Skip to content

Commit

Permalink
Merge pull request kubernetes#9329 from hakman/automated-cherry-pick-…
Browse files Browse the repository at this point in the history 
…of-#8965-kubernetes#9285-upstream-release-1.16

Automated cherry pick of kubernetes#8965: Fix missing changes in Weave manifest kubernetes#9285: Update Weave for CVE-2020-13597
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Jun 11, 2020
2 parents e39f34c + 58b96a9 commit ee44203
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 26 deletions.
29 changes: 20 additions & 9 deletions upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,18 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
role.kubernetes.io/networking: "1"
namespace: kube-system
rules:
- apiGroups:
- ''
Expand All @@ -36,6 +36,14 @@ rules:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- 'networking.k8s.io'
resources:
Expand All @@ -56,10 +64,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
role.kubernetes.io/networking: "1"
namespace: kube-system
roleRef:
kind: ClusterRole
name: weave-net
Expand Down Expand Up @@ -113,25 +121,24 @@ apiVersion: apps/v1
kind: DaemonSet
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
role.kubernetes.io/networking: "1"
namespace: kube-system
spec:
# Wait 5 seconds to let pod connect before rolling next pod
minReadySeconds: 5
selector:
matchLabels:
name: weave-net
role.kubernetes.io/networking: "1"
minReadySeconds: 5
template:
metadata:
labels:
name: weave-net
role.kubernetes.io/networking: "1"
annotations:
prometheus.io/scrape: "true"
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
containers:
- name: weave
Expand Down Expand Up @@ -168,7 +175,7 @@ spec:
name: weave-net
key: network-password
{{- end }}
image: 'weaveworks/weave-kube:2.5.2'
image: 'weaveworks/weave-kube:2.6.4'
ports:
- name: metrics
containerPort: 6782
Expand Down Expand Up @@ -200,15 +207,15 @@ spec:
mountPath: /lib/modules
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
- name: weave-npc
args: []
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'weaveworks/weave-npc:2.5.2'
image: 'weaveworks/weave-npc:2.6.4'
ports:
- name: metrics
containerPort: 6781
Expand All @@ -223,7 +230,9 @@ spec:
volumeMounts:
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: true
restartPolicy: Always
securityContext:
Expand All @@ -232,6 +241,8 @@ spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
volumes:
Expand Down
33 changes: 22 additions & 11 deletions upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,18 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
role.kubernetes.io/networking: "1"
namespace: kube-system
rules:
- apiGroups:
- ''
Expand All @@ -36,6 +36,14 @@ rules:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- 'networking.k8s.io'
resources:
Expand All @@ -52,14 +60,14 @@ rules:
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
role.kubernetes.io/networking: "1"
namespace: kube-system
roleRef:
kind: ClusterRole
name: weave-net
Expand All @@ -69,7 +77,7 @@ subjects:
name: weave-net
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: weave-net
Expand All @@ -93,7 +101,7 @@ rules:
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: weave-net
Expand All @@ -113,10 +121,10 @@ apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
role.kubernetes.io/networking: "1"
namespace: kube-system
spec:
# Wait 5 seconds to let pod connect before rolling next pod
minReadySeconds: 5
Expand Down Expand Up @@ -164,7 +172,7 @@ spec:
name: weave-net
key: network-password
{{- end }}
image: 'weaveworks/weave-kube:2.5.2'
image: 'weaveworks/weave-kube:2.6.4'
ports:
- name: metrics
containerPort: 6782
Expand Down Expand Up @@ -196,15 +204,15 @@ spec:
mountPath: /lib/modules
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
- name: weave-npc
args: []
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 'weaveworks/weave-npc:2.5.2'
image: 'weaveworks/weave-npc:2.6.4'
ports:
- name: metrics
containerPort: 6781
Expand All @@ -219,6 +227,7 @@ spec:
volumeMounts:
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
hostNetwork: true
hostPID: true
restartPolicy: Always
Expand All @@ -228,6 +237,8 @@ spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
volumes:
Expand Down
4 changes: 2 additions & 2 deletions upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -695,8 +695,8 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
"pre-k8s-1.6": "2.3.0-kops.3",
"k8s-1.6": "2.3.0-kops.3",
"k8s-1.7": "2.5.2-kops.2",
"k8s-1.8": "2.5.2-kops.2",
"k8s-1.12": "2.5.2-kops.3",
"k8s-1.8": "2.6.4-kops.1",
"k8s-1.12": "2.6.4-kops.1",
}

{
Expand Down
8 changes: 4 additions & 4 deletions upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,16 +139,16 @@ spec:
- id: k8s-1.8
kubernetesVersion: '>=1.8.0 <1.12.0'
manifest: networking.weave/k8s-1.8.yaml
manifestHash: 748a1526515a719058b99c203cd943a740675e21
manifestHash: 04b76e2d427fcdd14c042eb63b44c3a9d34ece33
name: networking.weave
selector:
role.kubernetes.io/networking: "1"
version: 2.5.2-kops.2
version: 2.6.4-kops.1
- id: k8s-1.12
kubernetesVersion: '>=1.12.0'
manifest: networking.weave/k8s-1.12.yaml
manifestHash: 96334bfcfa6a3ec9791b50c94674a8821cb6ad67
manifestHash: eb0ee027200ce4fbe3f99b656474c0891d15d6aa
name: networking.weave
selector:
role.kubernetes.io/networking: "1"
version: 2.5.2-kops.3
version: 2.6.4-kops.1

0 comments on commit ee44203

Please sign in to comment.