Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable CGO when build operator #3229

Closed
wants to merge 1 commit into from
Closed

Disable CGO when build operator #3229

wants to merge 1 commit into from

Conversation

hjiawei
Copy link
Contributor

@hjiawei hjiawei commented Mar 8, 2024

Description

This changeset disables CGO when building operator binary for all supported architectures. We shelved FIPS support so bringing back tls module from Go stdlib reenabled TLS 1.3 support.

For PR author

  • Tests for change.
  • If changing pkg/apis/, run make gen-files
  • If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

  • Milestone set according to targeted release.
  • Appropriate labels:
    • kind/bug if this is a bugfix.
    • kind/enhancement if this is a a new feature.
    • enterprise if this PR applies to Calico Enterprise only.

@hjiawei
Disable CGO when build operator
5353554 
This changeset disables CGO when building operator binary for all
supported architectures. We shelved FIPS support so bringing back tls
module from Go stdlib reenabled TLS 1.3 support.
@hjiawei hjiawei requested a review from a team as a code owner March 8, 2024 17:12
@marvin-tigera marvin-tigera added this to the v1.34.0 milestone Mar 8, 2024
hjiawei
hjiawei commented Mar 8, 2024
View reviewed changes
build/Dockerfile
Comment on lines -44 to -46
# The exec form of ENTRYPOINT does not invoke a command shell.
# This means that normal shell processing does not happen, so will not
# do variable substitution. Using this form instead of passing $OPERATOR.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment doesn't seem to apply any more so removed.

@rene-dekker
Copy link
Member

rene-dekker commented Mar 8, 2024
edited
Loading

We are removing FIPS for enterprise. I still need to find out the exact requirements for open source. I think that the operator will probably continue to be able to install FIPS for open source. What I think we may want to consider is disabling CGO/boringcrypto by default but continue to allow users to build the image with a FIPS=true flag.

@hjiawei hjiawei closed this Mar 8, 2024
@hjiawei hjiawei deleted the disable-cgo branch March 8, 2024 18:02
@exfly
Copy link

exfly commented Aug 16, 2024

issue: #3461

What I think we may want to consider is disabling CGO/boringcrypto by default but continue to allow users to build the image with a FIPS=true flag

Can we disable CGO/boringcrypto by default

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.34.0
Development

Successfully merging this pull request may close these issues.
4 participants
@hjiawei @rene-dekker @exfly @marvin-tigera