diff --git a/.nancy-ignore b/.nancy-ignore index d8134cd19b..d18c58b4aa 100644 --- a/.nancy-ignore +++ b/.nancy-ignore @@ -34,3 +34,8 @@ CVE-2023-32731 CVE-2023-3978 CVE-2023-47090 CVE-2023-47108 +CVE-2024-25620 +CVE-2024-26147 +CVE-2019-25210 +CVE-2024-24786 +CVE-2023-48795 diff --git a/CHANGELOG.md b/CHANGELOG.md index 2100f95469..2e5520b42f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed + +- [Backport] Bump k8scc to 16.8.1 fix issues with IMDS v2. + ## [15.0.0-patch2] - 2024-03-04 ### Fixed diff --git a/go.mod b/go.mod index 7392f5d731..eb04411b3d 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/giantswarm/certs/v4 v4.0.0 github.com/giantswarm/ipam v0.3.0 github.com/giantswarm/k8sclient/v7 v7.2.0 - github.com/giantswarm/k8scloudconfig/v16 v16.8.0 + github.com/giantswarm/k8scloudconfig/v16 v16.8.1 github.com/giantswarm/k8smetadata v0.23.0 github.com/giantswarm/kubelock/v4 v4.0.0 github.com/giantswarm/microendpoint v1.1.0 diff --git a/go.sum b/go.sum index d81c6c90a9..11342ec7ef 100644 --- a/go.sum +++ b/go.sum @@ -102,8 +102,8 @@ github.com/giantswarm/ipam v0.3.0 h1:QNb4k5Zu6nGsqJkAM7dLM1J6TiUP+LGjo9CPR+ewZBk github.com/giantswarm/ipam v0.3.0/go.mod h1:xG4cMEKwHlbE0aZ7x2H5j7o81U13LIStA73XCECdk+I= github.com/giantswarm/k8sclient/v7 v7.2.0 h1:twh4egNcuTJEH7R/hYVhs8nwEXPlr0u/o9CB1Kv9H9A= github.com/giantswarm/k8sclient/v7 v7.2.0/go.mod h1:kZGRtOqe4vAKXtWm69tsj2Q9CpWlwzpa1uP1lfDtjlE= -github.com/giantswarm/k8scloudconfig/v16 v16.8.0 h1:hfqvRisdcJ/dSlKGHP8WTq4dZUi1DEaUKi4N2eor768= -github.com/giantswarm/k8scloudconfig/v16 v16.8.0/go.mod h1:AGnaR+F72BL0zgjPCcBWgBYXLunQ5OjeTC/c1MxVLTI= +github.com/giantswarm/k8scloudconfig/v16 v16.8.1 h1:jX77iiDPQMAlJSz1G5cz4Pf7YaHESN3/mspzpY3b/6c= +github.com/giantswarm/k8scloudconfig/v16 v16.8.1/go.mod h1:AGnaR+F72BL0zgjPCcBWgBYXLunQ5OjeTC/c1MxVLTI= github.com/giantswarm/k8smetadata v0.23.0 h1:iGwa1Nb45Sfcd5wqJEKBvxY1u5yXFg3Sq5Fw62nyRGA= github.com/giantswarm/k8smetadata v0.23.0/go.mod h1:QiQAyaZnwco1U0lENLF0Kp4bSN4dIPwIlHWEvUo3ES8= github.com/giantswarm/kubelock/v4 v4.0.0 h1:qvFGOIlDthAD8r32WcorT8R4gp3c1dpnDbHuLsDU2ZA= diff --git a/pkg/project/project.go b/pkg/project/project.go index fb7d962605..abb8cecf43 100644 --- a/pkg/project/project.go +++ b/pkg/project/project.go @@ -5,7 +5,7 @@ var ( gitSHA = "n/a" name string = "aws-operator" source string = "https://github.com/giantswarm/aws-operator" - //version = "15.0.0-patch2" + version = "15.0.0-patch2" ) func Description() string { @@ -25,5 +25,5 @@ func Source() string { } func Version() string { - return "15.0.0" + return version } diff --git a/service/internal/cloudconfig/template/instance_health_check.go b/service/internal/cloudconfig/template/instance_health_check.go index 44a90beb5e..1f24279d74 100644 --- a/service/internal/cloudconfig/template/instance_health_check.go +++ b/service/internal/cloudconfig/template/instance_health_check.go @@ -33,7 +33,7 @@ if test $(cut -d '.' -f1 /proc/uptime) -lt 900; then fi # AWS Metadata -export INSTANCEID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id 2> /dev/null) +export INSTANCEID=$(/opt/imds-client /latest/meta-data/instance-id) # Additional ENVs . /etc/network-environment diff --git a/service/internal/cloudconfig/template/lifecycle_continue.go b/service/internal/cloudconfig/template/lifecycle_continue.go index 87c79dc8b4..1575a7d63d 100644 --- a/service/internal/cloudconfig/template/lifecycle_continue.go +++ b/service/internal/cloudconfig/template/lifecycle_continue.go @@ -25,7 +25,7 @@ set -o nounset set -o pipefail # AWS Metadata -export INSTANCEID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id 2> /dev/null) +export INSTANCEID=$(/opt/imds-client /latest/meta-data/instance-id) # AWS Autoscaling Group Name export AUTOSCALINGGROUP=$(docker run --rm {{ .RegistryDomain }}/giantswarm/awscli:2.7.35 autoscaling describe-auto-scaling-instances --instance-ids=$INSTANCEID --query 'AutoScalingInstances[*].AutoScalingGroupName' --output text) diff --git a/service/internal/cloudconfig/template/set-hostname.go b/service/internal/cloudconfig/template/set-hostname.go index b6a24d1b72..b8e68dc1bb 100644 --- a/service/internal/cloudconfig/template/set-hostname.go +++ b/service/internal/cloudconfig/template/set-hostname.go @@ -10,7 +10,7 @@ Before=k8s-kubelet.service [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/bin/bash -c "hostnamectl set-hostname $(curl http://169.254.169.254/latest/meta-data/local-hostname)" +ExecStart=/bin/bash -c "hostnamectl set-hostname $(/opt/imds-client /latest/meta-data/local-hostname)" [Install] WantedBy=multi-user.target