Update Kubernetes and kubernetes-cni versions (#5024)

This PR updates kubernetes version to 1.18.6 and kubernetes-cni version to 0.8.6

signed-off by: Isabel Li isabel.li@microsoft.com

Why I did it
Previous kubernetes-cni version (0.7.5) introduced Kubernetes Man In The Middle Vulnerability. “A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.”

How I did it
Defined kubernetes-cni version to be 0.8.6 and updated kubernetes version to be 1.18.6

How to verify it
Check versions by running dpkg -l | grep kube
This commit is contained in:
isabelmsft 2020-07-24 12:14:24 -05:00 committed by Abhishek Dosi
parent 4a2db8e216
commit ca844ec6b3
3 changed files with 6 additions and 9 deletions

View File

@ -168,6 +168,7 @@ SONIC_BUILD_INSTRUCTION := make \
SHUTDOWN_BGP_ON_START=$(SHUTDOWN_BGP_ON_START) \ SHUTDOWN_BGP_ON_START=$(SHUTDOWN_BGP_ON_START) \
INSTALL_KUBERNETES=$(INSTALL_KUBERNETES) \ INSTALL_KUBERNETES=$(INSTALL_KUBERNETES) \
KUBERNETES_VERSION=$(KUBERNETES_VERSION) \ KUBERNETES_VERSION=$(KUBERNETES_VERSION) \
KUBERNETES_CNI_VERSION=$(KUBERNETES_CNI_VERSION) \
K8s_GCR_IO_PAUSE_VERSION=$(K8s_GCR_IO_PAUSE_VERSION) \ K8s_GCR_IO_PAUSE_VERSION=$(K8s_GCR_IO_PAUSE_VERSION) \
K8s_CNI_FLANNEL_VERSION=$(K8s_CNI_FLANNEL_VERSION) \ K8s_CNI_FLANNEL_VERSION=$(K8s_CNI_FLANNEL_VERSION) \
SONIC_ENABLE_PFCWD_ON_START=$(ENABLE_PFCWD_ON_START) \ SONIC_ENABLE_PFCWD_ON_START=$(ENABLE_PFCWD_ON_START) \

View File

@ -217,14 +217,9 @@ then
## Check out the sources list update matches current Debian version ## Check out the sources list update matches current Debian version
sudo cp files/image_config/kubernetes/kubernetes.list $FILESYSTEM_ROOT/etc/apt/sources.list.d/ sudo cp files/image_config/kubernetes/kubernetes.list $FILESYSTEM_ROOT/etc/apt/sources.list.d/
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get update sudo LANG=C chroot $FILESYSTEM_ROOT apt-get update
if [[ $KUBERNETES_VERSION == 1.18.0 ]]; then sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubernetes-cni=${KUBERNETES_CNI_VERSION}-00
# kubeadm 1.18.0 package auto install has some dependency error so install sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubelet=${KUBERNETES_VERSION}-00
# those package explicitly. sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubectl=${KUBERNETES_VERSION}-00
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubernetes-cni=0.7.5-00
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubelet=1.18.3-00
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubectl=1.18.3-00
fi
# else kubeadm package auto install kubelet & kubectl
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubeadm=${KUBERNETES_VERSION}-00 sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubeadm=${KUBERNETES_VERSION}-00
# kubeadm package auto install kubelet & kubectl # kubeadm package auto install kubelet & kubectl
else else

View File

@ -121,7 +121,8 @@ INSTALL_KUBERNETES = n
# These are Used *only* when INSTALL_KUBERNETES=y # These are Used *only* when INSTALL_KUBERNETES=y
# NOTE: As a worker node it has to run version compatible to kubernetes master. # NOTE: As a worker node it has to run version compatible to kubernetes master.
# #
KUBERNETES_VERSION = 1.18.0 KUBERNETES_VERSION = 1.18.6
KUBERNETES_CNI_VERSION = 0.8.6
K8s_GCR_IO_PAUSE_VERSION = 3.2 K8s_GCR_IO_PAUSE_VERSION = 3.2
K8s_CNI_FLANNEL_VERSION = v0.12.0 K8s_CNI_FLANNEL_VERSION = v0.12.0