From 608402a90df1745cb4ba7f67094df7c68ff9355e Mon Sep 17 00:00:00 2001
From: Guillaume Demonet <guillaume.demonet@scality.com>
Date: Fri, 5 Jun 2020 17:04:01 +0200
Subject: [PATCH] charts, build: Bump Grafana image tag to 6.7.4

This should handle the recent CVE-2020-13379.
See: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/

Fixes: #2600
---
 buildchain/buildchain/versions.py                           | 2 +-
 charts/prometheus-operator.yaml                             | 1 +
 salt/metalk8s/addons/prometheus-operator/deployed/chart.sls | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/buildchain/buildchain/versions.py b/buildchain/buildchain/versions.py
index 71b659b82e..43b75fc329 100644
--- a/buildchain/buildchain/versions.py
+++ b/buildchain/buildchain/versions.py
@@ -57,7 +57,7 @@ def load_version_information() -> None:
 CENTOS_BASE_IMAGE_SHA256 : str = \
     '6ae4cddb2b37f889afd576a17a5286b311dcbf10a904409670827f6f9b50065e'
 
-GRAFANA_IMAGE_VERSION : str = '6.4.2'
+GRAFANA_IMAGE_VERSION : str = '6.7.4'
 NGINX_IMAGE_VERSION   : str = '1.15.8'
 NODEJS_IMAGE_VERSION  : str = '10.16.0'
 
diff --git a/charts/prometheus-operator.yaml b/charts/prometheus-operator.yaml
index 0674435e2c..1aab584642 100644
--- a/charts/prometheus-operator.yaml
+++ b/charts/prometheus-operator.yaml
@@ -103,6 +103,7 @@ grafana:
 
   image:
     repository: '{%- endraw -%}{{ build_image_name(\"grafana\", False) }}{%- raw -%}'
+    tag: '6.7.4'
 
   sidecar:
     image: '{%- endraw -%}{{ build_image_name(\"k8s-sidecar\", False) }}{%- raw -%}:0.1.20'
diff --git a/salt/metalk8s/addons/prometheus-operator/deployed/chart.sls b/salt/metalk8s/addons/prometheus-operator/deployed/chart.sls
index f0d3338829..0dcd5a7ea1 100644
--- a/salt/metalk8s/addons/prometheus-operator/deployed/chart.sls
+++ b/salt/metalk8s/addons/prometheus-operator/deployed/chart.sls
@@ -25052,7 +25052,7 @@ spec:
             secretKeyRef:
               key: admin-password
               name: prometheus-operator-grafana
-        image: '{%- endraw -%}{{ build_image_name("grafana", False) }}{%- raw -%}:6.4.2'
+        image: '{%- endraw -%}{{ build_image_name("grafana", False) }}{%- raw -%}:6.7.4'
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 10