From e4d2be2e629bb443959ec6e317190c25eb7b0477 Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Mon, 18 Nov 2019 13:54:00 +0530 Subject: [PATCH] CSI: update kubernetes sidecar images update csi sidecar images to fix CVE-2019-11255 more info: https://github.com/kubernetes/kubernetes/issues/85233 https://github.com/kubernetes-csi/external-snapshotter/issues/193 https://github.com/kubernetes-csi/external-provisioner/issues/380 Signed-off-by: Madhu Rajanna --- Documentation/ceph-upgrade.md | 4 ++-- Documentation/helm-operator.md | 4 ++-- cluster/charts/rook-ceph/values.yaml | 4 ++-- cluster/examples/kubernetes/ceph/operator.yaml | 4 ++-- pkg/operator/ceph/csi/spec.go | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Documentation/ceph-upgrade.md b/Documentation/ceph-upgrade.md index 717b832f6edcf..fbd624d03bcc4 100644 --- a/Documentation/ceph-upgrade.md +++ b/Documentation/ceph-upgrade.md @@ -290,9 +290,9 @@ below, which you should change to match where your images are located. - name: ROOK_CSI_REGISTRAR_IMAGE value: "quay.io/k8scsi/csi-node-driver-registrar:v1.1.0" - name: ROOK_CSI_PROVISIONER_IMAGE - value: "quay.io/k8scsi/csi-provisioner:v1.3.0" + value: "quay.io/k8scsi/csi-provisioner:v1.4.0" - name: ROOK_CSI_SNAPSHOTTER_IMAGE - value: "quay.io/k8scsi/csi-snapshotter:v1.2.0" + value: "quay.io/k8scsi/csi-snapshotter:v1.2.2" - name: ROOK_CSI_ATTACHER_IMAGE value: "quay.io/k8scsi/csi-attacher:v1.2.0" ``` diff --git a/Documentation/helm-operator.md b/Documentation/helm-operator.md index 5a8d3f10fe2fa..f27134a99dc2f 100644 --- a/Documentation/helm-operator.md +++ b/Documentation/helm-operator.md @@ -130,8 +130,8 @@ The following tables lists the configurable parameters of the rook-operator char | `csi.kubeletDirPath` | Kubelet root directory path (if the Kubelet uses a different path for the `--root-dir` flag) | `/var/lib/kubelet` | | `csi.cephcsi.image` | Ceph CSI image. | `quay.io/cephcsi/cephcsi:v1.2.1` | | `csi.registrar.image` | Kubernetes CSI registrar image. | `quay.io/k8scsi/csi-node-driver-registrar:v1.1.0` | -| `csi.provisioner.image` | Kubernetes CSI provisioner image. | `quay.io/k8scsi/csi-provisioner:v1.3.0` | -| `csi.snapshotter.image` | Kubernetes CSI snapshotter image. | `quay.io/k8scsi/csi-snapshotter:v1.2.0` | +| `csi.provisioner.image` | Kubernetes CSI provisioner image. | `quay.io/k8scsi/csi-provisioner:v1.4.0` | +| `csi.snapshotter.image` | Kubernetes CSI snapshotter image. | `quay.io/k8scsi/csi-snapshotter:v1.2.2` | | `csi.attacher.image` | Kubernetes CSI Attacher image. | `quay.io/k8scsi/csi-attacher:v1.2.0` | | `agent.flexVolumeDirPath` | Path where the Rook agent discovers the flex volume plugins (*) | `/usr/libexec/kubernetes/kubelet-plugins/volume/exec/` | | `agent.libModulesDirPath` | Path where the Rook agent should look for kernel modules (*) | `/lib/modules` | diff --git a/cluster/charts/rook-ceph/values.yaml b/cluster/charts/rook-ceph/values.yaml index 1d5579667bcc5..75fb0baa529be 100644 --- a/cluster/charts/rook-ceph/values.yaml +++ b/cluster/charts/rook-ceph/values.yaml @@ -78,9 +78,9 @@ csi: #registrar: #image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 #provisioner: - #image: quay.io/k8scsi/csi-provisioner:v1.3.0 + #image: quay.io/k8scsi/csi-provisioner:v1.4.0 #snapshotter: - #image: quay.io/k8scsi/csi-snapshotter:v1.2.0 + #image: quay.io/k8scsi/csi-snapshotter:v1.2.2 #attacher: #image: quay.io/k8scsi/csi-attacher:v1.2.0 diff --git a/cluster/examples/kubernetes/ceph/operator.yaml b/cluster/examples/kubernetes/ceph/operator.yaml index 1a9aaa4ff1a67..704d751533410 100644 --- a/cluster/examples/kubernetes/ceph/operator.yaml +++ b/cluster/examples/kubernetes/ceph/operator.yaml @@ -182,9 +182,9 @@ spec: #- name: ROOK_CSI_REGISTRAR_IMAGE # value: "quay.io/k8scsi/csi-node-driver-registrar:v1.1.0" #- name: ROOK_CSI_PROVISIONER_IMAGE - # value: "quay.io/k8scsi/csi-provisioner:v1.3.0" + # value: "quay.io/k8scsi/csi-provisioner:v1.4.0" #- name: ROOK_CSI_SNAPSHOTTER_IMAGE - # value: "quay.io/k8scsi/csi-snapshotter:v1.2.0" + # value: "quay.io/k8scsi/csi-snapshotter:v1.2.2" #- name: ROOK_CSI_ATTACHER_IMAGE # value: "quay.io/k8scsi/csi-attacher:v1.2.0" # kubelet directory path, if kubelet configured to use other than /var/lib/kubelet path. diff --git a/pkg/operator/ceph/csi/spec.go b/pkg/operator/ceph/csi/spec.go index a78f2b72dd0c3..1f35e4eb7ee51 100644 --- a/pkg/operator/ceph/csi/spec.go +++ b/pkg/operator/ceph/csi/spec.go @@ -85,9 +85,9 @@ var ( // image names DefaultCSIPluginImage = "quay.io/cephcsi/cephcsi:v1.2.1" DefaultRegistrarImage = "quay.io/k8scsi/csi-node-driver-registrar:v1.1.0" - DefaultProvisionerImage = "quay.io/k8scsi/csi-provisioner:v1.3.0" + DefaultProvisionerImage = "quay.io/k8scsi/csi-provisioner:v1.4.0" DefaultAttacherImage = "quay.io/k8scsi/csi-attacher:v1.2.0" - DefaultSnapshotterImage = "quay.io/k8scsi/csi-snapshotter:v1.2.0" + DefaultSnapshotterImage = "quay.io/k8scsi/csi-snapshotter:v1.2.2" ) const (