Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-1.11: update to debian-base 0.3.2, debian-iptables v10.2 and hyperkube-base 0.10.2 #67460

Merged
merged 10 commits into from
Oct 4, 2018
Merged

release-1.11: update to debian-base 0.3.2, debian-iptables v10.2 and hyperkube-base 0.10.2 #67460

merged 10 commits into from
Oct 4, 2018

Conversation

ixdy
Copy link
Member

@ixdy ixdy commented Aug 15, 2018
edited
Loading

Cherry pick of #67026 #67222 #67283 #67365 #68764 #68769 #68801 on release-1.11.

#67026: Upgrade debian-base to 0.3.1 for CVEs
#67222: ensure qemu-ARCH-static binary is world readable and
#67283: Add missing tmpdir path to chmod
#67365: Update to debian-iptables v10.1 and hyperkube-base 0.10.1
#68764: Install netbase in debian-iptables and debian-hyperkube-base as it is needed by ipvs
#68769: Update to use debian-iptables v10.2 and debian-hyperkube-base
#68801: bazel: update debian-iptables and debian-hyperkube-base

Fixes #68703

Update to use debian-iptables v10.2 and debian-hyperkube-base 0.10.2 with upstream security fixes, and install netbase in these images, as it is needed by ipvs.

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Aug 15, 2018
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 15, 2018
@k8s-github-robot
Copy link

This PR is not for the master branch but does not have the cherrypick-approved label. Adding the do-not-merge/cherry-pick-not-approved label.

@k8s-github-robot k8s-github-robot added the do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. label Aug 15, 2018
@ixdy
Copy link
Member Author

ixdy commented Aug 15, 2018

actually, I think I only want to cherry-pick ##67365.

/close

@ixdy
Copy link
Member Author

ixdy commented Aug 15, 2018

/reopen

nah, this still seems easiest, probably.

@k8s-ci-robot k8s-ci-robot reopened this Aug 15, 2018
@ixdy ixdy changed the title Automated cherry pick of #67026: Upgrade debian-base to 0.3.1 for CVEs #67222: ensure qemu-ARCH-static binary is world readable and #67283: Add missing tmpdir path to chmod #67365: Update to debian-iptables v10.1 and hyperkube-base 0.10.1 release-1.11: update to debian-base 0.3.2, debian-iptables v10.1 and hyperkubebase 0.10.1 Aug 15, 2018
@ixdy
Copy link
Member Author

ixdy commented Aug 15, 2018

/assign @tallclair
cc @satyasm

@tallclair
Copy link
Member

/lgtm
Thanks!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 15, 2018
@ixdy
Copy link
Member Author

ixdy commented Aug 20, 2018

/retest

2 similar comments
@ixdy
Copy link
Member Author

ixdy commented Aug 20, 2018

/retest

@ixdy
Copy link
Member Author

ixdy commented Aug 21, 2018

/retest

@foxish foxish added cherrypick-candidate cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. and removed do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Sep 4, 2018
@k8s-ci-robot k8s-ci-robot added do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. labels Sep 18, 2018
@ixdy
Copy link
Member Author

ixdy commented Sep 18, 2018

/hold cancel

Additional cherry-picks added to fix the linked issue.

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 18, 2018
@ixdy ixdy changed the title release-1.11: update to debian-base 0.3.2, debian-iptables v10.1 and hyperkubebase 0.10.1 release-1.11: update to debian-base 0.3.2, debian-iptables v10.2 and hyperkubebase 0.10.2 Sep 18, 2018
@ixdy ixdy changed the title release-1.11: update to debian-base 0.3.2, debian-iptables v10.2 and hyperkubebase 0.10.2 release-1.11: update to debian-base 0.3.2, debian-iptables v10.2 and hyperkube-base 0.10.2 Sep 18, 2018
@ixdy
Copy link
Member Author

ixdy commented Sep 20, 2018

PTAL? this needs re-LGTM

@tallclair
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 20, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ixdy, tallclair

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. and removed cherrypick-candidate labels Sep 21, 2018
@nikhita
Copy link
Member

nikhita commented Sep 25, 2018

/sig release
/kind bug

/assign @foxish
for cherry-pick approval

@k8s-ci-robot k8s-ci-robot added sig/release Categorizes an issue or PR as relevant to SIG Release. kind/bug Categorizes issue or PR as related to a bug. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Sep 25, 2018
@nikhita
Copy link
Member

nikhita commented Sep 25, 2018

@ixdy looks like this needs a release note.

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Oct 2, 2018
@ixdy
Copy link
Member Author

ixdy commented Oct 2, 2018

added a release note. This fixes issue #68703 for 1.11.

@foxish foxish added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. and removed do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Oct 3, 2018
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@k8s-ci-robot k8s-ci-robot merged commit e920cf3 into kubernetes:release-1.11 Oct 4, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cblecker cblecker Awaiting requested review from cblecker

@luxas luxas Awaiting requested review from luxas

Assignees

@foxish foxish

@tallclair tallclair

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/release Categorizes an issue or PR as relevant to SIG Release. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.11
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@ixdy @k8s-github-robot @tallclair @foxish @fejta-bot @k8s-ci-robot @nikhita @satyasm