From 66f39ee857bfd24e60c3977e268149c56866bdf1 Mon Sep 17 00:00:00 2001
From: Mike Splain <mike.splain@gmail.com>
Date: Mon, 2 Oct 2017 11:01:10 -0400
Subject: [PATCH] Update kube-dns to 1.14.5 for CVE-2017-14491

---
 .../addons/kube-dns.addons.k8s.io/k8s-1.6.yaml.template     | 6 +++---
 .../addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml.template | 2 +-
 upup/pkg/fi/cloudup/bootstrapchannelbuilder.go              | 2 +-
 .../bootstrapchannelbuilder/kopeio-vxlan/manifest.yaml      | 4 ++--
 .../tests/bootstrapchannelbuilder/simple/manifest.yaml      | 4 ++--
 .../tests/bootstrapchannelbuilder/weave/manifest.yaml       | 4 ++--
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/k8s-1.6.yaml.template b/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/k8s-1.6.yaml.template
index 80b8be9c5e25f..d7cbcc0f8a9c0 100644
--- a/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/k8s-1.6.yaml.template
+++ b/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/k8s-1.6.yaml.template
@@ -96,7 +96,7 @@ spec:
 
       containers:
       - name: kubedns
-        image: gcr.io/google_containers/k8s-dns-kube-dns-{{Arch}}:1.14.4
+        image: gcr.io/google_containers/k8s-dns-kube-dns-{{Arch}}:1.14.5
         resources:
           # TODO: Set memory limits when we've profiled the container for large
           # clusters, then set request = limit to keep this container in
@@ -148,7 +148,7 @@ spec:
           mountPath: /kube-dns-config
 
       - name: dnsmasq
-        image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-{{Arch}}:1.14.4
+        image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-{{Arch}}:1.14.5
         livenessProbe:
           httpGet:
             path: /healthcheck/dnsmasq
@@ -187,7 +187,7 @@ spec:
           mountPath: /etc/k8s/dns/dnsmasq-nanny
 
       - name: sidecar
-        image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.4
+        image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
         livenessProbe:
           httpGet:
             path: /metrics
diff --git a/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml.template b/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml.template
index 09097ae754289..fc806134a0819 100644
--- a/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml.template
+++ b/upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io/pre-k8s-1.6.yaml.template
@@ -131,7 +131,7 @@ spec:
           name: metrics
           protocol: TCP
       - name: dnsmasq
-        image: gcr.io/google_containers/kube-dnsmasq-{{Arch}}:1.4
+        image: gcr.io/google_containers/k8s-dns-dnsmasq-{{Arch}}:1.14.5
         livenessProbe:
           httpGet:
             path: /healthz-dnsmasq
diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
index e913f90eeb346..bcc3f2c6e9a1e 100644
--- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
+++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
@@ -115,7 +115,7 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
 
 	{
 		key := "kube-dns.addons.k8s.io"
-		version := "1.14.4"
+		version := "1.14.5"
 
 		{
 			location := key + "/pre-k8s-1.6.yaml"
diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/kopeio-vxlan/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/kopeio-vxlan/manifest.yaml
index d81ac8e2e33da..ebedbe911ce31 100644
--- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/kopeio-vxlan/manifest.yaml
+++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/kopeio-vxlan/manifest.yaml
@@ -15,14 +15,14 @@ spec:
     name: kube-dns.addons.k8s.io
     selector:
       k8s-addon: kube-dns.addons.k8s.io
-    version: 1.14.4
+    version: 1.14.5
   - id: k8s-1.6
     kubernetesVersion: '>=1.6.0'
     manifest: kube-dns.addons.k8s.io/k8s-1.6.yaml
     name: kube-dns.addons.k8s.io
     selector:
       k8s-addon: kube-dns.addons.k8s.io
-    version: 1.14.4
+    version: 1.14.5
   - manifest: limit-range.addons.k8s.io/v1.5.0.yaml
     name: limit-range.addons.k8s.io
     selector:
diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml
index e4c9f9a378be4..9f965cf67f442 100644
--- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml
+++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml
@@ -15,14 +15,14 @@ spec:
     name: kube-dns.addons.k8s.io
     selector:
       k8s-addon: kube-dns.addons.k8s.io
-    version: 1.14.4
+    version: 1.14.5
   - id: k8s-1.6
     kubernetesVersion: '>=1.6.0'
     manifest: kube-dns.addons.k8s.io/k8s-1.6.yaml
     name: kube-dns.addons.k8s.io
     selector:
       k8s-addon: kube-dns.addons.k8s.io
-    version: 1.14.4
+    version: 1.14.5
   - manifest: limit-range.addons.k8s.io/v1.5.0.yaml
     name: limit-range.addons.k8s.io
     selector:
diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml
index 2abd863da6446..cbc2e188eda65 100644
--- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml
+++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml
@@ -15,14 +15,14 @@ spec:
     name: kube-dns.addons.k8s.io
     selector:
       k8s-addon: kube-dns.addons.k8s.io
-    version: 1.14.4
+    version: 1.14.5
   - id: k8s-1.6
     kubernetesVersion: '>=1.6.0'
     manifest: kube-dns.addons.k8s.io/k8s-1.6.yaml
     name: kube-dns.addons.k8s.io
     selector:
       k8s-addon: kube-dns.addons.k8s.io
-    version: 1.14.4
+    version: 1.14.5
   - manifest: limit-range.addons.k8s.io/v1.5.0.yaml
     name: limit-range.addons.k8s.io
     selector: