bump default coredns image to v1.11.3 (because previous ones had CVEs)

loft-sh · Aug 5, 2024 · 9b23c74 · 9b23c74
1 parent 04edf4b
commit 9b23c74
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/pkg/coredns/coredns.go b/pkg/coredns/coredns.go
@@ -16,7 +16,7 @@ import (
 )
 
 const (
-	DefaultImage          = "coredns/coredns:1.11.1"
+	DefaultImage          = "coredns/coredns:1.11.3"
 	ManifestRelativePath  = "coredns/coredns.yaml"
 	ManifestsOutputFolder = "/tmp/manifests-to-apply"
 	VarImage              = "IMAGE"

diff --git a/test/e2e/coredns/coredns.go b/test/e2e/coredns/coredns.go
@@ -3,6 +3,7 @@ package coredns
 import (
 	"fmt"
 
+	"github.com/loft-sh/vcluster/pkg/coredns"
 	"github.com/loft-sh/vcluster/pkg/util/podhelper"
 	"github.com/loft-sh/vcluster/pkg/util/random"
 	"github.com/loft-sh/vcluster/test/framework"
@@ -74,4 +75,14 @@ var _ = ginkgo.Describe("CoreDNS resolves host names correctly", func() {
 			framework.ExpectEqual(string(stdoutBuffer), "ok")
 		}
 	})
+	ginkgo.It("Test coredns uses pinned image version", func() {
+		coreDNSName, coreDNSNamespace := "coredns", "kube-system"
+		coreDNSDeployment, err := f.VClusterClient.AppsV1().Deployments(coreDNSNamespace).Get(f.Context, coreDNSName, metav1.GetOptions{})
+		framework.ExpectNoError(err)
+		framework.ExpectEqual(len(coreDNSDeployment.Spec.Template.Spec.Containers), 1)
+		framework.ExpectEqual(coreDNSDeployment.Spec.Template.Spec.Containers[0].Image, coredns.DefaultImage)
+		// these are images with known security vulnerabilities.
+		framework.ExpectNotEqual(coreDNSDeployment.Spec.Template.Spec.Containers[0].Image, "1.11.1")
+		framework.ExpectNotEqual(coreDNSDeployment.Spec.Template.Spec.Containers[0].Image, "1.11.0")
+	})
 })