[Release-1.27] - rancher/mirrored-library-busybox:1.34.1 has critical vulnerability

[brandond]

Backport fix for rancher/mirrored-library-busybox:1.34.1 has critical vulnerability

• rancher/mirrored-library-busybox:1.34.1 has critical vulnerability #8373

[bguzman-3pillar]

Validated on v1.27.7-rc1+k3s1

Environment Details

Infrastructure

• Cloud
• Hosted

Node(s) CPU architecture, OS, and Version:

Ubuntu

Cluster Configuration:

1 server

Testing Steps

1. Copy config.yaml

$ sudo mkdir -p /etc/rancher/k3s && sudo cp config.yaml /etc/rancher/k3s

2. Install k3s
3. Run k apply -f https://raw.githubusercontent.com/rancher/distros-test-framework/main/workloads/amd64/local-path-provisioner.yaml && k describe pods -n kube-system and immediately describe the pod to be able to see the busybox version.

Validation Results:

Name:         helper-pod-create-pvc-ff7a6dd3-9768-4188-90d9-7657dc0f653b
Namespace:    kube-system
Priority:     0
Node:         ip-172-31-2-200/172.31.2.200
Start Time:   Tue, 24 Oct 2023 09:54:19 -0700
Labels:       <none>
Annotations:  <none>
Status:       Pending
IP:           
IPs:          <none>
Containers:
  helper-pod:
    Container ID:  
    Image:         rancher/mirrored-library-busybox:1.36.1
    Image ID:      
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/sh
      /script/setup
    Args:
      -p
      /var/lib/rancher/k3s/storage/pvc-ff7a6dd3-9768-4188-90d9-7657dc0f653b_local-path-storage_local-path-pvc
      -s
      524288000
      -m
      Filesystem
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Environment:
      VOL_DIR:         /var/lib/rancher/k3s/storage/pvc-ff7a6dd3-9768-4188-90d9-7657dc0f653b_local-path-storage_local-path-pvc
      VOL_MODE:        Filesystem
      VOL_SIZE_BYTES:  524288000
    Mounts:
      /script from script (rw)
      /var/lib/rancher/k3s/storage/ from data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-h557x (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  data:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/rancher/k3s/storage/
    HostPathType:  DirectoryOrCreate
  script:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      local-path-config
    Optional:  false
  kube-api-access-h557x:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 op=Exists
Events:
  Type    Reason   Age   From     Message
  ----    ------   ----  ----     -------
  Normal  Pulled   0s    kubelet  Container image "rancher/mirrored-library-busybox:1.36.1" already present on machine
  Normal  Created  0s    kubelet  Created container helper-pod
  Normal  Started  0s    kubelet  Started container helper-pod