Skip to content

Commit

Permalink
Update from coreos/flannel-cni to poseidon/flannel-cni
Browse files Browse the repository at this point in the history
* Update CNI plugins from v0.6.0 to v0.8.6 to fix several CVEs
* Update the base image to alpine:3.12
* Use `flannel-cni` as an init container and remove sleep
* poseidon/terraform-render-bootstrap#205
* https://github.com/poseidon/flannel-cni
* https://quay.io/repository/poseidon/flannel-cni

Background

* Switch from github.com/coreos/flannel-cni v0.3.0 which was last
published by me in 2017 and is no longer accessible to me to maintain
or patch
* Port to the poseidon/flannel-cni rewrite, which releases v0.4.0
to continue the prior release numbering
  • Loading branch information
dghubble committed Aug 2, 2020
1 parent 8aefd4f commit 954f7e1
Show file tree
Hide file tree
Showing 12 changed files with 19 additions and 10 deletions.
3 changes: 3 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ Notable changes between versions.
* Update etcd from v3.4.9 to [v3.4.10](https://github.com/etcd-io/etcd/releases/tag/v3.4.10)
* Update CoreDNS from v1.6.7 to [v1.7.0](https://coredns.io/2020/06/15/coredns-1.7.0-release/)
* Update Cilium from v1.8.1 to [v1.8.2](https://github.com/cilium/cilium/releases/tag/v1.8.2)
* Update [coreos/flannel-cni](https://github.com/coreos/flannel-cni) to [poseidon/flannel-cni](https://github.com/poseidon/flannel-cni)
* Update CNI plugins and fix CVEs with Flannel (non-default)
* Transition to a poseidon maintained container image

### Fedora CoreOS

Expand Down
2 changes: 1 addition & 1 deletion aws/container-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=45053a62cb751e2f8b371c20b7714e1604d6e57d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=3675b3a539efd8d341277f0c03322883f97fd992"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
Expand Down
2 changes: 1 addition & 1 deletion aws/fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=45053a62cb751e2f8b371c20b7714e1604d6e57d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=3675b3a539efd8d341277f0c03322883f97fd992"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
Expand Down
2 changes: 1 addition & 1 deletion azure/container-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=45053a62cb751e2f8b371c20b7714e1604d6e57d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=3675b3a539efd8d341277f0c03322883f97fd992"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
Expand Down
2 changes: 1 addition & 1 deletion azure/fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=45053a62cb751e2f8b371c20b7714e1604d6e57d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=3675b3a539efd8d341277f0c03322883f97fd992"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
Expand Down
2 changes: 1 addition & 1 deletion bare-metal/container-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=45053a62cb751e2f8b371c20b7714e1604d6e57d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=3675b3a539efd8d341277f0c03322883f97fd992"

cluster_name = var.cluster_name
api_servers = [var.k8s_domain_name]
Expand Down
2 changes: 1 addition & 1 deletion bare-metal/fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=45053a62cb751e2f8b371c20b7714e1604d6e57d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=3675b3a539efd8d341277f0c03322883f97fd992"

cluster_name = var.cluster_name
api_servers = [var.k8s_domain_name]
Expand Down
2 changes: 1 addition & 1 deletion digital-ocean/container-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=45053a62cb751e2f8b371c20b7714e1604d6e57d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=3675b3a539efd8d341277f0c03322883f97fd992"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
Expand Down
2 changes: 1 addition & 1 deletion digital-ocean/fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=45053a62cb751e2f8b371c20b7714e1604d6e57d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=3675b3a539efd8d341277f0c03322883f97fd992"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
Expand Down
6 changes: 6 additions & 0 deletions docs/topics/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,12 @@ Two tag styles indicate the build strategy used.

The Typhoon-built Kubelet image is used as the official image. Automated builds provide an alternative image for those preferring to trust images built by Quay/Dockerhub (albeit lacking multi-arch). To use the fallback registry or an alternative tag, see [customization](/advanced/customization/#kubelet).

### flannel-cni

Typhoon packages the [flannel-cni](https://github.com/poseidon/flannel-cni) container image to provide security patches.

* [quay.io/poseidon/flannel-cni](https://quay.io/repository/poseidon/flannel-cni) (official)

## Disclosures

If you find security issues, please email `security@psdn.io`. If the issue lies in upstream Kubernetes, please inform upstream Kubernetes as well.
Expand Down
2 changes: 1 addition & 1 deletion google-cloud/container-linux/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=45053a62cb751e2f8b371c20b7714e1604d6e57d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=3675b3a539efd8d341277f0c03322883f97fd992"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
Expand Down
2 changes: 1 addition & 1 deletion google-cloud/fedora-coreos/kubernetes/bootstrap.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Kubernetes assets (kubeconfig, manifests)
module "bootstrap" {
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=45053a62cb751e2f8b371c20b7714e1604d6e57d"
source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=3675b3a539efd8d341277f0c03322883f97fd992"

cluster_name = var.cluster_name
api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)]
Expand Down

0 comments on commit 954f7e1

Please sign in to comment.