From 4e84d6444afcc7f9f5d35e51729da6a50c60716f Mon Sep 17 00:00:00 2001 From: John Naulty Date: Thu, 21 Nov 2019 22:54:46 -0800 Subject: [PATCH] Patch k8scsi sidecars CVE-2019-11255 Update container image versions that have resolve the CVE according to [kubernetes/kubernetes/issues/85233](https://github.com/kubernetes/kubernetes/issues/85233) ref: #411 --- aws-ebs-csi-driver/templates/manifest.yaml | 6 +++--- deploy/kubernetes/base/controller.yaml | 2 +- .../kubernetes/overlays/alpha/controller_add_resizer.yaml | 2 +- .../overlays/alpha/controller_add_snapshotter.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/aws-ebs-csi-driver/templates/manifest.yaml b/aws-ebs-csi-driver/templates/manifest.yaml index 51b90c4b45..b5db8fa0dd 100644 --- a/aws-ebs-csi-driver/templates/manifest.yaml +++ b/aws-ebs-csi-driver/templates/manifest.yaml @@ -249,7 +249,7 @@ spec: periodSeconds: 10 failureThreshold: 5 - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.3.0 + image: quay.io/k8scsi/csi-provisioner:v1.3.1 args: - --csi-address=$(ADDRESS) - --v=5 @@ -277,7 +277,7 @@ spec: mountPath: /var/lib/csi/sockets/pluginproxy/ {{- if .Values.enableVolumeSnapshot }} - name: csi-snapshotter - image: quay.io/k8scsi/csi-snapshotter:v1.1.0 + image: quay.io/k8scsi/csi-snapshotter:v1.2.2 args: - --csi-address=$(ADDRESS) - --connection-timeout=15s @@ -290,7 +290,7 @@ spec: {{- end }} {{- if .Values.enableVolumeResizing }} - name: csi-resizer - image: quay.io/k8scsi/csi-resizer:v0.2.0 + image: quay.io/k8scsi/csi-resizer:v0.3.0 imagePullPolicy: Always args: - --csi-address=$(ADDRESS) diff --git a/deploy/kubernetes/base/controller.yaml b/deploy/kubernetes/base/controller.yaml index 7b300ee39a..291eabf75b 100644 --- a/deploy/kubernetes/base/controller.yaml +++ b/deploy/kubernetes/base/controller.yaml @@ -60,7 +60,7 @@ spec: periodSeconds: 10 failureThreshold: 5 - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.3.0 + image: quay.io/k8scsi/csi-provisioner:v1.3.1 args: - --csi-address=$(ADDRESS) - --v=5 diff --git a/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml b/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml index 23bf8790f3..db7f8002ad 100644 --- a/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml +++ b/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml @@ -8,7 +8,7 @@ spec: spec: containers: - name: csi-resizer - image: quay.io/k8scsi/csi-resizer:v0.2.0 + image: quay.io/k8scsi/csi-resizer:v0.3.0 args: - --csi-address=$(ADDRESS) - --v=5 diff --git a/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml b/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml index e96b9be094..d2ede77adb 100644 --- a/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml +++ b/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml @@ -8,7 +8,7 @@ spec: spec: containers: - name: csi-snapshotter - image: quay.io/k8scsi/csi-snapshotter:v1.1.0 + image: quay.io/k8scsi/csi-snapshotter:v1.2.2 args: - --csi-address=$(ADDRESS) - --connection-timeout=15s