CDK Addons

Update images

Bug #2035139 reported by Chris Johnston on 2023-09-11

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
CDK Addons	Fix Released	Undecided	Chris Johnston	CDK Addons 1.28+ck2
Ceph CSI Charm	Fix Released	Undecided	Adam Dyess	Ceph CSI Charm 1.28+ck2
CoreDNS Charm	Fix Released	Undecided	Adam Dyess	CoreDNS Charm 1.28+ck2
Openstack Cloud Controller Charm	Fix Released	Undecided	Adam Dyess	Openstack Cloud Controller Charm 1.28+ck2

Bug Description

Similar to LP#2015552, please update the pinned images used in cdk-addons. Ideally this should be a part of every release process.

There are currently a number of known CVEs in the images used by CK.

Revision history for this message

Adam Dyess (addyess) wrote on 2023-10-19:

Specifically should address these images if possible:
cdk/cephcsi/cephcsi:v3.7.2
cdk/kube-state-metrics/kube-state-metrics:v2.8.2
cdk/metrics-server/metrics-server:v0.5.2
cdk/nvidia/k8s-device-plugin:v0.14.0
cdk/provider-os/k8s-keystone-auth:v1.26.2
cdk/sig-storage/csi-attacher:v3.5.0
cdk/sig-storage/csi-node-driver-registrar:v2.5.1
cdk/sig-storage/csi-provisioner:v3.2.1
cdk/sig-storage/csi-resizer:v1.5.0
cdk/sig-storage/csi-snapshotter:v6.0.1
charm/8kegrpw0xeuzoxh1d9dv327iix3r31419nhw/coredns-image@sha256:e0dc69d6add4e983f8b9e694427a0c5c19b1f5d8c33fe16fca25cb912201a2c1

Changed in cdk-addons:
milestone:	none → 1.29
status:	New → Triaged
Changed in charm-coredns:
milestone:	none → 1.29
status:	New → Triaged

Revision history for this message

Adam Dyess (addyess) wrote on 2023-10-24 (last edit on 2023-10-24):

Addressing coredns charm https://github.com/charmed-kubernetes/charm-coredns/pull/38
to bump to coredns-1.11.1

Changed in charm-coredns:
status:	Triaged → In Progress
assignee:	nobody → Adam Dyess (addyess)

Adam Dyess (addyess) on 2023-10-24

Changed in charm-coredns:
milestone:	1.29 → 1.28+ck2
Changed in cdk-addons:
milestone:	1.29 → 1.28+ck2

Revision history for this message

Adam Dyess (addyess) wrote on 2023-10-24 (last edit on 2023-10-24):

PR [0] addresses many of these issues

I've confirmed that this appears safe for the upgrade by looking at what CDK addons patches
- CEPH_CSI_COMMIT=47b59ee5a430f66a88913bea1a6ac1961c8ff552 # v3.7.2
+ CEPH_CSI_COMMIT=fd10290fb811302eb81dc5e25d35f1aa06f04b4d # v3.8.1

I've confirmed changes to CCM seem safe based on what CDK addons patches
- OPENSTACK_PROVIDER_COMMIT=afc4309cbc84c70d475d9f16bc24cd0d5e9ea728 # v1.26.2
- K8S_KEYSTONE_AUTH_IMAGE_VER=v1.26.2 # override keystone auth image
+ OPENSTACK_PROVIDER_COMMIT=86510a9055a46886d9832a71c1494499a1e7816c # v1.28.1
+ K8S_KEYSTONE_AUTH_IMAGE_VER=v1.28.1 # override keystone auth image

Looking at kube-state metrics, this is a safe upgrade
- KUBE_STATE_METRICS_COMMIT=3ed7a6c48a64d89c9e82248ffcf98b5cc92e2d11 # v2.8.2
+ KUBE_STATE_METRICS_COMMIT=25fb4fa0767de7ee314500fcb7481ca7b3a55a35 # v2.10.0

Looking at the device plugin, this is also a safe upgrade
- K8S_DEVICE_PLUGIN_COMMIT=e6c111aff19eab995e8d0f4345169e8c310d2f9c # v0.14.0
+ K8S_DEVICE_PLUGIN_COMMIT=310542179780f3fccc7a87ae7609dc03936b0ab8 # v0.14.2
[0] https://github.com/charmed-kubernetes/cdk-addons/pull/228

Revision history for this message

Adam Dyess (addyess) wrote on 2023-10-24:

There are still a few charms (the ones which replace the cdk-addons) which require upgrading to make them at least on par -- better.

tags:

added: backport-needed

Revision history for this message

Adam Dyess (addyess) wrote on 2023-10-24 (last edit on 2023-11-01):

Openstack Cloud Controller Charm
https://github.com/charmed-kubernetes/openstack-cloud-controller-operator/pull/1

Ceph-CSI Charm
https://github.com/charmed-kubernetes/ceph-csi-operator/pull/12

Adam Dyess (addyess) on 2023-11-01

Changed in cdk-addons:
status:	Triaged → Fix Committed

Adam Dyess (addyess) on 2023-11-01

Changed in charm-ceph-csi:
status:	New → In Progress
Changed in charm-coredns:
status:	In Progress → Fix Committed
Changed in charm-openstack-cloud-controller:
status:	New → In Progress
assignee:	nobody → Adam Dyess (addyess)
Changed in charm-ceph-csi:
assignee:	nobody → Adam Dyess (addyess)
Changed in charm-openstack-cloud-controller:
milestone:	none → 1.28+ck2
Changed in charm-ceph-csi:
milestone:	none → 1.28+ck2

Adam Dyess (addyess) on 2023-11-01

Changed in charm-ceph-csi:
status:	In Progress → Fix Committed
Changed in charm-openstack-cloud-controller:
status:	In Progress → Fix Committed

Adam Dyess (addyess) on 2023-11-01

tags:

removed: backport-needed

Revision history for this message

Adam Dyess (addyess) wrote on 2023-11-02:

backport to 1.28 release branch of cdkaddons
https://github.com/charmed-kubernetes/cdk-addons/commit/af74da28c37762ed1c31d4993ce9527cc9e03e52

Chris Johnston (cjohnston) on 2023-11-03

Changed in cdk-addons:
assignee:	nobody → Chris Johnston (cjohnston)

Adam Dyess (addyess) on 2023-11-07

Changed in cdk-addons:
status:	Fix Committed → Fix Released
Changed in charm-ceph-csi:
status:	Fix Committed → Fix Released
Changed in charm-coredns:
status:	Fix Committed → Fix Released
Changed in charm-openstack-cloud-controller:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.