How to patch the recent Kubernetes vulnerability (CVE-2018-1002105) in Nutanix Karbon


Userlevel 2
Badge
Note: Nutanix Karbon is on Technical Preview so it should not be used on production. The steps on this guide may impact the existing running containers.

This post covers how to patch the recent Kubernetes vulnerability (https://github.com/kubernetes/kubernetes/issues/71411). The version used as an example in this post is Kubernetes version 1.10.3, this is the only version tested but it should work on the same way for any of the other Kubernetes versions available in Karbon.

Note: the SSH password is the known standard for Nutanix CVM

1. Gather the IP address for your Kubernetes nodes:
code:

kubectl get nodes -o yaml | grep address


Output:
code:

addresses:
- address: 10.10.56.174
- address: security-e8316c-k8s-master-0
addresses:
- address: 10.10.56.150
- address: security-e8316c-k8s-worker-0


2. Connect to the master node and run the commands (change the IP address with yours):
code:

ssh root@10.10.56.174



code:

sed -i 's/hyperkube:v1.10.3/hyperkube:v1.10.11/g' /etc/kubernetes/manifests/kube-apiserver.yaml /etc/systemd/system/kubelet-master.service



code:

systemctl daemon-reload && systemctl restart kubelet-master


3. Check Kubernetes master has been upgraded as well as the kubectl client.
code:

kubectl version


Output:
code:

Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.11",
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.11",


4. Connect to the worker(s) and run the command (change the IP address with yours):
code:

ssh root@10.10.56.150



code:

sed -i 's/hyperkube:v1.10.3/hyperkube:v1.10.11/g' /etc/systemd/system/kubelet-worker.service



code:

systemctl daemon-reload && systemctl restart kubelet-worker


5. Check all the nodes have been patched (version must be 1.10.11 now)
code:

kubectl get nodes


Output:
code:

NAME STATUS ROLES AGE VERSION
security-e8316c-k8s-master-0 Ready master 42m v1.10.11
security-e8316c-k8s-worker-0 Ready node 39m v1.10.11



If you face any issue please do not hesitate to post your comments below.

0 replies

Be the first to reply!

Reply