Update Kubernetes and kubernetes-cni versions (#5024)
This PR updates kubernetes version to 1.18.6 and kubernetes-cni version to 0.8.6 signed-off by: Isabel Li isabel.li@microsoft.com Why I did it Previous kubernetes-cni version (0.7.5) introduced Kubernetes Man In The Middle Vulnerability. “A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.” How I did it Defined kubernetes-cni version to be 0.8.6 and updated kubernetes version to be 1.18.6 How to verify it Check versions by running dpkg -l | grep kube
This commit is contained in:
parent
4a2db8e216
commit
ca844ec6b3
@ -168,6 +168,7 @@ SONIC_BUILD_INSTRUCTION := make \
|
|||||||
SHUTDOWN_BGP_ON_START=$(SHUTDOWN_BGP_ON_START) \
|
SHUTDOWN_BGP_ON_START=$(SHUTDOWN_BGP_ON_START) \
|
||||||
INSTALL_KUBERNETES=$(INSTALL_KUBERNETES) \
|
INSTALL_KUBERNETES=$(INSTALL_KUBERNETES) \
|
||||||
KUBERNETES_VERSION=$(KUBERNETES_VERSION) \
|
KUBERNETES_VERSION=$(KUBERNETES_VERSION) \
|
||||||
|
KUBERNETES_CNI_VERSION=$(KUBERNETES_CNI_VERSION) \
|
||||||
K8s_GCR_IO_PAUSE_VERSION=$(K8s_GCR_IO_PAUSE_VERSION) \
|
K8s_GCR_IO_PAUSE_VERSION=$(K8s_GCR_IO_PAUSE_VERSION) \
|
||||||
K8s_CNI_FLANNEL_VERSION=$(K8s_CNI_FLANNEL_VERSION) \
|
K8s_CNI_FLANNEL_VERSION=$(K8s_CNI_FLANNEL_VERSION) \
|
||||||
SONIC_ENABLE_PFCWD_ON_START=$(ENABLE_PFCWD_ON_START) \
|
SONIC_ENABLE_PFCWD_ON_START=$(ENABLE_PFCWD_ON_START) \
|
||||||
|
@ -217,14 +217,9 @@ then
|
|||||||
## Check out the sources list update matches current Debian version
|
## Check out the sources list update matches current Debian version
|
||||||
sudo cp files/image_config/kubernetes/kubernetes.list $FILESYSTEM_ROOT/etc/apt/sources.list.d/
|
sudo cp files/image_config/kubernetes/kubernetes.list $FILESYSTEM_ROOT/etc/apt/sources.list.d/
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get update
|
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get update
|
||||||
if [[ $KUBERNETES_VERSION == 1.18.0 ]]; then
|
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubernetes-cni=${KUBERNETES_CNI_VERSION}-00
|
||||||
# kubeadm 1.18.0 package auto install has some dependency error so install
|
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubelet=${KUBERNETES_VERSION}-00
|
||||||
# those package explicitly.
|
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubectl=${KUBERNETES_VERSION}-00
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubernetes-cni=0.7.5-00
|
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubelet=1.18.3-00
|
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubectl=1.18.3-00
|
|
||||||
fi
|
|
||||||
# else kubeadm package auto install kubelet & kubectl
|
|
||||||
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubeadm=${KUBERNETES_VERSION}-00
|
sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubeadm=${KUBERNETES_VERSION}-00
|
||||||
# kubeadm package auto install kubelet & kubectl
|
# kubeadm package auto install kubelet & kubectl
|
||||||
else
|
else
|
||||||
|
@ -121,7 +121,8 @@ INSTALL_KUBERNETES = n
|
|||||||
# These are Used *only* when INSTALL_KUBERNETES=y
|
# These are Used *only* when INSTALL_KUBERNETES=y
|
||||||
# NOTE: As a worker node it has to run version compatible to kubernetes master.
|
# NOTE: As a worker node it has to run version compatible to kubernetes master.
|
||||||
#
|
#
|
||||||
KUBERNETES_VERSION = 1.18.0
|
KUBERNETES_VERSION = 1.18.6
|
||||||
|
KUBERNETES_CNI_VERSION = 0.8.6
|
||||||
K8s_GCR_IO_PAUSE_VERSION = 3.2
|
K8s_GCR_IO_PAUSE_VERSION = 3.2
|
||||||
K8s_CNI_FLANNEL_VERSION = v0.12.0
|
K8s_CNI_FLANNEL_VERSION = v0.12.0
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user