fix: update k8s to 1.17.3

This PR will update k8s to v1.17.3 to address CVEs mentioned in https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topic/kubernetes-security-announce/2UOlsba2g0s Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
2025-08-18 21:21:10 +02:00 · 2020-03-23 19:18:51 -04:00 · 2020-03-23 19:18:51 -04:00 · 3485ea9f09
commit 3485ea9f09
parent 0824e500b2
12 changed files with 33 additions and 37 deletions
--- a/2
+++ b/2
@ -13,7 +13,7 @@ OPERATING_SYSTEM := $(shell uname -s | tr "[:upper:]" "[:lower:]")
 OSCTL_DEFAULT_TARGET := talosctl-$(OPERATING_SYSTEM)
 INTEGRATION_TEST_DEFAULT_TARGET := integration-test-$(OPERATING_SYSTEM)
 INTEGRATION_TEST_PROVISION_DEFAULT_TARGET := integration-test-provision-$(OPERATING_SYSTEM)
-KUBECTL_URL ?= https://storage.googleapis.com/kubernetes-release/release/v1.17.1/bin/$(OPERATING_SYSTEM)/amd64/kubectl
+KUBECTL_URL ?= https://storage.googleapis.com/kubernetes-release/release/v1.17.3/bin/$(OPERATING_SYSTEM)/amd64/kubectl
 SONOBUOY_VERSION ?= 0.17.1
 SONOBUOY_URL ?= https://github.com/heptio/sonobuoy/releases/download/v$(SONOBUOY_VERSION)/sonobuoy_$(SONOBUOY_VERSION)_$(OPERATING_SYSTEM)_amd64.tar.gz
 TESTPKGS ?= ./...
--- a/docs/talosctl/talosctl_cluster_create.md
+++ b/docs/talosctl/talosctl_cluster_create.md
@ -27,7 +27,7 @@ talosctl cluster create [flags]
      --initrd-path string          the uncompressed kernel image to use (default "_out/initramfs.xz")
  -i, --input-dir string            location of pre-generated config files
      --install-image string        the installer image to use (default "docker.io/autonomy/installer:latest")
-      --kubernetes-version string   desired kubernetes version to run (default "1.17.1")
+      --kubernetes-version string   desired kubernetes version to run (default "1.17.3")
      --masters int                 the number of masters to create (default 1)
      --memory int                  the limit on memory usage in MB (each container) (default 1024)
      --mtu int                     MTU of the docker bridge network (default 1500)
--- a/docs/talosctl/talosctl_gen_config.md
+++ b/docs/talosctl/talosctl_gen_config.md
@ -19,7 +19,7 @@ talosctl gen config <cluster name> https://<load balancer IP or DNS name> [flags
  -h, --help                        help for config
      --install-disk string         the disk to install to (default "/dev/sda")
      --install-image string        the image used to perform an installation (default "docker.io/autonomy/installer:latest")
-      --kubernetes-version string   desired kubernetes version to run (default "1.17.1")
+      --kubernetes-version string   desired kubernetes version to run (default "1.17.3")
  -o, --output-dir string           destination to output generated files
      --registry-mirror strings     list of registry mirrors to use in format: <registry host>=<mirror URL>
      --version string              the desired machine config version to generate (default "v1alpha1")
--- a/docs/website/content/v0.3/en/configuration/v1alpha1.md
+++ b/docs/website/content/v0.3/en/configuration/v1alpha1.md
@ -35,7 +35,7 @@ machine:
    force: false
 cluster:
  controlPlane:
-    version: 1.17.1
+    version: 1.17.3
    endpoint: https://1.2.3.4
  clusterName: example
  network:
--- a/docs/website/content/v0.4/en/configuration/v1alpha1.md
+++ b/docs/website/content/v0.4/en/configuration/v1alpha1.md
@ -35,7 +35,7 @@ machine:
    force: false
 cluster:
  controlPlane:
-    version: 1.17.1
+    version: 1.17.3
    endpoint: https://1.2.3.4
  clusterName: example
  network:
--- a/go.mod
+++ b/go.mod
@ -79,10 +79,9 @@ require (
 	gopkg.in/yaml.v2 v2.2.8
 	gotest.tools v2.2.0+incompatible
 	inet.af/tcpproxy v0.0.0-20200125044825-b6bb9b5b8252
-	k8s.io/api v0.17.2
+	k8s.io/api v0.17.3
-	k8s.io/apiextensions-apiserver v0.17.2 // indirect
+	k8s.io/apimachinery v0.17.3
-	k8s.io/apimachinery v0.17.2
+	k8s.io/client-go v0.17.3
-	k8s.io/client-go v0.17.2
+	k8s.io/cri-api v0.17.3
-	k8s.io/cri-api v0.0.0-20191121183020-775aa3c1cf73
+	k8s.io/kubelet v0.17.3
 	k8s.io/kubelet v0.17.0
 )
--- a/go.sum
+++ b/go.sum
@ -834,28 +834,25 @@ inet.af/tcpproxy v0.0.0-20200125044825-b6bb9b5b8252 h1:gmJCKidOfjKDUHF1jjke+I+2i
 inet.af/tcpproxy v0.0.0-20200125044825-b6bb9b5b8252/go.mod h1:zq+R+tLcdHugi7Jt+FtIQY6m6wtX34lr2CdQVH2fhW0=
 k8s.io/api v0.17.0 h1:H9d/lw+VkZKEVIUc8F3wgiQ+FUXTTr21M87jXLU7yqM=
 k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
-k8s.io/api v0.17.2 h1:NF1UFXcKN7/OOv1uxdRz3qfra8AHsPav5M93hlV9+Dc=
+k8s.io/api v0.17.3 h1:XAm3PZp3wnEdzekNkcmj/9Y1zdmQYJ1I4GKSBBZ8aG0=
-k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4=
+k8s.io/api v0.17.3/go.mod h1:YZ0OTkuw7ipbe305fMpIdf3GLXZKRigjtZaV5gzC2J0=
 k8s.io/apiextensions-apiserver v0.17.0 h1:+XgcGxqaMztkbbvsORgCmHIb4uImHKvTjNyu7b8gRnA=
 k8s.io/apiextensions-apiserver v0.17.0/go.mod h1:XiIFUakZywkUl54fVXa7QTEHcqQz9HG55nHd1DCoHj8=
 k8s.io/apiextensions-apiserver v0.17.2 h1:cP579D2hSZNuO/rZj9XFRzwJNYb41DbNANJb6Kolpss=
 k8s.io/apiextensions-apiserver v0.17.2/go.mod h1:4KdMpjkEjjDI2pPfBA15OscyNldHWdBCfsWMDWAmSTs=
 k8s.io/apimachinery v0.17.0 h1:xRBnuie9rXcPxUkDizUsGvPf1cnlZCFu210op7J7LJo=
 k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
-k8s.io/apimachinery v0.17.2 h1:hwDQQFbdRlpnnsR64Asdi55GyCaIP/3WQpMmbNBeWr4=
+k8s.io/apimachinery v0.17.3 h1:f+uZV6rm4/tHE7xXgLyToprg6xWairaClGVkm2t8omg=
-k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
+k8s.io/apimachinery v0.17.3/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g=
 k8s.io/apiserver v0.17.0/go.mod h1:ABM+9x/prjINN6iiffRVNCBR2Wk7uY4z+EtEGZD48cg=
 k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo=
 k8s.io/client-go v0.17.0 h1:8QOGvUGdqDMFrm9sD6IUFl256BcffynGoe80sxgTEDg=
 k8s.io/client-go v0.17.0/go.mod h1:TYgR6EUHs6k45hb6KWjVD6jFZvJV4gHDikv/It0xz+k=
-k8s.io/client-go v0.17.2 h1:ndIfkfXEGrNhLIgkr0+qhRguSD3u6DCmonepn1O6NYc=
+k8s.io/client-go v0.17.3 h1:deUna1Ksx05XeESH6XGCyONNFfiQmDdqeqUvicvP6nU=
-k8s.io/client-go v0.17.2/go.mod h1:QAzRgsa0C2xl4/eVpeVAZMvikCn8Nm81yqVx3Kk9XYI=
+k8s.io/client-go v0.17.3/go.mod h1:cLXlTMtWHkuK4tD360KpWz2gG2KtdWEr/OT02i3emRQ=
 k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s=
 k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s=
 k8s.io/component-base v0.17.0/go.mod h1:rKuRAokNMY2nn2A6LP/MiwpoaMRHpfRnrPaUJJj1Yoc=
-k8s.io/component-base v0.17.2/go.mod h1:zMPW3g5aH7cHJpKYQ/ZsGMcgbsA/VyhEugF3QT1awLs=
+k8s.io/cri-api v0.17.3 h1:jvjVvBqgZq3WcaPq07n0h5h9eCnIaR4dhKyHSoZG8Y8=
-k8s.io/cri-api v0.0.0-20191121183020-775aa3c1cf73 h1:Ay5EJ9pFGtQaRBfKHPjFB7Qv7AsdwyVVwFoN7z+M4aQ=
+k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
-k8s.io/cri-api v0.0.0-20191121183020-775aa3c1cf73/go.mod h1:BzAkbBHHp81d+aXzbiIcUbilLkbXa40B8mUHOk6EX3s=
+k8s.io/cri-api v0.17.4 h1:0L8aJVzYi/h2aZ5dLGB+xPCrr9RZY8qxqbxMdyBZcZU=
 k8s.io/cri-api v0.17.4/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
@ -864,8 +861,8 @@ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU=
 k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
-k8s.io/kubelet v0.17.0 h1:mUlrpp3y7gk1K++bRmXnS3+C2zmoj49GqxrlYWIlk90=
+k8s.io/kubelet v0.17.3 h1:e6oo26NusXf6i7Pp6i5tWXT+Z/oQW0XzxiWxa5pBgw0=
-k8s.io/kubelet v0.17.0/go.mod h1:e/JBCxucKuEV6JO6zYW+e72ib9eMsGO2Fah3iT5tiiI=
+k8s.io/kubelet v0.17.3/go.mod h1:Nh8owUHZcUXtnDAtmGnip36Nw+X6c4rbmDQlVyIhwMQ=
 k8s.io/kubernetes v1.13.0 h1:qTfB+u5M92k2fCCCVP2iuhgwwSOv1EkAkvQY1tQODD8=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo=
--- a/hack/test/capi/cluster-aws.yaml
+++ b/hack/test/capi/cluster-aws.yaml
@ -58,7 +58,7 @@ spec:
    kind: AWSMachine
    name: talos-e2e-{{TAG}}-aws-controlplane-0
    namespace: default
-  version: 1.17.1
+  version: 1.17.3
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
 kind: AWSMachine
@ -107,7 +107,7 @@ spec:
    kind: AWSMachine
    name: talos-e2e-{{TAG}}-aws-controlplane-1
    namespace: default
-  version: 1.17.1
+  version: 1.17.3
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
 kind: AWSMachine
@ -156,7 +156,7 @@ spec:
    kind: AWSMachine
    name: talos-e2e-{{TAG}}-aws-controlplane-2
    namespace: default
-  version: 1.17.1
+  version: 1.17.3
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
 kind: AWSMachine
@ -218,7 +218,7 @@ spec:
        kind: AWSMachineTemplate
        name: talos-e2e-{{TAG}}-aws-workers
        namespace: default
-      version: 1.17.1
+      version: 1.17.3
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
 kind: AWSMachineTemplate
--- a/hack/test/capi/cluster-gcp.yaml
+++ b/hack/test/capi/cluster-gcp.yaml
@ -56,7 +56,7 @@ spec:
    kind: GCPMachine
    name: talos-e2e-{{TAG}}-gcp-controlplane-0
    namespace: default
-  version: 1.17.1
+  version: 1.17.3
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
 kind: GCPMachine
@ -102,7 +102,7 @@ spec:
    kind: GCPMachine
    name: talos-e2e-{{TAG}}-gcp-controlplane-1
    namespace: default
-  version: 1.17.1
+  version: 1.17.3
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
 kind: GCPMachine
@ -148,7 +148,7 @@ spec:
    kind: GCPMachine
    name: talos-e2e-{{TAG}}-gcp-controlplane-2
    namespace: default
-  version: 1.17.1
+  version: 1.17.3
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
 kind: GCPMachine
@ -206,7 +206,7 @@ spec:
        kind: GCPMachineTemplate
        name: talos-e2e-{{TAG}}-gcp-workers
        namespace: default
-      version: 1.17.1
+      version: 1.17.3
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha2
 kind: GCPMachineTemplate
--- a/hack/test/libvirt/libvirt.sh
+++ b/hack/test/libvirt/libvirt.sh
@ -81,7 +81,7 @@ function down {
 }
 function workspace {
-  docker run --rm -it -v $PWD:/workspace -v $PWD/../../../${ARTIFACTS}/talosctl-linux-amd64:/bin/talosctl:ro --network talos --dns 172.28.1.1 -w /workspace/matchbox/assets -e TALOSCONFIG='/workspace/matchbox/assets/talosconfig' -e KUBECONFIG='/workspace/matchbox/assets/kubeconfig' --entrypoint /bin/bash k8s.gcr.io/hyperkube:v1.17.1
+  docker run --rm -it -v $PWD:/workspace -v $PWD/../../../${ARTIFACTS}/talosctl-linux-amd64:/bin/talosctl:ro --network talos --dns 172.28.1.1 -w /workspace/matchbox/assets -e TALOSCONFIG='/workspace/matchbox/assets/talosconfig' -e KUBECONFIG='/workspace/matchbox/assets/kubeconfig' --entrypoint /bin/bash k8s.gcr.io/hyperkube:v1.17.3
 }
 main $@
--- a/pkg/config/types/v1alpha1/doc.go
+++ b/pkg/config/types/v1alpha1/doc.go
@ -34,7 +34,7 @@ machine:
    force: false
 cluster:
  controlPlane:
-    version: 1.17.1
+    version: 1.17.3
    endpoint: https://1.2.3.4
  clusterName: example
  network:
--- a/pkg/constants/constants.go
+++ b/pkg/constants/constants.go
@ -139,7 +139,7 @@ const (
 	KubeletBootstrapKubeconfig = "/etc/kubernetes/bootstrap-kubeconfig"
 	// DefaultKubernetesVersion is the default target version of the control plane.
-	DefaultKubernetesVersion = "1.17.1"
+	DefaultKubernetesVersion = "1.17.3"
 	// KubernetesImage is the enforced hyperkube image to use for the control plane.
 	KubernetesImage = "k8s.gcr.io/hyperkube"