ELBA-2019-4543
- ULN >
- Oracle Linux Errata repository >
- ELBA-2019-4543
ELBA-2019-4543 - kubernetes kubeadm-ha-setup kubeadm-upgrade bug fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2019-02-14 |
Description
kubernetes
[1.12.5-2.1.1]
- CVE-2019-6486
[1.12.5-2.0.1]
- Bump to 1.12.5 (CVE-2018-16875)
[1.12.3-2.0.6]
- Upgrade kube-dashbard to v1.10.1 to address CVE-2018-18264 (Auth bypass from service account)
[1.12.3-2.0.5]
- [Orabug 29055222] Fix enabling IPVS problem
[1.12.3-2.0.4]
- Restrict user to upgrade 1.9 cluster to 1.12 [ orabug: 29050087 ]
[1.12.3-2.0.3]
- [Orabug 29039439] check for master/worker should be early.
- [Orabug 29043634] include v1.9.11 image to kubeadm-registry.sh.
[1.12.3-2.0.2]
- [Orabug 28984592] fallback to intial container registry.
[1.12.3-1.0.12]
- Update to v1.12.3
[1.12.2-1.0.12]
- [Orabug 28984689]
[1.12.2-1.0.11]
- Made changes to upgrade flannel to 0.10.0 version
[1.12.2-1.0.10]
- Made changes to k8s dashboard for self cert
[1.12.2-1.0.9]
- coredns related updates to version 1.2.2
[1.12.2-1.0.8]
- Increase memory limit in the config file [ orabug: 28919201 ]
[1.12.2-1.0.7]
- Make necessary changes on flannel yaml file from v0.10.0
[1.12.2-1.0.6]
- Fixes for kubeadm-setup.sh due to the removal of -amd64
- Mask the [WARNING] when joining
[1.12.2-1.0.5]
- Remove -amd64
[1.12.2-1.0.4]
- Additional fixes for kubeadm-registry.sh
- Additional fixes for kubeadm-setup.sh
[1.12.2-1.0.3]
- Add LICENSE file into docker images
[1.12.2-1.0.2]
- Fix for v1.12
[1.12.2-1.0.1]
- Update to v1.12.2
kubeadm-ha-setup
[0.0.1-2.0.10]
- CVE-2018-16875
[0.0.1-2.0.9]
- Update dashboard image (CVE-2018-18264)
[0.0.1-2.0.8]
- Fix backup path issue again found by Tom Cocozzello
[0.0.1-2.0.7]
- Adding a 3rd party license file
- [Orabug 29152516] Backup and restore /var/lib/kubelet/kubeadm-flags.env too
- Cleanup kube-ipvs0 interface too
- More code cleanup
- Use map for checking kernel module
- Fix client joining errors
- Addressing Tom Cocozzello's review
[0.0.1-2.0.6]
- Fix go vet errors
- Enabling IPVS in HA
[0.0.1-2.0.5]
- Clean up un-used build scripts
[0.0.1-2.0.4]
- Add Makefile for building and testing code
[0.0.1-2.0.3]
- Fix file restore issue when it contains './'
[0.0.1-2.0.2]
- Resolve the full filepath when '.' is passed in
- Addressing review by Muminul Islam
[0.0.1-2.0.1]
- Remove 'firewall-cmd --reload' as it can hangs OCI
- Fix some errors reported by Shubham
- Error out if options is not currently supported in HandleEtcdOps
- Fix down issue
- Dump log output to /var/log/kubeadm-ha-setup
[0.0.1-1.0.37]
- Fix kubernetes version
- Include log printing when error occurs
- Fix client.go regression due to new down function
[0.0.1-1.0.36]
- Remove Godeps, using dep for now
- Check if image is not set before referencing
- Rename getEtcdConfigV2 to getEtcdConfig
- Adding down functionality
- Update ha.yaml file
[0.0.1-1.0.35]
- Removing etcd.go
- Addressing Tom Cocozzello review
- [Orabug 28977571]
[0.0.1-1.0.34]
- Enabling full restore on HA master and single master
- Cleanup
- Enable single master backup
- Double the context request timeout
- Implement retryable AddMember
[0.0.1-1.0.33]
- Modified DR for One node case to use new etcd API
- Enhanced the helper scripts such that it will error out
- HealthCheck re-implementation
[0.0.1-1.0.32]
- Update dashboard image
[0.0.1-1.0.31]
- Needs to be run as a privileged user
- Enable CoreDNS as default
[0.0.1-1.0.30]
- Enable single master setup
[0.0.1-1.0.29]
- Redesigned for setting up v1.12 HA clusters
[0.0.1-1.0.28]
- Fixes for v1.11
- Addressing Laszlo Peter review
- Addressing Daniel Krasinski review
[0.0.1-1.0.27]
- Fix build failure
- Add UPL LICENSE
- Fix the usage of defer
- Re-try when docker pull image gets a timeout
- Refactor SetupCreds()
- Remove --force flag for restore
- When something fail, we should lenghten the timeout time
[0.0.1-1.0.26]
- When context timed out catch it and print stdout, stderr
[0.0.1-1.0.25]
- Check output from docker client and probe for error
[0.0.1-1.0.24]
- Properly parse if repo has a special ':' character
[0.0.1-1.0.23]
- Checking the total nodes would be better implementation
- Fixup etcd add member errors
[0.0.1-1.0.22]
- Pod count could be >= 20
- Remove port 30000-32767/tcp check for client node
- Querying k8s cluster health instead of etcd for backup
- Cosmestic fix
- Etcd one node restore problems
[0.0.1-1.0.21]
- Check whether repo needs auth even in one node restore case
- Fixup the restore script
- docker pull image change in behavior in 18.03
- Include client side image repo checking too
- Provide a full repo path for comparison
- Make kubernetes_developer as the sample repo
- Use strings.Contains to compare strings
- Fix README
- Initial README
- Include changes in kube.go
[0.0.1-1.0.20]
- In OCI LB can takes time to setup properly
- Fix random string
- [Orabug 28445064]
- Replace RunCmdExec() with just Run()
- Sanity check for # of master
- Make kubeadm token default to be random
[0.0.1-1.0.19]
- Check if docker exec etcd returns Error
- Check env first before trying to pull image
- [Orabug 28461826]
[0.0.1-1.0.18]
- Fixing LB, kubelet, kubectl-proxy
- Add a DEBUG flag for more verbose output
[0.0.1-1.0.17]
- Don't loop forever in client, make Run() more consistent in master
- Fixup LB for OCI
- Add apiserver-bind-port capability
[0.0.1-1.0.17]
- Include apiserver_cert_extra_sans and service_cidr
[0.0.1-1.0.16]
- Include restoring keepalived for one and full restore
- For Full Restore we need to first clean up before anything else
- Clean up DR, make backup check etcd health first
- Properly clean-up flannel.1 and cni0
[0.0.1-1.0.15]
- DR code cleanup
- Changed permission on the created dir to 0755
- Fix filename not found error
[0.0.1-1.0.14]
- Don't panic()
- In One node restore case verify the ca.crt MD5SUM
- Full DR feature
- Redesign of the DR
- Include file and its line number for logging
- Put the binary full path
- Re-arrange varibles for ssh.go
- Separate etcd cli to another file (etcd.go)
- Addition to kubectl cli
- Check if MyIP for local node is missing/empty
[0.0.1-1.0.13]
- Replace binary names
- Include the ability to re-try master setup
[0.0.1-1.0.12]
- Renamed the whole REPO to kubeadm-ha-setup
- Don't print out more logs as necessary
[0.0.1-1.0.12]
- Enhance ssh/sftp code
[0.0.1-1.0.11]
- Change the storePath
- Include keepalived backup and change backup.sh/restore.sh
[0.0.1-1.0.10]
- Continuing on the restore part
- Make the script to query all KUBEDIR directory from a single file
- Consolidate KUBEDIR
- Make systemd related file 0644
[0.0.1-1.0.9]
- Fixup the hardcoded directory as such we are reading from only limited source
- Include the Docker API for restore
- Initial implementation of DR
[0.0.1-1.0.8]
- Fixup kubeadm-setup join
- systemctl enable kubelet
[0.0.1-1.0.7]
- Fix LoadBalancer to take care of extra steps
[0.0.1-1.0.6]
- Cleanup some stdout
- Add token field in ha.yaml for ease of automated setup
[0.0.1-1.0.5]
- If Loadbalancer is preferred/used
[0.0.1-1.0.4]
- Remove goroutine sleep - unnecessary
- Provides structure to store required files and cert files
- Fix merge errors
[0.0.1-1.0.3]
- Create /run/kubeadm w-w/o --skip
[0.0.1-1.0.2]
- NoHA and LoadBalancer
[0.0.1-1.0.1]
- Initial build
kubeadm-upgrade
[0.0.1-1.0.15]
-- CVE-2018-1002105
[0.0.1-1.0.14]
-- Fix kube version for 1.10.5
[0.0.1-1.0.13]
-- Updating 1.10 and 1.11 version for CVE fixes
-- Include flannel and dashboard upgrade
[0.0.1-1.0.12]
-- Upgrade to 1.12.5-2.1.1
[0.0.1-1.0.11]
-- Upgrade to 1.12.5
[0.0.1-1.0.10]
-- Add license info to the script
[0.0.1-1.0.9]
-- Add license file
[0.0.1-1.0.8]
-- Fix the bug on number of CPU checking
[0.0.1-1.0.7]
-- Use install instead of update for a specifc 1.12 version
[0.0.1-1.0.6]
-- Upgrade cluster to 1.12.3-* version only
[0.0.1-1.0.5]
-- Add exit handler to gather logs on failure
[0.0.1-1.0.4]
-- Enhance logging and check return code after kubeadm apply. Checking CPU and Memory of the system
[0.0.1-1.0.3]
-- Change REPO_PREFIX to use a single repo, increased timeout during cluster health check
[0.0.1-1.0.2]
-- Added comments and fix rpm name
[0.0.1-1.0.1]
- Upgrade to 1.12.3
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
