The current base v1.3.0 has many CVEs[1] which are addressed in latest
versions of the bullseye
[1] ex:
CVE-2022-2509
CVE-2021-46828
Signed-off-by: Humble Chirammal <humble.devassy@gmail.com>
This commit syncs RBAC from coredns/deployment and removes a get nodes
RBAC.
Historically the federation CoreDNS plugin needed the nodes resource to
fetch zone and region labels.
However, the CoreDNS federation plugin was deprecated and cleaned up a
long time ago and removed the Nodes RBAC requirement here in
`coredns/deployment` coredns.yaml.sed:
https://github.com/coredns/deployment/pull/229
This change however, never made it to `kubernetes/kubernetes`.
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Align metrics-server metrics-resolution with the upstream manifests so
that scalability tests are running a similar configuration of
metrics-server as the one we are running in the e2e tests.
Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
Follow-up of:
- https://github.com/kubernetes/kubernetes/pull/115634
The current retention policy prevent creation or update of new objects
until the existing one are deleted based on the retention period.
Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
Related to:
- https://github.com/kubernetes/k8s.io/issues/4691
Ensure new staging bucketst are regional and apply lifecycle policy to
the objects of each staging bucket.
Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
we should only use this env var for `arm`, since `arm64` is fully
supported by etcd folks, let us drop this!
(ex - https://github.com/etcd-io/etcd/releases/tag/v3.5.6)
ppc64le comment should be dropped as well
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
This was used by migrate-if-needed.sh, but that has been replaced by
the migrate Go program which doesn't need external cp.
Signed-off-by: Stephen Kitt <skitt@redhat.com>
Currently, we hardcode the exact image to use in cluster/gce. This is
problematic as the image gets stale very frequently and has old versions
of components such as containerd, kernel, and CVE issues.
Instead, fetch the latest image from the image family. This will ensure
the image will stay up to date. Each image change in image family is
expected to be minor. Switching to a new LTS milestone will require
updating the image family set.
Also add new kube-up environment variables to allow controlling the image
family used, namely:
* IMAGE_FAMILY - default image family to use
* MASTER_IMAGE_FAMILY - image family for master to use (defaults to
IMAGE_FAMILY if unset)
* NODE_IMAGE_FAMILY - image family for node to use (defaults to
IMAGE_FAMILY if unset)
Signed-off-by: David Porter <david@porter.me>
