Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: upgrade istio to 1.4.10-asm.15 #1412

Merged
merged 3 commits into from
Jul 27, 2020
Merged

chore: upgrade istio to 1.4.10-asm.15 #1412

merged 3 commits into from
Jul 27, 2020

Conversation

Bobgy
Copy link
Contributor

@Bobgy Bobgy commented Jul 23, 2020

Description of your changes:
I think I recently received a GCP email mentioning there's a vulnerability in some istio version, and we should upgrade to latest.

Checklist:

  • Unit tests have been rebuilt:
    1. cd manifests/tests
    2. make generate-changed-only
    3. make test

@google-cla google-cla bot added the cla: yes label Jul 23, 2020
@kubeflow-bot
Copy link
Contributor

This change is Reviewable

@Bobgy
Copy link
Contributor Author

Bobgy commented Jul 23, 2020

/assign @jlewi

Bobgy
Bobgy commented Jul 23, 2020
View reviewed changes
tests/testdata_gcp_kpt/gcp/Kptfile Outdated
@@ -11,37 +11,31 @@ openAPI:
setter:
name: gcloud.core.project
value: customerProject
isSet: true
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran the hack/generate-xxx script, but looks like this was automatically removed

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you revert the changes? You shouldn't need to rerun the generate script; it was a one time deal.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does that mean I don't need to update the testdata for kpt anymore?

@Bobgy
Revert "update snapshot"
9862bf6 
This reverts commit 9523ad4.
@Bobgy
Copy link
Contributor Author

Bobgy commented Jul 24, 2020

Thanks @jlewi!
reverted unneeded changes

@Bobgy
Copy link
Contributor Author

Bobgy commented Jul 26, 2020

@jlewi We missed this for the release.

@Bobgy
Copy link
Contributor Author

Bobgy commented Jul 27, 2020

Reading the instruction

Please upgrade your clusters to ASM 1.4.10-asm.3 or ASM 1.5.7-asm.0 as soon as possible and apply the additional configuration changes as specified in ISTIO-SECURITY-2020-007 to prevent Denial of Service (DOS) attacks on your application.

I don't think this is a blocker to release, because DOS attacks should be protected by IAP already.
I'd prefer updating to latest istio, because we are not really providing guidelines on how users can upgrade by themselves.

@jlewi
Copy link
Contributor

jlewi commented Jul 27, 2020

/lgtm
/approve

@Bobgy Note at this point 1.1.0 has been finalized.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jlewi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit dcfc9f2 into kubeflow:master Jul 27, 2020
@Bobgy Bobgy deleted the upgrade_istio branch August 19, 2020 08:22
Bobgy added a commit to Bobgy/manifests that referenced this pull request Aug 19, 2020
@Bobgy
chore: upgrade istio to 1.4.10-asm.15 (kubeflow#1412)
2b77e63 
* chore: upgrade istio to 1.4.10-asm.15

* update snapshot

* Revert "update snapshot"

This reverts commit 9523ad4.
k8s-ci-robot pushed a commit that referenced this pull request Aug 20, 2020
@Bobgy
Cherry pick of "chore: upgrade istio to 1.4.10-asm.15 #1412" (#1501)
7396f1a 
* chore: upgrade istio to 1.4.10-asm.15

* update snapshot

* Revert "update snapshot"

This reverts commit 9523ad4.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlewi jlewi Awaiting requested review from jlewi

@krishnadurai krishnadurai Awaiting requested review from krishnadurai

Assignees

@jlewi jlewi

Labels
approved cla: yes lgtm size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Bobgy @kubeflow-bot @jlewi @k8s-ci-robot