Skip to content

Commit

Permalink
Merge pull request #437 from fluxcd/release-v0.17.2
Browse files Browse the repository at this point in the history
  • Loading branch information
@hiddeco
hiddeco authored Mar 15, 2022
2 parents fe48c07 + 1ad2dc7 commit 5fe66f4
Show file tree
Hide file tree
Showing 6 changed files with 98 additions and 73 deletions.
23 changes: 23 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,28 @@
# Changelog

## 0.17.2

**Release date:** 2022-03-15

This prerelease comes with an update for `github.com/containerd/containerd` to
`v1.5.10` to please static security analysers and fix any warnings for
CVE-2022-23648.

In addition, it updates Helm from a forked and patched `v3.8.0`, to the
official `v3.8.1` release, and updates minor dependencies.

The Deployment manifest contains a patch to set the
`.spec.securityContext.fsGroup`, which may be required for some EKS setups
as reported in https://github.com/fluxcd/flux2/issues/2537.

Improvements:
- Update Helm to v3.8.1
[#434](https://github.com/fluxcd/helm-controller/pull/434)
- add fsgroup for securityContext
[#435](https://github.com/fluxcd/helm-controller/pull/435)
- Update containerd to v1.5.10 and tidy go.mod
[#436](https://github.com/fluxcd/helm-controller/pull/436)

## 0.17.1

**Release date:** 2022-02-22
Expand Down
4 changes: 4 additions & 0 deletions config/manager/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ spec:
prometheus.io/port: "8080"
spec:
terminationGracePeriodSeconds: 600
securityContext:
# Required for AWS IAM Role bindings
# https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
fsGroup: 1337
containers:
- name: manager
image: fluxcd/helm-controller
Expand Down
2 changes: 1 addition & 1 deletion config/manager/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ resources:
images:
- name: fluxcd/helm-controller
newName: fluxcd/helm-controller
newTag: v0.17.1
newTag: v0.17.2
74 changes: 28 additions & 46 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.17
replace github.com/fluxcd/helm-controller/api => ./api

require (
github.com/fluxcd/helm-controller/api v0.17.1
github.com/fluxcd/helm-controller/api v0.17.2
github.com/fluxcd/pkg/apis/acl v0.0.3
github.com/fluxcd/pkg/apis/kustomize v0.3.1
github.com/fluxcd/pkg/apis/meta v0.10.2
Expand All @@ -16,26 +16,32 @@ require (
github.com/onsi/ginkgo v1.16.5
github.com/onsi/gomega v1.17.0
github.com/spf13/pflag v1.0.5
github.com/yvasiyarov/go-metrics v0.0.0-20150112132944-c25f46c4b940 // indirect
github.com/yvasiyarov/gorelic v0.0.7 // indirect
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20160601141957-9c099fbc30e9 // indirect
golang.org/x/text v0.3.7 // indirect
helm.sh/helm/v3 v3.8.0
k8s.io/api v0.23.1
k8s.io/apiextensions-apiserver v0.23.1
k8s.io/apimachinery v0.23.1
k8s.io/cli-runtime v0.23.1
k8s.io/client-go v0.23.1
helm.sh/helm/v3 v3.8.1
k8s.io/api v0.23.4
k8s.io/apiextensions-apiserver v0.23.4
k8s.io/apimachinery v0.23.4
k8s.io/cli-runtime v0.23.4
k8s.io/client-go v0.23.4
sigs.k8s.io/controller-runtime v0.11.0
sigs.k8s.io/kustomize/api v0.10.1
sigs.k8s.io/yaml v1.3.0
)

// Temporary fork of Helm v3.8.0 with patch applied from
// https://github.com/helm/helm/pull/10486 to solve memory leak and issues as
// described in https://github.com/fluxcd/helm-controller/issues/351.
// TODO: Remove once Helm v3.8.1 is released.
replace helm.sh/helm/v3 v3.8.0 => github.com/hiddeco/helm/v3 v3.0.0-20220128105410-34ef0a7a5811
// Pin kustomize to v4.4.1
replace (
sigs.k8s.io/kustomize/api => sigs.k8s.io/kustomize/api v0.10.1
sigs.k8s.io/kustomize/kyaml => sigs.k8s.io/kustomize/kyaml v0.13.0
)

// Fix CVE-2021-30465
// Fix CVE-2021-43784
// Fix GO-2021-0085
// Fix GO-2021-0087
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.3

// Fix CVE-2021-43816
// Fix CVE-2022-23648
replace github.com/containerd/containerd => github.com/containerd/containerd v1.5.10

require (
cloud.google.com/go v0.99.0 // indirect
Expand Down Expand Up @@ -141,7 +147,8 @@ require (
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
Expand All @@ -153,39 +160,14 @@ require (
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
k8s.io/apiserver v0.23.1 // indirect
k8s.io/component-base v0.23.1 // indirect
k8s.io/apiserver v0.23.4 // indirect
k8s.io/component-base v0.23.4 // indirect
k8s.io/klog/v2 v2.30.0 // indirect
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
k8s.io/kubectl v0.23.1 // indirect
k8s.io/kubectl v0.23.4 // indirect
k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 // indirect
oras.land/oras-go v1.1.0 // indirect
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
sigs.k8s.io/kustomize/kyaml v0.13.0 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.0 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
)

// pin kustomize to v4.4.1
replace (
sigs.k8s.io/kustomize/api => sigs.k8s.io/kustomize/api v0.10.1
sigs.k8s.io/kustomize/kyaml => sigs.k8s.io/kustomize/kyaml v0.13.0
)

// Fix CVE-2021-41092
// Due to https://github.com/oras-project/oras-go/blob/v0.4.0/go.mod#L14
// pulled in by Helm.
replace github.com/docker/cli => github.com/docker/cli v20.10.9+incompatible

// Fix CVE-2021-30465
// Fix CVE-2021-43784
// Fix GO-2021-0085
// Fix GO-2021-0087
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.3

// Fix CVE-2021-41190
// Due to https://github.com/oras-project/oras-go/blob/v0.4.0/go.mod#L21,
// pulled in by Helm.
replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2

// Fix CVE-2021-43816
replace github.com/containerd/containerd => github.com/containerd/containerd v1.5.9
Loading

0 comments on commit 5fe66f4

Please sign in to comment.