Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Add doc for CVE-2017-14491 #3534

Closed
wants to merge 3 commits into from

Conversation

justinsb
Copy link
Member

@justinsb justinsb commented Oct 4, 2017

No description provided.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 4, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
We suggest the following additional approver: zmerlynn

Assign the PR to them by writing /assign @zmerlynn in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

Copy link
Contributor

@mikesplain mikesplain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Thanks @justinsb


## Fixed in kops versions:

Not yet released
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May want to link to the PR for future context: #3511

@justinsb
Copy link
Member Author

justinsb commented Oct 4, 2017

Sorry @mikesplain - I just revised it to the minimal fix and force-pushed - I am a bad person.

I will link the PR - good suggestion!

@chrislovecnm
Copy link
Contributor

chrislovecnm commented Oct 4, 2017

Are the instructions for 1.5 k8s and 1.6 k8s different?

@justinsb justinsb changed the title Add doc for CVE-2017-14491 WIP: Add doc for CVE-2017-14491 Oct 5, 2017
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 5, 2017
@justinsb
Copy link
Member Author

justinsb commented Oct 5, 2017

Note - these instructions don't work for all versions. If you have applied them, please double-check that your kube-dns pods are healthy.

I made a mistake on one of my clusters and conflated the 1.5 and the 1.6/1.7 instructions. If you apply the change, make double sure that kubectl get pods -n kube-system | grep kube-dns is showing all the containers running, and not 2/3 or 3/4

@georgebuckerfield
Copy link
Contributor

Should the image name in the hotfix be gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5?

@chrislovecnm
Copy link
Contributor

@justinsb we had a user run into the missing configmap problem btw.
The issue is updated #3512 - how do we want to handle the instructions for 1.4 and 1.5, include a note about adding the configmap if it is missing?

@k8s-github-robot
Copy link

@justinsb PR needs rebase

@k8s-github-robot k8s-github-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 9, 2017
@chrislovecnm
Copy link
Contributor

chrislovecnm commented Oct 9, 2017

Closing because I pr'ed the doc per Justin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants