From 6212525f11c414e03a884940fa9ea3db83e6fb7c Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sat, 6 Jun 2020 09:01:08 +0300 Subject: [PATCH] Update Weave for CVE-2020-13597 --- .../networking.weave/k8s-1.12.yaml.template | 14 ++++++------- .../networking.weave/k8s-1.8.yaml.template | 20 +++++++++---------- .../pkg/fi/cloudup/bootstrapchannelbuilder.go | 4 ++-- .../weave/manifest.yaml | 8 ++++---- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template index b92be5f9a4f7f..39a9cecff80f8 100644 --- a/upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template @@ -13,18 +13,18 @@ apiVersion: v1 kind: ServiceAccount metadata: name: weave-net - namespace: kube-system labels: name: weave-net + namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system rules: - apiGroups: - '' @@ -64,10 +64,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system roleRef: kind: ClusterRole name: weave-net @@ -121,17 +121,17 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system spec: # Wait 5 seconds to let pod connect before rolling next pod - minReadySeconds: 5 selector: matchLabels: name: weave-net role.kubernetes.io/networking: "1" + minReadySeconds: 5 template: metadata: labels: @@ -175,7 +175,7 @@ spec: name: weave-net key: network-password {{- end }} - image: 'weaveworks/weave-kube:2.6.2' + image: 'weaveworks/weave-kube:2.6.4' ports: - name: metrics containerPort: 6782 @@ -218,7 +218,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - image: 'weaveworks/weave-npc:2.6.2' + image: 'weaveworks/weave-npc:2.6.4' ports: - name: metrics containerPort: 6781 diff --git a/upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template b/upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template index 41ca3c331c9bf..ec284b50cb6a4 100644 --- a/upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template @@ -13,18 +13,18 @@ apiVersion: v1 kind: ServiceAccount metadata: name: weave-net - namespace: kube-system labels: name: weave-net + namespace: kube-system --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system rules: - apiGroups: - '' @@ -60,14 +60,14 @@ rules: - patch - update --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system roleRef: kind: ClusterRole name: weave-net @@ -77,7 +77,7 @@ subjects: name: weave-net namespace: kube-system --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: weave-net @@ -101,7 +101,7 @@ rules: verbs: - create --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: weave-net @@ -121,10 +121,10 @@ apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system spec: # Wait 5 seconds to let pod connect before rolling next pod minReadySeconds: 5 @@ -172,7 +172,7 @@ spec: name: weave-net key: network-password {{- end }} - image: 'weaveworks/weave-kube:2.6.2' + image: 'weaveworks/weave-kube:2.6.4' ports: - name: metrics containerPort: 6782 @@ -215,7 +215,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - image: 'weaveworks/weave-npc:2.6.2' + image: 'weaveworks/weave-npc:2.6.4' ports: - name: metrics containerPort: 6781 diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index b39451ddd29c3..5878ed4147578 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -695,8 +695,8 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons { "pre-k8s-1.6": "2.3.0-kops.4", "k8s-1.6": "2.3.0-kops.4", "k8s-1.7": "2.5.2-kops.4", - "k8s-1.8": "2.6.2-kops.2", - "k8s-1.12": "2.6.2-kops.2", + "k8s-1.8": "2.6.4-kops.1", + "k8s-1.12": "2.6.4-kops.1", } { diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml index 5cc6340df8794..9e3e56444c47e 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml @@ -139,16 +139,16 @@ spec: - id: k8s-1.8 kubernetesVersion: '>=1.8.0 <1.12.0' manifest: networking.weave/k8s-1.8.yaml - manifestHash: c155a287ba70947925da304dd81e50f159c541bc + manifestHash: 7a555cd2375dc344250bd039161e28d9d7a6e4fe name: networking.weave selector: role.kubernetes.io/networking: "1" - version: 2.6.2-kops.2 + version: 2.6.4-kops.1 - id: k8s-1.12 kubernetesVersion: '>=1.12.0' manifest: networking.weave/k8s-1.12.yaml - manifestHash: d472c3e0dd7c71148dc5eae96bea50eba4e17807 + manifestHash: cf3e19d0ef67d8a43f378d6c0eb6ca24fa2c00f7 name: networking.weave selector: role.kubernetes.io/networking: "1" - version: 2.6.2-kops.2 + version: 2.6.4-kops.1