This post covers how to patch the recent Kubernetes vulnerability (https://github.com/kubernetes/kubernetes/issues/71411). The version used as an example in this post is Kubernetes version 1.10.3, this is the only version tested but it should work on the same way for any of the other Kubernetes versions available in Karbon.
Note: the SSH password is the known standard for Nutanix CVM
1. Gather the IP address for your Kubernetes nodes:
code:
kubectl get nodes -o yaml | grep address
Output:
code:
addresses:
- address: 10.10.56.174
- address: security-e8316c-k8s-master-0
addresses:
- address: 10.10.56.150
- address: security-e8316c-k8s-worker-0
2. Connect to the master node and run the commands (change the IP address with yours):
code:
ssh root@10.10.56.174
code:
sed -i 's/hyperkube:v1.10.3/hyperkube:v1.10.11/g' /etc/kubernetes/manifests/kube-apiserver.yaml /etc/systemd/system/kubelet-master.service
code:
systemctl daemon-reload && systemctl restart kubelet-master
3. Check Kubernetes master has been upgraded as well as the kubectl client.
code:
kubectl version
Output:
code:
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.11",
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.11",
4. Connect to the worker(s) and run the command (change the IP address with yours):
code:
ssh root@10.10.56.150
code:
sed -i 's/hyperkube:v1.10.3/hyperkube:v1.10.11/g' /etc/systemd/system/kubelet-worker.service
code:
systemctl daemon-reload && systemctl restart kubelet-worker
5. Check all the nodes have been patched (version must be 1.10.11 now)
code:
kubectl get nodes
Output:
code:
NAME STATUS ROLES AGE VERSION
security-e8316c-k8s-master-0 Ready master 42m v1.10.11
security-e8316c-k8s-worker-0 Ready node 39m v1.10.11
If you face any issue please do not hesitate to post your comments below.