chore: upgrade kubernetes terraform provider to 2.4 #2397

sumo-drosiek · 2022-06-30T07:22:50Z

Description

Upgrade kubernetes terraform provider due to security issues

➜  ~ grype --add-cpes-if-none docker.io/library/kubernetes-setup:latest 
 ✔ Vulnerability DB        [no update available]
New version of grype is available: 0.40.1
 ✔ Loaded image            
 ✔ Parsed image            
 ✔ Cataloged packages      [387 packages]
 ✔ Scanned image           [39 vulnerabilities]
NAME                             INSTALLED                                     FIXED-IN  TYPE       VULNERABILITY        SEVERITY 
github.com/gogo/protobuf         v1.3.1                                        1.3.2     go-module  GHSA-c3h9-896r-86jm  High      
github.com/hashicorp/consul/api  v1.9.1                                                  go-module  CVE-2021-36213       High      
github.com/hashicorp/consul/api  v1.9.1                                                  go-module  CVE-2021-28156       High      
github.com/hashicorp/consul/api  v1.9.1                                                  go-module  CVE-2021-37219       High      
github.com/hashicorp/consul/api  v1.9.1                                                  go-module  CVE-2021-41805       High      
github.com/hashicorp/consul/api  v1.9.1                                                  go-module  CVE-2020-25864       Medium    
github.com/hashicorp/consul/api  v1.9.1                                                  go-module  CVE-2022-29153       High      
github.com/hashicorp/consul/api  v1.9.1                                                  go-module  CVE-2022-24687       Medium    
github.com/hashicorp/consul/api  v1.9.1                                                  go-module  CVE-2021-38698       Medium    
github.com/hashicorp/consul/api  v1.9.1                                                  go-module  CVE-2021-3121        High      
github.com/hashicorp/consul/api  v1.9.1                                                  go-module  CVE-2021-32574       High      
github.com/hashicorp/go-getter   v1.4.2-0.20200106182914-9813cbd4eb02                    go-module  CVE-2022-30321       Critical  
github.com/hashicorp/go-getter   v1.4.2-0.20200106182914-9813cbd4eb02                    go-module  CVE-2022-30322       Critical  
github.com/hashicorp/go-getter   v1.4.2-0.20200106182914-9813cbd4eb02          1.5.11    go-module  GHSA-27rq-4943-qcwp  Medium    
github.com/hashicorp/go-getter   v1.4.2-0.20200106182914-9813cbd4eb02          1.6.1     go-module  GHSA-fcgg-rvwg-jv58  Critical  
github.com/hashicorp/go-getter   v1.4.2-0.20200106182914-9813cbd4eb02                    go-module  CVE-2022-29810       Medium    
github.com/hashicorp/go-getter   v1.5.3                                                  go-module  CVE-2022-29810       Medium    
github.com/hashicorp/go-getter   v1.5.3                                                  go-module  CVE-2022-30321       Critical  
github.com/hashicorp/go-getter   v1.4.2-0.20200106182914-9813cbd4eb02          1.6.1     go-module  GHSA-cjr4-fv6c-f3mv  Critical  
github.com/hashicorp/go-getter   v1.5.3                                        1.6.1     go-module  GHSA-x24g-9w7v-vprh  Critical  
github.com/hashicorp/go-getter   v1.5.3                                        1.6.1     go-module  GHSA-fcgg-rvwg-jv58  Critical  
github.com/hashicorp/go-getter   v1.4.2-0.20200106182914-9813cbd4eb02                    go-module  CVE-2022-26945       Critical  
github.com/hashicorp/go-getter   v1.5.3                                        1.6.1     go-module  GHSA-28r2-q6m8-9hpx  High      
github.com/hashicorp/go-getter   v1.5.3                                        1.6.1     go-module  GHSA-cjr4-fv6c-f3mv  Critical  
github.com/hashicorp/go-getter   v1.5.3                                                  go-module  CVE-2022-30322       Critical  
github.com/hashicorp/go-getter   v1.5.3                                                  go-module  CVE-2022-30323       Critical  
github.com/hashicorp/go-getter   v1.5.3                                                  go-module  CVE-2022-26945       Critical  
github.com/hashicorp/go-getter   v1.4.2-0.20200106182914-9813cbd4eb02                    go-module  CVE-2022-30323       Critical  
github.com/hashicorp/go-getter   v1.4.2-0.20200106182914-9813cbd4eb02          1.6.1     go-module  GHSA-x24g-9w7v-vprh  Critical  
github.com/hashicorp/go-getter   v1.5.3                                        1.5.11    go-module  GHSA-27rq-4943-qcwp  Medium    
github.com/hashicorp/go-getter   v1.4.2-0.20200106182914-9813cbd4eb02          1.6.1     go-module  GHSA-28r2-q6m8-9hpx  High      
github.com/hashicorp/terraform   9cc7dbd4f514431cee31155663c16d4f7f77f979                go-module  CVE-2021-36230       High      
go.etcd.io/etcd                  v0.5.0-alpha.5.0.20210428180535-15715dcf1ace  3.4.0     go-module  GHSA-wf43-55jj-vwq8  Medium    
google.golang.org/protobuf       v1.27.1                                                 go-module  CVE-2021-22570       High      
google.golang.org/protobuf       v1.25.0                                                 go-module  CVE-2015-5237        High      
google.golang.org/protobuf       v1.27.1                                                 go-module  CVE-2015-5237        High      
google.golang.org/protobuf       v1.25.0                                                 go-module  CVE-2021-22570       High

Checklist

Changelog updated

Testing performed

Redeploy fluentd and fluentd-events pods
Confirm events, logs, and metrics are coming in

Signed-off-by: Dominik Rosiek <drosiek@sumologic.com>

sumo-drosiek · 2022-06-30T07:26:54Z

deploy/helm/sumologic/values.yaml

@@ -56,6 +56,7 @@ sumologic:
    # config_context_auth_info:
    # config_context_cluster:
    token: "${file(\"/var/run/secrets/kubernetes.io/serviceaccount/token\")}"
+    ## load_config_file is deprecated and no longer used


Remove it in 3.0

I would just remove this sumologic.cluster.load_config_file property from values.yaml instead of commenting that it doesn't work.

Signed-off-by: Dominik Rosiek <drosiek@sumologic.com>

chore: upgrade kubernetes terraform provider to 2.4

b7fcba0

Signed-off-by: Dominik Rosiek <drosiek@sumologic.com>

sumo-drosiek requested a review from a team as a code owner June 30, 2022 07:22

github-actions bot approved these changes Jun 30, 2022

View reviewed changes

chore(changelog): update

445b199

Signed-off-by: Dominik Rosiek <drosiek@sumologic.com>

github-actions bot added the documentation documentation label Jun 30, 2022

sumo-drosiek commented Jun 30, 2022

View reviewed changes

sumo-drosiek mentioned this pull request Jun 30, 2022

Remove load_config_file from kubernetes terraform #2398

Closed

andrzej-stencel approved these changes Jun 30, 2022

View reviewed changes

feat(terraform): remove load_config_file from configuration

d612ba6

Signed-off-by: Dominik Rosiek <drosiek@sumologic.com>

sumo-drosiek merged commit 1087475 into main Jun 30, 2022

sumo-drosiek deleted the drosiek-terraform-update-provider branch June 30, 2022 15:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: upgrade kubernetes terraform provider to 2.4 #2397

chore: upgrade kubernetes terraform provider to 2.4 #2397

sumo-drosiek commented Jun 30, 2022

sumo-drosiek Jun 30, 2022

andrzej-stencel Jun 30, 2022

chore: upgrade kubernetes terraform provider to 2.4 #2397

chore: upgrade kubernetes terraform provider to 2.4 #2397

Conversation

sumo-drosiek commented Jun 30, 2022

Description

Checklist

Testing performed

sumo-drosiek Jun 30, 2022

Choose a reason for hiding this comment

andrzej-stencel Jun 30, 2022

Choose a reason for hiding this comment