-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PWX-30765: Updating golang, aws and gcloud sdk to fix vulnerabilities. #1458
Conversation
Signed-off-by: Priyanshu Pandey <[email protected]>
Can one of the admins verify this patch? |
Signed-off-by: Priyanshu Pandey <[email protected]>
Signed-off-by: Priyanshu Pandey <[email protected]>
Signed-off-by: Priyanshu Pandey <[email protected]>
61e1395
to
bbe6a32
Compare
@@ -15,7 +15,7 @@ RUN microdnf clean all && microdnf install -y python3.9 ca-certificates tar gzip | |||
RUN python3 -m pip install awscli && python3 -m pip install oci-cli && python3 -m pip install rsa --upgrade | |||
|
|||
|
|||
RUN curl -q -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator && \ | |||
RUN curl -q -o /usr/local/bin/aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64 && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any particular reason we have taken 0.5.9 version when 0.6.10 is the latest release?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This version was showing up as the default on aws website. https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html and all vulnerability scans were getting addressed with it too.
#1458) * PWX-30765: Updating golang, aws and gcloud sdk to fix vulnerabilities. Signed-off-by: Priyanshu Pandey <[email protected]> * Updating travis golang version Signed-off-by: Priyanshu Pandey <[email protected]> * Using seccomp=unconfined during docker run Signed-off-by: Priyanshu Pandey <[email protected]> * Adding CGO_ENABLED=0 in test binary Signed-off-by: Priyanshu Pandey <[email protected]> --------- Signed-off-by: Priyanshu Pandey <[email protected]>
#1458) (#1465) * PWX-30765: Updating golang, aws and gcloud sdk to fix vulnerabilities. * Updating travis golang version * Using seccomp=unconfined during docker run * Adding CGO_ENABLED=0 in test binary --------- Signed-off-by: Priyanshu Pandey <[email protected]>
#1458) * PWX-30765: Updating golang, aws and gcloud sdk to fix vulnerabilities. Signed-off-by: Priyanshu Pandey <[email protected]> * Updating travis golang version Signed-off-by: Priyanshu Pandey <[email protected]> * Using seccomp=unconfined during docker run Signed-off-by: Priyanshu Pandey <[email protected]> * Adding CGO_ENABLED=0 in test binary Signed-off-by: Priyanshu Pandey <[email protected]> --------- Signed-off-by: Priyanshu Pandey <[email protected]>
What type of PR is this?
What this PR does / why we need it:
Update golang, aws-iam-authenticator and google-cloud-sdk versions to address golang vulnerabilities.
Does this PR change a user-facing CRD or CLI?:
no
Is a release note needed?:
Fixed several vulnerabilities resulting from
Does this change need to be cherry-picked to a release branch?:
yes 23.7
Notes:
This is probably being caused due to some issue with out github repo but I have not been able to figure this out yet.
Consequence of doing this change is that vcs information will not be embedded in the container image.
However we are already passing the version info using ldflag so we should be good.
Travis
It appears that default seccomp rules are not allowing us to build and resulting in a crash. As a workaround, I have updated it to unconfined.
stork.test: /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.34 not found (required by /stork.test)