Update Kubernetes and kubernetes-cni versions (#5024)

This PR updates kubernetes version to 1.18.6 and kubernetes-cni version to 0.8.6 signed-off by: Isabel Li isabel.li@microsoft.com Why I did it Previous kubernetes-cni version (0.7.5) introduced Kubernetes Man In The Middle Vulnerability. “A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.” How I did it Defined kubernetes-cni version to be 0.8.6 and updated kubernetes version to be 1.18.6 How to verify it Check versions by running dpkg -l | grep kube
sonic-net · Jul 24, 2020 · 55d3ecd · 55d3ecd
1 parent c4748e8
commit 55d3ecd
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 9 deletions.
diff --git a/Makefile.work b/Makefile.work
@@ -185,6 +185,7 @@ SONIC_BUILD_INSTRUCTION :=  make \
                            SHUTDOWN_BGP_ON_START=$(SHUTDOWN_BGP_ON_START) \
                            INSTALL_KUBERNETES=$(INSTALL_KUBERNETES) \
                            KUBERNETES_VERSION=$(KUBERNETES_VERSION) \
+                           KUBERNETES_CNI_VERSION=$(KUBERNETES_CNI_VERSION) \
                            K8s_GCR_IO_PAUSE_VERSION=$(K8s_GCR_IO_PAUSE_VERSION) \
                            K8s_CNI_FLANNEL_VERSION=$(K8s_CNI_FLANNEL_VERSION) \
                            SONIC_ENABLE_PFCWD_ON_START=$(ENABLE_PFCWD_ON_START) \

diff --git a/build_debian.sh b/build_debian.sh
@@ -222,14 +222,9 @@ then
     ## Check out the sources list update matches current Debian version
     sudo cp files/image_config/kubernetes/kubernetes.list $FILESYSTEM_ROOT/etc/apt/sources.list.d/
     sudo LANG=C chroot $FILESYSTEM_ROOT apt-get update
-    if [[ $KUBERNETES_VERSION == 1.18.0 ]]; then 
-        # kubeadm 1.18.0 package auto install has some dependency error so install
-        # those package explicitly.
-        sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubernetes-cni=0.7.5-00
-        sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubelet=1.18.3-00
-        sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubectl=1.18.3-00
-    fi
-    # else kubeadm package auto install kubelet & kubectl
+    sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubernetes-cni=${KUBERNETES_CNI_VERSION}-00
+    sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubelet=${KUBERNETES_VERSION}-00
+    sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubectl=${KUBERNETES_VERSION}-00
     sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubeadm=${KUBERNETES_VERSION}-00
     # kubeadm package auto install kubelet & kubectl
 else

diff --git a/rules/config b/rules/config
@@ -144,7 +144,8 @@ INSTALL_KUBERNETES = n
 # These are Used *only* when INSTALL_KUBERNETES=y
 # NOTE: As a worker node it has to run version compatible to kubernetes master.
 #
-KUBERNETES_VERSION = 1.18.0
+KUBERNETES_VERSION = 1.18.6
+KUBERNETES_CNI_VERSION = 0.8.6
 K8s_GCR_IO_PAUSE_VERSION = 3.2
 K8s_CNI_FLANNEL_VERSION = v0.12.0