55d3ecd267
This PR updates kubernetes version to 1.18.6 and kubernetes-cni version to 0.8.6 signed-off by: Isabel Li isabel.li@microsoft.com Why I did it Previous kubernetes-cni version (0.7.5) introduced Kubernetes Man In The Middle Vulnerability. “A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.” How I did it Defined kubernetes-cni version to be 0.8.6 and updated kubernetes version to be 1.18.6 How to verify it Check versions by running dpkg -l | grep kube
159 lines
6.6 KiB
Plaintext
159 lines
6.6 KiB
Plaintext
###############################################################################
|
|
## Configuration parameters for SONiC build system
|
|
###############################################################################
|
|
|
|
# SONIC_CONFIG_PRINT_DEPENDENCIES - show dependencies for each invoked target.
|
|
# Before executing rule for each target its dependencies are printed to console.
|
|
# Uncomment next line to enable:
|
|
# SONIC_CONFIG_PRINT_DEPENDENCIES = y
|
|
|
|
# SONIC_CONFIG_BUILD_JOBS - set number of jobs for parallel build.
|
|
# Corresponding -j argument will be passed to make command inside docker
|
|
# container.
|
|
SONIC_CONFIG_BUILD_JOBS = 1
|
|
|
|
# SONIC_CONFIG_MAKE_JOBS - set number of parallel make jobs per package.
|
|
# Corresponding -j argument will be passed to make/dpkg commands that build separate packages
|
|
SONIC_CONFIG_MAKE_JOBS = $(shell nproc)
|
|
|
|
# DEFAULT_BUILD_LOG_TIMESTAMP - add timestamp in build log
|
|
# Supported format: simple, none
|
|
DEFAULT_BUILD_LOG_TIMESTAMP = none
|
|
|
|
# SONIC_USE_DOCKER_BUILDKIT - use docker buildkit for build.
|
|
# If set to y SONiC build system will set environment variable DOCKER_BUILDKIT=1
|
|
# to enable docker buildkit.
|
|
# This options will speed up docker image build time.
|
|
# NOTE: SONIC_USE_DOCKER_BUILDKIT will produce larger installable SONiC image
|
|
# because of a docker bug (more details: https://github.com/moby/moby/issues/38903)
|
|
# SONIC_USE_DOCKER_BUILDKIT = y
|
|
|
|
# SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD - use native dockerd for build.
|
|
# If set to y SONiC build container will use native dockerd instead of dind for faster build
|
|
# SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD = y
|
|
|
|
# SONIC_CONFIG_ENABLE_COLORS - enable colored output in build system.
|
|
# Comment next line to disable:
|
|
# SONIC_CONFIG_ENABLE_COLORS = y
|
|
|
|
# DEFAULT_USERNAME - default username for installer build
|
|
DEFAULT_USERNAME = admin
|
|
|
|
# DEFAULT_PASSWORD - default password for installer build
|
|
DEFAULT_PASSWORD = YourPaSsWoRd
|
|
|
|
# ENABLE_DHCP_GRAPH_SERVICE - specify the source of minigraph to generate configuration file.
|
|
# If set to y SONiC will get the minigraph from graph service. Graph service URL need to be
|
|
# passed through DHCP option 225.
|
|
# If not set (default behavior) the default minigraph built into the image will be used.
|
|
# ENABLE_DHCP_GRAPH_SERVICE = y
|
|
|
|
# ENABLE_ZTP - installs Zero Touch Provisioning support.
|
|
# ENABLE_ZTP = y
|
|
|
|
# SHUTDOWN_BGP_ON_START - if set to y all bgp sessions will be in admin down state when
|
|
# bgp service starts.
|
|
# SHUTDOWN_BGP_ON_START = y
|
|
|
|
# ENABLE_PFCWD_ON_START - if set to y PFC Watchdog (PFCWD) will be enabled all server-facing ports
|
|
# by default for TOR switch
|
|
# ENABLE_PFCWD_ON_START = y
|
|
|
|
# INSTALL_DEBUG_TOOLS - installs debugging tools in baseline docker
|
|
# Uncomment next line to enable:
|
|
# INSTALL_DEBUG_TOOLS = y
|
|
|
|
# SONIC_ROUTING_STACK - specify the routing-stack being elected to drive SONiC's control-plane.
|
|
# Supported routing stacks on SONiC are:
|
|
# routing-stacks: quagga, frr.
|
|
SONIC_ROUTING_STACK = frr
|
|
|
|
# ENABLE_SYNCD_RPC - build docker-syncd with rpc packages for testing purposes.
|
|
# Uncomment to enable:
|
|
# ENABLE_SYNCD_RPC = y
|
|
|
|
# Enable Origanization Extensions - Specific to the deployment scenarios of the Organization
|
|
ENABLE_ORGANIZATION_EXTENSIONS = y
|
|
|
|
# Debugging option allows sonic debian packages to get built including symbols
|
|
# information. Profiling option, disables compiler optimizations (-O0) as well
|
|
# as includes symbols information. Given that 'profiling' option is a superset
|
|
# of 'debugging' one, user should only enable either one option or the other --
|
|
# if both options are enabled, the 'profiling' one will prevail.
|
|
#SONIC_DEBUGGING_ON = y
|
|
#SONIC_PROFILING_ON = y
|
|
|
|
# ENABLE_SYSTEM_TELEMETRY - build docker-sonic-telemetry for system telemetry support
|
|
ENABLE_SYSTEM_TELEMETRY = y
|
|
|
|
# DEFAULT_KERNEL_PROCURE_METHOD - default method for obtaining kernel
|
|
# build: build kernel from source
|
|
# download: download pre-built kernel from Azure storage.
|
|
DEFAULT_KERNEL_PROCURE_METHOD = build
|
|
|
|
# FRR user and group id values. These only take effect when SONIC_ROUTING_STACK is frr.
|
|
# Note: these values match the admin uid/gid of the host's admin account. If these values
|
|
# change and user doesn't want the frr uid/gid to potentially match a random user on the
|
|
# host, then either the appropriate account and group will need to be created on the host
|
|
# manually or changes need to be made when the image is built to create the account and
|
|
# group during installation.
|
|
FRR_USER_UID = 300
|
|
FRR_USER_GID = 300
|
|
|
|
# DPKG cache allows the .deb files to be stored in the cache path. This allows the submodules
|
|
# package to be cached and restored back if its commit hash is not modified and its dependencies are not modified.
|
|
# SONIC_DPKG_CACHE_METHOD - Default method of deb package caching
|
|
# none : no caching
|
|
# rwcache : Use cache if exists else build the source and update the cache
|
|
# wcache : Dont use the cache and just build the source and update the cache
|
|
# rcache : Use cache if exists, but dont update the cache
|
|
# cache : Same as rwcache
|
|
# SONIC_DPKG_CACHE_SOURCE - Stores the cache location details
|
|
SONIC_DPKG_CACHE_METHOD ?= none
|
|
SONIC_DPKG_CACHE_SOURCE ?= /var/cache/sonic/artifacts
|
|
|
|
# Default VS build memory preparation
|
|
DEFAULT_VS_PREPARE_MEM = yes
|
|
|
|
|
|
# ENABLE_ICCPD - build docker-iccpd for mclag support
|
|
ENABLE_ICCPD = n
|
|
|
|
# ENABLE_SYSTEM_SFLOW - build docker-sonic-sflow for sFlow support
|
|
ENABLE_SFLOW = y
|
|
|
|
# ENABLE_MGMT_FRAMEWORK - build docker-sonic-mgt-framework for CLI and REST server support
|
|
ENABLE_MGMT_FRAMEWORK = y
|
|
|
|
# ENABLE_RESTAPI - build docker-sonic-restapi for configuring the switch using REST APIs
|
|
ENABLE_RESTAPI = n
|
|
|
|
# ENABLE_NAT - build docker-sonic-nat for nat support
|
|
ENABLE_NAT = y
|
|
|
|
# TELEMETRY_WRITABLE - Enable write/config operations via the gNMI interface.
|
|
# Uncomment to enable:
|
|
# TELEMETRY_WRITABLE = y
|
|
# INSTALL_KUBERNETES - if set to y kubernetes packages are installed to be able to
|
|
# run as worker node in kubernetes cluster.
|
|
INSTALL_KUBERNETES = n
|
|
|
|
# KUBERNETES_VERSION - Set to the required version.
|
|
# K8s_GCR_IO_PAUSE_VERSION - Version of k8s universal pause container image
|
|
# K8s_CNI_FLANNEL_VERSION - Flannel used as CNI; Appropriate version for this Kubernetes version
|
|
# These are Used *only* when INSTALL_KUBERNETES=y
|
|
# NOTE: As a worker node it has to run version compatible to kubernetes master.
|
|
#
|
|
KUBERNETES_VERSION = 1.18.6
|
|
KUBERNETES_CNI_VERSION = 0.8.6
|
|
K8s_GCR_IO_PAUSE_VERSION = 3.2
|
|
K8s_CNI_FLANNEL_VERSION = v0.12.0
|
|
|
|
# SONIC_ENABLE_IMAGE_SIGNATURE - enable image signature
|
|
# To not use the auto-generated self-signed certificate, the required files to sign the image as below:
|
|
# SIGNING_KEY =
|
|
# SIGNING_CERT =
|
|
# CA_CERT =
|
|
# The relative path is build root folder.
|
|
SONIC_ENABLE_IMAGE_SIGNATURE ?= n
|