credential-updater:latest | gnumfmt --to=si
5.6M

 $ docker inspect -f "{{ .Size }}" rabbitmqoperator/default-user-credential-updater:latest | gnumfmt --to=si
8.0M

Image Vulnerabilities

• The Grype vulnerability scan returned 0 CVE(s).
• The Grype vulnerability scan returned > 0 CVE(s) (please explain in the notes).

Notes:

 $ grype k3d-k3d.localhost:5005/rabbitmq-default-user-credential-updater:latest
 ✔ Vulnerability DB                [updated]
 ✔ Pulled image
 ✔ Loaded image                                                                                                                                        k3d-k3d.localhost:5005/rabbitmq-default-user-credential-updater:latest
 ✔ Parsed image                                                                                                                                       sha256:070b54b540e1f11e7085408621f4b279bb05be119f320245077ff353074e40cc
 ✔ Cataloged contents                                                                                                                                        d267245b548849275f9ef6fbccb96633cb352c3ae3a71af9a0e93224b7165941
   ├── ✔ Packages                        [11 packages]
   ├── ✔ File digests                    [18 files]
   ├── ✔ File metadata                   [18 locations]
   └── ✔ Executables                     [1 executables]
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored
No vulnerabilities found

Image Tagging

• The image is not tagged with version tags.
• The image is tagged with :latest
• The image is not tagged with :latest (please explain in the notes).

Notes:

Basic Testing - K8s cluster

• The container image was successfully loaded into a kind cluster.
• The container image could not be loaded into a kind cluster (please explain in the notes).

Notes:

Basic Testing - Package/Application

• The application is accessible to the user/cluster/etc. after start-up.
• The application is not accessible to the user/cluster/etc. after start-up. (please explain in the notes).

Notes:

Helm

• A Helm chart has been provided and the container image can be used with the chart. If needed, please add a -compat package to close any gaps with the public helm chart.
• A Helm chart has been provided and the container image is not working with the chart (please explain in the notes).
• A Helm chart was not provided.

Notes:

Processor Architectures

• The image was built and tested for x86_64.
• The image could not be built for x86_64 (please explain in the notes).
• The image was built and tested for aarch64.
• The image could not be built for aarch64. (please explain in the notes).

Notes:

Functional Testing + Documentation

• Functional tests have been included and the tests are passing. All tests have been documnted in the notes section.

Notes:
Functional tests adapted from https://github.com/rabbitmq/cluster-operator/tree/main/docs/examples/vault-default-user#admin-password-rotation-without-restarting-pods

Environment Testing + Documentation

• There has not been a request and/or there is no indication that this image needs tested on a public cloud provider.
• The container image has been tested successfully on a public cloud provider (AWS, GCP, Azure).
• The container image has not been tested successfully on a public cloud provider (AWS, GCP, Azure) (please explain in the notes).

Notes:

Version

• The package version is the latest version of the package. The latest tag points to this version.
• The package version is the not the latest version of the package (please explain in the notes).

Notes:

Dev Tag Availability

• There is a dev tag available that includes a shell and apk tools (by depending on 'wolfi-base')
• There is not a dev tag available that includes a shell and apk tools (by depending on 'wolfi-base') (please explain in the notes).

Notes:

Access Control + Authentication

• The image runs as nonroot and GID/UID are set to 65532 or upstream default
• Alternatively the username and GID/UID may be a commonly used one from the ecosystem e.g: postgres
• The image requires a non-standard username or non-standard GID/UID (please explain in the notes).

ENTRYPOINT

• applications/servers/utilities set to call main program with no arguments e.g. [redis-server]
• applications/servers/utilities not set to call main program with no arguments e.g. [redis-server] (please explain in the notes)
• base images leave empty.
• base image and not empty (please explain in the notes).
• dev variants is set to entrypoint script that falls back to system.
• dev variants is not set to entrypoint script that falls back to system (please explain in the notes).

CMD

• For server applications give arguments to start in daemon mode (may be empty)
• For utilities/tooling bring up help e.g. –help
• For base images with a shell, call it e.g. [/bin/sh]

Environment Variables

• Environment variables added.
• Environment variables not added and not required.

SIGTERM

• The image responds to SIGTERM (e.g., docker kill $(docker run -d --rm cgr.dev/chainguard/nginx))

Logs

• Error logs write to stderr and normal logs to stdout. Logs DO NOT write to file.

Documentation - README

• A README file has been provided and it follows the README template.