Merge branch 'release/v2.452.2-2' into main

cloudogu · Aug 15, 2024 · ad20494 · ad20494
2 parents 77f24fb + 8bfb8d0
commit ad20494
Show file tree

Hide file tree

Showing 15 changed files with 146 additions and 73 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v2.452.2-2] - 2024-08-15
+### Changed
+- [#166] Upgrade OpenJDK to 11.0.24-1
+- Upgrade Alpine to 3.20.2-1
+- The previous glibc compatibility layer was changed to Alpine's `gcompat` library
+  - this change was made due to incompatibilities with the previous `sgerrand` glibc layer which is no more supported
+    for newer Alpine versions
+
+### Security
+- [#166] close CVE-2024-41110
+
 ## [v2.452.2-1] - 2024-07-10
 ### Changed
 - Upgrade Jenkins to 2.452.2; #164

diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,8 @@
 # cesi/scm
-FROM registry.cloudogu.com/official/java:11.0.20-1
+FROM registry.cloudogu.com/official/java:11.0.24-1
 
 LABEL NAME="official/jenkins" \
-      VERSION="2.452.2-1" \
+      VERSION="2.452.2-2" \
       maintainer="[email protected]"
 
     # jenkins home configuration
@@ -36,7 +36,7 @@ RUN set -o errexit \
  # install coreutils, ttf-dejavu, openssh and scm clients
  # coreutils and ttf-dejavu is required because of java.awt.headless problem:
  # - https://wiki.jenkins.io/display/JENKINS/Jenkins+got+java.awt.headless+problem
- && apk add --no-cache coreutils ttf-dejavu openssh-client git subversion mercurial curl \
+ && apk add --no-cache coreutils ttf-dejavu openssh-client git subversion mercurial curl gcompat \
  && apk add openjdk8="$ADDITIONAL_OPENJDK8_VERSION" \
  # could use ADD but this one does not check Last-Modified header
  # see https://github.com/docker/docker/issues/8331
@@ -52,21 +52,15 @@ RUN set -o errexit \
  && printf "[global]\nssl-authority-files=/var/lib/jenkins/ca-certificates.crt\n" > /etc/subversion/server \
  # install glibc for alpine
  # make sure that jenkins is able to execute Oracle JDK, which can be installed over the global tool installer
- && apk add --no-cache libstdc++ \
- && curl -Lo /tmp/glibc.apk "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk" \
- && echo "${SHA256_GLIB_APK} */tmp/glibc.apk" |sha256sum -c - \
- && apk add --no-cache --allow-untrusted /tmp/glibc.apk \
- && curl -Lo /tmp/glibc-bin.apk "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-bin-${GLIBC_VERSION}.apk" \
- && echo "${SHA256_GLIB_BIN_APK} */tmp/glibc-bin.apk" |sha256sum -c - \
- && apk add --no-cache --allow-untrusted /tmp/glibc-bin.apk \
- && curl -Lo /tmp/glibc-i18n.apk "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-i18n-${GLIBC_VERSION}.apk" \
- && echo "${SHA256_GLIB_I18N_APK} */tmp/glibc-i18n.apk" |sha256sum -c - \
- && apk add --no-cache --allow-untrusted /tmp/glibc-i18n.apk \
- # do not abort https://github.com/sgerrand/alpine-pkg-glibc/issues/5
- && (/usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 C.UTF-8 || true ) \
- && echo "export LANG=C.UTF-8" > /etc/profile.d/locale.sh \
- && /usr/glibc-compat/sbin/ldconfig /lib /usr/glibc-compat/lib \
- # cleanup
+ && apk add --no-cache libstdc++ gcompat
+
+ RUN (/usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 C.UTF-8 || true )
+
+ RUN set -o errexit \
+  && set -o nounset \
+  && set -o pipefail \
+   echo "export LANG=C.UTF-8" > /etc/profile.d/locale.sh \
+  # cleanup
  && apk del curl \
  && rm -rf /tmp/* /var/cache/apk/*
 

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -1,5 +1,5 @@
 #!groovy
-@Library(['github.com/cloudogu/ces-build-lib@2.1.0', 'github.com/cloudogu/[email protected].0'])
+@Library(['github.com/cloudogu/ces-build-lib@2.2.1', 'github.com/cloudogu/[email protected].1'])
 import com.cloudogu.ces.cesbuildlib.*
 import com.cloudogu.ces.dogubuildlib.*
 

diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-MAKEFILES_VERSION=9.0.3
+MAKEFILES_VERSION=9.1.0
 
 .DEFAULT_GOAL:=dogu-release
 

diff --git a/build/make/build.mk b/build/make/build.mk
@@ -3,7 +3,7 @@
 ADDITIONAL_LDFLAGS?=-extldflags -static
 LDFLAGS?=-ldflags "$(ADDITIONAL_LDFLAGS) -X main.Version=$(VERSION) -X main.CommitID=$(COMMIT_ID)"
 GOIMAGE?=golang
-GOTAG?=1.14.13
+GOTAG?=1.22
 GOOS?=linux
 GOARCH?=amd64
 PRE_COMPILE?=

diff --git a/build/make/k8s-component.mk b/build/make/k8s-component.mk
@@ -2,7 +2,9 @@ COMPONENT_DEV_VERSION?=${VERSION}-dev
 
 include ${BUILD_DIR}/make/k8s.mk
 
-BINARY_HELM_ADDITIONAL_PUSH_ARGS?=--plain-http
+ifeq (${RUNTIME_ENV}, local)
+	BINARY_HELM_ADDITIONAL_PUSH_ARGS?=--plain-http
+endif
 BINARY_HELM_ADDITIONAL_PACK_ARGS?=
 BINARY_HELM_ADDITIONAL_UNINST_ARGS?=
 BINARY_HELM_ADDITIONAL_UPGR_ARGS?=
@@ -12,6 +14,9 @@ HELM_SOURCE_DIR ?= k8s/helm
 HELM_RELEASE_TGZ=${HELM_TARGET_DIR}/${ARTIFACT_ID}-${VERSION}.tgz
 HELM_DEV_RELEASE_TGZ=${HELM_TARGET_DIR}/${ARTIFACT_ID}-${COMPONENT_DEV_VERSION}.tgz
 HELM_ARTIFACT_NAMESPACE?=k8s
+ifeq (${RUNTIME_ENV}, remote)
+	HELM_ARTIFACT_NAMESPACE?=testing/k8s
+endif
 
 K8S_RESOURCE_COMPONENT ?= "${K8S_RESOURCE_TEMP_FOLDER}/component-${ARTIFACT_ID}-${VERSION}.yaml"
 K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML ?= $(BUILD_DIR)/make/k8s-component.tpl
@@ -75,24 +80,24 @@ helm-update-dependencies: ${BINARY_HELM} ## Update Helm chart dependencies
 .PHONY: helm-apply
 helm-apply: ${BINARY_HELM} check-k8s-namespace-env-var ${IMAGE_IMPORT_TARGET} helm-generate ${HELM_PRE_APPLY_TARGETS} ## Generates and installs the Helm chart.
 	@echo "Apply generated helm chart"
-	@${BINARY_HELM} upgrade -i ${ARTIFACT_ID} ${HELM_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE}
+	@${BINARY_HELM} --kube-context="${KUBE_CONTEXT_NAME}" upgrade -i ${ARTIFACT_ID} ${HELM_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE}
 
 .PHONY: helm-delete
 helm-delete: ${BINARY_HELM} check-k8s-namespace-env-var ## Uninstalls the current Helm chart.
 	@echo "Uninstall helm chart"
-	@${BINARY_HELM} uninstall ${ARTIFACT_ID} --namespace=${NAMESPACE} ${BINARY_HELM_ADDITIONAL_UNINST_ARGS} || true
+	@${BINARY_HELM} --kube-context="${KUBE_CONTEXT_NAME}" uninstall ${ARTIFACT_ID} --namespace=${NAMESPACE} ${BINARY_HELM_ADDITIONAL_UNINST_ARGS} || true
 
 .PHONY: helm-reinstall
 helm-reinstall: helm-delete helm-apply ## Uninstalls the current helm chart and reinstalls it.
 
 .PHONY: helm-chart-import
 helm-chart-import: ${CHECK_VAR_TARGETS} helm-generate helm-package ${IMAGE_IMPORT_TARGET} ## Imports the currently available chart into the cluster-local registry.
 	@if [[ ${STAGE} == "development" ]]; then \
-		echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \
-		${BINARY_HELM} push ${HELM_DEV_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+		echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+		${BINARY_HELM} push ${HELM_DEV_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
 	else \
-	  	echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \
-        ${BINARY_HELM} push ${HELM_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+	  	echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+        ${BINARY_HELM} push ${HELM_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
     fi
 	@echo "Done."
 
@@ -115,7 +120,7 @@ ${HELM_RELEASE_TGZ}: ${BINARY_HELM} ${HELM_TARGET_DIR}/Chart.yaml ${HELM_POST_GE
 .PHONY: helm-delete-existing-tgz
 helm-delete-existing-tgz: ## Remove an existing Helm package from the target directory.
 	@echo "Delete ${HELM_RELEASE_TGZ}*"
-	@rm -f ${HELM_RELEASE_TGZ}*
+	@rm -f ${HELM_TARGET_DIR}/${ARTIFACT_ID}-*.tgz
 
 ##@ K8s - Helm lint targets
 
@@ -138,12 +143,12 @@ ${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}: ${K8S_RESOURCE_TEMP_FOLDER}
 
 .PHONY: component-apply
 component-apply: check-k8s-namespace-env-var ${COMPONENT_PRE_APPLY_TARGETS} ${IMAGE_IMPORT_TARGET} helm-generate helm-chart-import component-generate ## Applies the component yaml resource to the actual defined context.
-	@kubectl apply -f "${K8S_RESOURCE_COMPONENT}" --namespace="${NAMESPACE}"
+	@kubectl apply -f "${K8S_RESOURCE_COMPONENT}" --namespace="${NAMESPACE}" --context="${KUBE_CONTEXT_NAME}"
 	@echo "Done."
 
 .PHONY: component-delete
 component-delete: check-k8s-namespace-env-var component-generate $(K8S_POST_GENERATE_TARGETS) ## Deletes the component yaml resource from the actual defined context.
-	@kubectl delete -f "${K8S_RESOURCE_COMPONENT}" --namespace="${NAMESPACE}" || true
+	@kubectl delete -f "${K8S_RESOURCE_COMPONENT}" --namespace="${NAMESPACE}" --context="${KUBE_CONTEXT_NAME}" || true
 	@echo "Done."
 
 .PHONY: component-reinstall

diff --git a/build/make/k8s-crd.mk b/build/make/k8s-crd.mk
@@ -62,19 +62,19 @@ validate-crd-chart:
 .PHONY: crd-helm-apply
 crd-helm-apply: ${BINARY_HELM} check-k8s-namespace-env-var crd-helm-generate ## Generates and installs the Helm CRD chart.
 	@echo "Apply generated Helm CRD chart"
-	@${BINARY_HELM} upgrade -i ${ARTIFACT_CRD_ID} ${HELM_CRD_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE}
+	@${BINARY_HELM} --kube-context="${KUBE_CONTEXT_NAME}" upgrade -i ${ARTIFACT_CRD_ID} ${HELM_CRD_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE}
 
 .PHONY: crd-helm-delete
 crd-helm-delete: ${BINARY_HELM} check-k8s-namespace-env-var ## Uninstalls the current Helm CRD chart.
 	@echo "Uninstall Helm CRD chart"
-	@${BINARY_HELM} uninstall ${ARTIFACT_CRD_ID} --namespace=${NAMESPACE} ${BINARY_HELM_ADDITIONAL_UNINST_ARGS} || true
+	@${BINARY_HELM} --kube-context="${KUBE_CONTEXT_NAME}" uninstall ${ARTIFACT_CRD_ID} --namespace=${NAMESPACE} ${BINARY_HELM_ADDITIONAL_UNINST_ARGS} || true
 
 .PHONY: crd-helm-package
 crd-helm-package: crd-helm-delete-existing-tgz ${HELM_CRD_RELEASE_TGZ} ## Generates and packages the Helm CRD chart.
 
 .PHONY: crd-helm-delete-existing-tgz
 crd-helm-delete-existing-tgz: ## Remove an existing Helm CRD package.
-	@rm -f ${HELM_CRD_RELEASE_TGZ}*
+	@rm -f ${HELM_CRD_TARGET_DIR}/${ARTIFACT_CRD_ID}-*.tgz
 
 ${HELM_CRD_RELEASE_TGZ}: ${BINARY_HELM} crd-helm-generate ## Generates and packages the Helm CRD chart.
 	@echo "Package generated helm crd-chart"
@@ -83,11 +83,11 @@ ${HELM_CRD_RELEASE_TGZ}: ${BINARY_HELM} crd-helm-generate ## Generates and packa
 .PHONY: crd-helm-chart-import
 crd-helm-chart-import: ${CHECK_VAR_TARGETS} check-k8s-artifact-id crd-helm-generate crd-helm-package ## Imports the currently available Helm CRD chart into the cluster-local registry.
 	@if [[ ${STAGE} == "development" ]]; then \
-		echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \
-		${BINARY_HELM} push ${HELM_CRD_DEV_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+		echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+		${BINARY_HELM} push ${HELM_CRD_DEV_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
 	else \
-	  	echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \
-        ${BINARY_HELM} push ${HELM_CRD_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
+	  	echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${CES_REGISTRY_HOST}..."; \
+        ${BINARY_HELM} push ${HELM_CRD_RELEASE_TGZ} oci://${CES_REGISTRY_HOST}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \
     fi
 	@echo "Done."
 
@@ -106,10 +106,10 @@ crd-component-generate: ${K8S_RESOURCE_TEMP_FOLDER} ## Generate the CRD componen
 
 .PHONY: crd-component-apply
 crd-component-apply: check-k8s-namespace-env-var crd-helm-chart-import crd-component-generate ## Applies the CRD component YAML resource to the actual defined context.
-	@kubectl apply -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}"
+	@kubectl apply -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}" --context="${KUBE_CONTEXT_NAME}"
 	@echo "Done."
 
 .PHONY: crd-component-delete
 crd-component-delete: check-k8s-namespace-env-var crd-component-generate ## Deletes the CRD component YAML resource from the actual defined context.
-	@kubectl delete -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}" || true
+	@kubectl delete -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}" --context="${KUBE_CONTEXT_NAME}" || true
 	@echo "Done."
diff --git a/build/make/k8s-dogu.mk b/build/make/k8s-dogu.mk
@@ -10,8 +10,6 @@ ARTIFACT_NAMESPACE=$(shell $(BINARY_YQ) -oy -e ".Name" $(DOGU_JSON_FILE) | sed "
 VERSION=$(shell $(BINARY_YQ) -oy -e ".Version" $(DOGU_JSON_FILE))
 # Image of the dogu is extracted from the dogu.json
 IMAGE=$(shell $(BINARY_YQ) -oy -e ".Image" $(DOGU_JSON_FILE)):$(VERSION)
-IMAGE_DEV_WITHOUT_TAG=$(shell $(BINARY_YQ) -oy -e ".Image" $(DOGU_JSON_FILE) | sed "s|registry\.cloudogu\.com\(.\+\)|${K3CES_REGISTRY_URL_PREFIX}\1|g")
-IMAGE_DEV=${IMAGE_DEV_WITHOUT_TAG}
 
 include $(BUILD_DIR)/make/k8s.mk
 
@@ -37,13 +35,13 @@ create-dogu-resource: ${BINARY_YQ} $(K8S_RESOURCE_TEMP_FOLDER)
 
 .PHONY: apply-dogu-resource
 apply-dogu-resource:
-	@kubectl apply -f "$(K8S_RESOURCE_DOGU)"
+	@kubectl --context="${KUBE_CONTEXT_NAME}" --namespace=${NAMESPACE} apply -f "$(K8S_RESOURCE_DOGU)"
 
 ##@ K8s - Dogu
 
 .PHONY: install-dogu-descriptor
 install-dogu-descriptor: ${BINARY_YQ} $(TARGET_DIR) ## Installs a configmap with current dogu.json into the cluster.
 	@echo "Generate configmap from dogu.json..."
-	@$(BINARY_YQ) -oj ".Image=\"${IMAGE_DEV_WITHOUT_TAG}\"" ${DOGU_JSON_FILE} > ${DOGU_JSON_DEV_FILE}
-	@kubectl create configmap "$(ARTIFACT_ID)-descriptor" --from-file=$(DOGU_JSON_DEV_FILE) --dry-run=client -o yaml | kubectl apply -f - --namespace=${NAMESPACE}
+	@$(BINARY_YQ) -oj ".Image=\"${IMAGE_DEV}\" | .Version=\"${VERSION}\""  ${DOGU_JSON_FILE} > ${DOGU_JSON_DEV_FILE}
+	@kubectl --context="${KUBE_CONTEXT_NAME}" create configmap "$(ARTIFACT_ID)-descriptor" --from-file=$(DOGU_JSON_DEV_FILE) --dry-run=client -o yaml | kubectl --context="${KUBE_CONTEXT_NAME}" --namespace=${NAMESPACE} apply -f -
 	@echo "Done."
diff --git a/build/make/k8s.mk b/build/make/k8s.mk
@@ -11,7 +11,7 @@ BINARY_YQ_4_VERSION?=v4.40.3
 BINARY_HELM = $(UTILITY_BIN_PATH)/helm
 BINARY_HELM_VERSION?=v3.13.0
 CONTROLLER_GEN = $(UTILITY_BIN_PATH)/controller-gen
-CONTROLLER_GEN_VERSION?=v0.13.0
+CONTROLLER_GEN_VERSION?=v0.14.0
 
 # Setting SHELL to bash allows bash commands to be executed by recipes.
 # Options are set to exit when a recipe line exits non-zero or a piped command fails.
@@ -22,14 +22,48 @@ SHELL = /usr/bin/env bash -o pipefail
 IMAGE ?=
 
 # Set production as default stage. Use "development" as stage in your .env file to generate artifacts
-# with development images pointing to K3S_CLUSTER_FQDN.
+# with development images pointing to CES_REGISTRY_URL_PREFIX.
 STAGE?=production
+
+# Set the "local" as runtime-environment, to push images to the container-registry of the local cluster and to apply resources to the local cluster.
+# Use "remote" as runtime-environment in your .env file to push images to the container-registry at "registry.cloudogu.com/testing" and to apply resources to the configured kubernetes-context in KUBE_CONTEXT_NAME.
+RUNTIME_ENV?=local
+$(info RUNTIME_ENV=$(RUNTIME_ENV))
+
+# The host and port of the local cluster
 K3S_CLUSTER_FQDN?=k3ces.local
 K3S_LOCAL_REGISTRY_PORT?=30099
-K3CES_REGISTRY_URL_PREFIX="${K3S_CLUSTER_FQDN}:${K3S_LOCAL_REGISTRY_PORT}"
+
+# The URL of the container-registry to use. Defaults to the registry of the local-cluster.
+# If RUNTIME_ENV is "remote" it is "registry.cloudogu.com/testing"
+CES_REGISTRY_HOST?="${K3S_CLUSTER_FQDN}:${K3S_LOCAL_REGISTRY_PORT}"
+CES_REGISTRY_NAMESPACE ?=
+ifeq (${RUNTIME_ENV}, remote)
+	CES_REGISTRY_HOST="registry.cloudogu.com"
+	CES_REGISTRY_NAMESPACE="/testing"
+endif
+$(info CES_REGISTRY_HOST=$(CES_REGISTRY_HOST))
+
+# The name of the kube-context to use for applying resources.
+# If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is "remote" the currently configured kube-context is used.
+# If KUBE_CONTEXT_NAME is empty and RUNTIME_ENV is not "remote" the "k3ces.local" is used as kube-context.
+ifeq (${KUBE_CONTEXT_NAME}, )
+	ifeq (${RUNTIME_ENV}, remote)
+		KUBE_CONTEXT_NAME = $(shell kubectl config current-context)
+	else
+		KUBE_CONTEXT_NAME = k3ces.local
+	endif
+endif
+$(info KUBE_CONTEXT_NAME=$(KUBE_CONTEXT_NAME))
+
+# The git branch-name in lowercase, shortened to 63 bytes, and with everything except 0-9 and a-z replaced with -. No leading / trailing -.
+GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/g; s/^-+|-+$$//g' | cut -c1-63)
+# The short git commit-hash
+GIT_HASH := $(shell git rev-parse --short HEAD)
+
 ## Image URL to use all building/pushing image targets
-IMAGE_DEV?=${K3CES_REGISTRY_URL_PREFIX}/${ARTIFACT_ID}
-IMAGE_DEV_VERSION=${IMAGE_DEV}:${VERSION}
+IMAGE_DEV?=$(CES_REGISTRY_HOST)$(CES_REGISTRY_NAMESPACE)/$(ARTIFACT_ID)/$(GIT_BRANCH)
+IMAGE_DEV_VERSION=$(IMAGE_DEV):$(VERSION)
 
 # Variables for the temporary yaml files. These are used as template to generate a development resource containing
 # the current namespace and the dev image.
@@ -64,13 +98,36 @@ check-k8s-artifact-id:
 
 .PHONY: check-etc-hosts
 check-etc-hosts:
-	@grep -E "^.+\s+${K3S_CLUSTER_FQDN}\$$" /etc/hosts > /dev/null || \
-		(echo "Missing /etc/hosts entry for ${K3S_CLUSTER_FQDN}" && exit 1)
+	@if [[ ${RUNTIME_ENV} == "local" ]]; then \
+		grep -E "^.+\s+${K3S_CLUSTER_FQDN}\$$" /etc/hosts > /dev/null || \
+      		(echo "Missing /etc/hosts entry for ${K3S_CLUSTER_FQDN}" && exit 1) \
+	fi
 
 .PHONY: check-insecure-cluster-registry
 check-insecure-cluster-registry:
-	@grep "${K3CES_REGISTRY_URL_PREFIX}" /etc/docker/daemon.json > /dev/null || \
-		(echo "Missing /etc/docker/daemon.json for ${K3CES_REGISTRY_URL_PREFIX}" && exit 1)
+	@if [[ ${RUNTIME_ENV} == "local" ]]; then \
+		grep "${CES_REGISTRY_HOST}" /etc/docker/daemon.json > /dev/null || \
+			(echo "Missing /etc/docker/daemon.json for ${CES_REGISTRY_HOST}" && exit 1) \
+	fi
+
+# If the RUNTIME_ENV is "remote" checks if the current docker-client has credentials for CES_REGISTRY_HOST
+# If no credentials could be found, the credentials are queried and docker-login is performed
+check-docker-credentials:
+	@if [[ "$(RUNTIME_ENV)" == "remote" ]]; then \
+		if ! grep -q $(CES_REGISTRY_HOST) ~/.docker/config.json ; then \
+			echo "Error: Docker is not logged in to $(CES_REGISTRY_HOST)"; \
+			read -p "Enter Docker Username for $(CES_REGISTRY_HOST): " username; \
+			read -sp "Enter Docker Password for $(CES_REGISTRY_HOST): " password; \
+			echo ""; \
+			echo "$$password" | docker login -u "$$username" --password-stdin $(CES_REGISTRY_HOST); \
+			if [ $$? -eq 0 ]; then \
+				echo "Docker login to $(CES_REGISTRY_HOST) successful"; \
+			else \
+				echo "Docker login to $(CES_REGISTRY_HOST) failed"; \
+				exit 1; \
+			fi \
+		fi \
+	fi
 
 ##@ K8s - Resources
 
@@ -81,7 +138,7 @@ ${K8S_RESOURCE_TEMP_FOLDER}:
 ##@ K8s - Docker
 
 .PHONY: docker-build
-docker-build: check-k8s-image-env-var ## Builds the docker image of the K8s app.
+docker-build: check-docker-credentials check-k8s-image-env-var ## Builds the docker image of the K8s app.
 	@echo "Building docker image $(IMAGE)..."
 	@DOCKER_BUILDKIT=1 docker build . -t $(IMAGE)
 
@@ -93,13 +150,13 @@ docker-dev-tag: check-k8s-image-dev-var docker-build ## Tags a Docker image for
 .PHONY: check-k8s-image-dev-var
 check-k8s-image-dev-var:
 ifeq (${IMAGE_DEV},)
-	@echo "Missing make variable IMAGE_DEV detected. It should look like \$${K3CES_REGISTRY_URL_PREFIX}/docker-image:tag"
+	@echo "Missing make variable IMAGE_DEV detected. It should look like \$${CES_REGISTRY_HOST}/docker-image:tag"
 	@exit 19
 endif
 
 .PHONY: image-import
-image-import: check-all-vars check-k8s-artifact-id docker-dev-tag ## Imports the currently available image into the cluster-local registry.
-	@echo "Import $(IMAGE_DEV_VERSION) into K8s cluster ${K3S_CLUSTER_FQDN}..."
+image-import: check-all-vars check-k8s-artifact-id docker-dev-tag ## Imports the currently available image into the configured ces-registry.
+	@echo "Import $(IMAGE_DEV_VERSION) into K8s cluster ${KUBE_CONTEXT_NAME}..."
 	@docker push $(IMAGE_DEV_VERSION)
 	@echo "Done."
 
@@ -145,4 +202,4 @@ ENVTEST = $(UTILITY_BIN_PATH)/setup-envtest
 envtest: ${ENVTEST} ## Download envtest-setup locally if necessary.
 
 ${ENVTEST}:
-	$(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
+	$(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)