Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updating cve advisory for kops-1.7.1 release #3580

Merged
merged 3 commits into from
Oct 11, 2017
Merged

updating cve advisory for kops-1.7.1 release #3580

merged 3 commits into from
Oct 11, 2017

Conversation

chrislovecnm
Copy link
Contributor

  • fixed line wrap
  • fixed typos
  • added updates for kops 1.7.1 release

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 10, 2017
@chrislovecnm
Copy link
Contributor Author

/approved

@chrislovecnm
Copy link
Contributor Author

/approve

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 10, 2017
justinsb
justinsb reviewed Oct 10, 2017
View reviewed changes
docs/advisories/cve_2017_14491.md Outdated

## Current kops Status

As of 2017/10/08 `kops` fixes are not in a released `kops` version, but you are
able to hotfix any Kubernetes cluster that is 1.4.x or higher.
`kop` release 1.7.1 addresses this CVE. This version of `kops` will upgrade and
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo: kops

docs/advisories/cve_2017_14491.md Outdated
As of 2017/10/08 `kops` fixes are not in a released `kops` version, but you are
able to hotfix any Kubernetes cluster that is 1.4.x or higher.
`kop` release 1.7.1 addresses this CVE. This version of `kops` will upgrade and
create clusters. `kops` 1.8.x release does not contain the required changes.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1.8.0-alpha.1 doesn't, but alpha.2 and up will

docs/advisories/cve_2017_14491.md Outdated

## Upgrading Cluster

To update a cluster. The kube-dns deployment will be automatically upgraded.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dangling sentence

docs/advisories/cve_2017_14491.md
-o jsonpath='{.spec.template.spec.containers[?(@.name == "dnsmasq")].image}'
```

The upgrade is will occur once the channels utilty picks up the change within a
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

grammar and typo in mintues

docs/advisories/cve_2017_14491.md Outdated
@@ -126,4 +162,4 @@ _TODO_ if someone wants to provide the output.

## Thanks

Thanks to @mikesplain, @chrislovecnm, @snoby, @justinsb, @3h4x
Thanks to all that helped @mikesplain, @chrislovecnm, @snoby, @justinsb, @3h4x
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably add aaronlevy here also

docs/advisories/cve_2017_14491.md Outdated
upgrading to tested version is recommended. We have had 1.4.x users upgrade
successfully, but we cannot validate full production stability. Local testing
in a non-production environment is always recommended. We are not able to
quatify the risk of using a non-tested version.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

quantify

@chrislovecnm
Copy link
Contributor Author

@justinsb PTAL, cleaned up english

kooba
kooba reviewed Oct 11, 2017
View reviewed changes
docs/advisories/cve_2017_14491.md

#### Installation of Hot Fix

Apply the update to the container:

```bash
kubectl set image deployment/kube-dns -n kube-system dnsmasq=gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.14.5
kubectl set image deployment/kube-dns -n kube-system \
dnsmasq=gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.14.5
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be k8s-dns-dnsmasq-nanny-amd64:1.14.5 ?

Copy link

@kooba kooba Oct 11, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nevermind, I think naming changed. Although nanny is still mentioned in validation steps.

@justinsb
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 11, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chrislovecnm, justinsb

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:
  • OWNERS [chrislovecnm,justinsb]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot
Copy link

Automatic merge from submit-queue.

@k8s-github-robot k8s-github-robot merged commit f14b5a5 into kubernetes:master Oct 11, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinsb justinsb justinsb left review comments

@kooba kooba kooba left review comments

Assignees

@justinsb justinsb

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@chrislovecnm @justinsb @k8s-github-robot @kooba @k8s-ci-robot