The previous base image, debian-base:v1.0.0, is affected by
CVE-2017-14062. This change upgrades to the most recent Debian stretch
image from the following command:
```
$ gcloud container images list-tags k8s.gcr.io/debian-base-amd64
DIGEST TAGS TIMESTAMP
7e9f2f88b813 v1.0.1 2020-02-18T13:18:50
d7be39e143d4 v2.0.0 2019-11-01T13:14:18
5f25d97ece90 v1.0.0 2019-03-25T10:59:09
dddca919baec 1.0.0 2019-03-25T09:43:09
```
This marks kube-addon-manager version 9.1.5.
Change-Id: I02321a781fb19dd33c0a19671b56c0b12d9b52fd
Many README files and other docs contained a link to a an appspot
tracking app that is no longer active. Following the links leads to an
error about Go 1.9 no longer being supported. Go 1.9 support was dropped
in appspot in 2019 and disabled June 2020.
This also resulted in a broken image link displaying when viewing these
files on GitHub. Since the app is no longer functioning, and since it
causes a potentially (but granted, minor) confusing error to display,
this just removes those links as I don't believe they are needed
anymore.
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
The addon manager readme states
> - Addons with label `addonmanager.kubernetes.io/mode=EnsureExists` will be checked for
> existence only. Users can edit these addons as they want.
However, the start_addon function was using `kubectl apply` to create
resources regardless of mode. This change switches between `kubectl
create` and `kubectl apply` depending on mode.
Additionally implemented tests for create_resource fn
- Refactor functions and main executable
- Quick tests in bash
- Tests for Reconcile, EnsureExists behavior
- Check for completeness with multi resource configs
When there are two or more values in KUBECTL_EXTRA_PRUNE_WHITELIST
kube-addons.sh wrongly generates "--prune-whitelist value1 value2"
Which kubectl parses as additional unknown flag[s]
Change-Id: I7661bda41ab7435e0e65eb0a662d1b16d2c14991
The bug seems to be currently dormant but I managed to trigger it in
some manual tests.
When the bug is triggered it appends empty --prune-whitelist without any
value which in turn can capture the next flag and can cause addon
manager to fail.
E.g. when bug is not triggered the kubectl command looks like this
```
kubectl ... --prune-whitelist extensions/v1beta1/Ingress --recursive ...
```
When it's triggered it will be
```
kubectl ... --prune-whitelist --recursive ...
```
which will capture the --recursive flag and will make addon-manager to
fail as there are no yamls in the top directory.
