Fix model-engine image vulnerabilities#854
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
| @@ -1,5 +1,7 @@ | |||
| # syntax = docker/dockerfile:1 | |||
|
|
|||
| FROM cgr.dev/chainguard/kubectl:latest@sha256:e305bc9ffe65a62c20e3bad506a4c42e2d6d79fbe624cd8dcab13a3687f979a6 AS kubectl | |||
There was a problem hiding this comment.
kubectl digest may be single-arch, breaking arm64 builds
The original kubectl build used KUBE_BUILD_PLATFORMS=linux/${TARGETARCH} to produce the correct architecture binary. The replacement COPY --from=kubectl does not reference TARGETARCH, so its correctness depends entirely on whether this digest resolves to a multi-arch manifest list or a single-platform (amd64) manifest. If the digest is for the amd64-specific manifest rather than the OCI index, an arm64 buildx invocation will silently copy the wrong-arch binary into the image. The PR description validates only linux/amd64, but ARG TARGETARCH on line 9 and the cross-compiled aws-iam-authenticator on line 49 indicate multi-arch intent. It is worth verifying with docker manifest inspect cgr.dev/chainguard/kubectl:latest@sha256:e305bc9ffe65a62c20e3bad506a4c42e2d6d79fbe624cd8dcab13a3687f979a6 that the digest refers to a multi-arch index before arm64 builds are attempted.
Prompt To Fix With AI
This is a comment left during a code review.
Path: model-engine/Dockerfile
Line: 3
Comment:
**kubectl digest may be single-arch, breaking arm64 builds**
The original kubectl build used `KUBE_BUILD_PLATFORMS=linux/${TARGETARCH}` to produce the correct architecture binary. The replacement `COPY --from=kubectl` does not reference `TARGETARCH`, so its correctness depends entirely on whether this digest resolves to a multi-arch manifest list or a single-platform (amd64) manifest. If the digest is for the amd64-specific manifest rather than the OCI index, an arm64 buildx invocation will silently copy the wrong-arch binary into the image. The PR description validates only `linux/amd64`, but `ARG TARGETARCH` on line 9 and the cross-compiled aws-iam-authenticator on line 49 indicate multi-arch intent. It is worth verifying with `docker manifest inspect cgr.dev/chainguard/kubectl:latest@sha256:e305bc9ffe65a62c20e3bad506a4c42e2d6d79fbe624cd8dcab13a3687f979a6` that the digest refers to a multi-arch index before arm64 builds are attempted.
How can I resolve this? If you propose a fix, please make it concise.
Summary
Why
The latest model-engine-internal image inherited 28 Trivy findings from the public model-engine image. The findings came from vulnerable Python packages and Go dependencies embedded in kubectl and aws-iam-authenticator.
Impact
The rebuilt model-engine image reports zero Trivy vulnerability findings while preserving its health endpoint and bundled Kubernetes authentication tools. model-engine-internal can consume the remediated public image after the corresponding models submodule update.
Validation
Greptile Summary
This PR remediates 28 Trivy vulnerability findings in the model-engine image by upgrading vulnerable Python dependencies and replacing the source-built kubectl binary with a digest-pinned Chainguard image, while also bumping aws-iam-authenticator from v0.7.15 to v0.7.18.
cgr.dev/chainguard/kubectlat a pinned digest instead of being compiled from source (kubernetes/kubernetes v1.35.4); aws-iam-authenticator is bumped to v0.7.18 and still cross-compiled withGOARCH=${TARGETARCH}.autousefixture patchesClientResponse.__init__to bridge the aioresponses 0.7.9 / aiohttp 3.14 API incompatibility (new requiredstream_writerparameter).Confidence Score: 4/5
Safe to merge for linux/amd64 builds; the kubectl digest warrants a quick manifest-list check before enabling arm64 builds.
All changes are targeted vulnerability remediations validated by the author (zero Trivy findings, 173 unit tests passing). The only open question is whether the pinned kubectl digest resolves to a multi-arch manifest list — if it doesn't, future arm64 builds would silently copy the wrong-arch binary. The aioresponses shim is a clean workaround with a minor risk of masking regressions on untested stream_writer attributes, but it is clearly scoped and documented.
model-engine/Dockerfile — verify that the sha256 digest on the kubectl FROM line is an OCI manifest list (multi-arch index) rather than a single-platform manifest before any arm64 build is attempted.
Important Files Changed
Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A["cgr.dev/chainguard/kubectl:latest@sha256:…\n(AS kubectl stage)"] -->|COPY /usr/bin/kubectl| B["/tmp/runtime-bin/kubectl"] C["cgr.dev/chainguard/python:latest-dev\n(AS builder stage)"] --> D["pip install requirements.txt\n(updated deps: aiohttp 3.14.1, fastapi 0.139, starlette 1.3.1…)"] C --> E["git clone v0.7.18\naws-iam-authenticator\nGOARCH=${TARGETARCH}"] E --> F["/tmp/runtime-bin/aws-iam-authenticator"] B --> G["COPY → /usr/local/bin/kubectl"] F --> H["COPY → /usr/local/bin/aws-iam-authenticator"] D --> I["cgr.dev/chainguard/python:latest\n(final model-engine image)"] G --> I H --> I%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%% flowchart TD A["cgr.dev/chainguard/kubectl:latest@sha256:…\n(AS kubectl stage)"] -->|COPY /usr/bin/kubectl| B["/tmp/runtime-bin/kubectl"] C["cgr.dev/chainguard/python:latest-dev\n(AS builder stage)"] --> D["pip install requirements.txt\n(updated deps: aiohttp 3.14.1, fastapi 0.139, starlette 1.3.1…)"] C --> E["git clone v0.7.18\naws-iam-authenticator\nGOARCH=${TARGETARCH}"] E --> F["/tmp/runtime-bin/aws-iam-authenticator"] B --> G["COPY → /usr/local/bin/kubectl"] F --> H["COPY → /usr/local/bin/aws-iam-authenticator"] D --> I["cgr.dev/chainguard/python:latest\n(final model-engine image)"] G --> I H --> IPrompt To Fix All With AI
Reviews (1): Last reviewed commit: "Merge branch 'main' into sec/model-engin..." | Re-trigger Greptile