Skip to content

Commit bd46dfe

Browse files
cyclindercyclinder
authored
kube-proxy: update iptables version (#186)
1 parent 828d641 commit bd46dfe

File tree

2 files changed

+53
-0
lines changed

2 files changed

+53
-0
lines changed

patches/update-kube-proxy-iptables.1.18.patch

+44
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2+
From: cyclinder <qifeng.guo@daocloud.io>
3+
Date: Fri, 22 Dec 2023 14:23:10 +0800
4+
Subject: [PATCH] kube-proxy: update iptables version
5+
6+
---
7+
build/BUILD | 2 +-
8+
build/common.sh | 4 ++--
9+
2 files changed, 3 insertions(+), 3 deletions(-)
10+
11+
diff --git a/build/BUILD b/build/BUILD
12+
index 70e3874b441..4c67a178517 100644
13+
--- a/build/BUILD
14+
+++ b/build/BUILD
15+
@@ -42,7 +42,7 @@ DOCKERIZED_BINARIES = {
16+
"target": "//cmd/kube-scheduler:kube-scheduler",
17+
},
18+
"kube-proxy": {
19+
- "base": "@debian-iptables-{ARCH}//image",
20+
+ "base": "@distroless-iptables//image",
21+
"target": "//cmd/kube-proxy:kube-proxy",
22+
},
23+
}
24+
diff --git a/build/common.sh b/build/common.sh
25+
index 9cd95b5af51..13c15466c39 100755
26+
--- a/build/common.sh
27+
+++ b/build/common.sh
28+
@@ -95,14 +95,14 @@ readonly KUBE_CONTAINER_RSYNC_PORT=8730
29+
kube::build::get_docker_wrapped_binaries() {
30+
local arch=$1
31+
local debian_base_version=v2.1.3
32+
- local debian_iptables_version=v12.1.2
33+
+ local distroless_iptables_version=v0.4.2
34+
### If you change any of these lists, please also update DOCKERIZED_BINARIES
35+
### in build/BUILD. And kube::golang::server_image_targets
36+
local targets=(
37+
"kube-apiserver,${KUBE_BASE_IMAGE_REGISTRY}/debian-base-${arch}:${debian_base_version}"
38+
"kube-controller-manager,${KUBE_BASE_IMAGE_REGISTRY}/debian-base-${arch}:${debian_base_version}"
39+
"kube-scheduler,${KUBE_BASE_IMAGE_REGISTRY}/debian-base-${arch}:${debian_base_version}"
40+
- "kube-proxy,${KUBE_BASE_IMAGE_REGISTRY}/debian-iptables-${arch}:${debian_iptables_version}"
41+
+ "kube-proxy,registry.k8s.io/build-image/distroless-iptables:${distroless_iptables_version}"
42+
)
43+
44+
echo "${targets[@]}"

releases.yml

+9
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,15 @@ releases:
5151
- fix-missing-env-91500.1.18
5252
- CVE-2021-25741.1.18
5353
- nokmem.1.20
54+
55+
- name: v1.18.20-dce.1
56+
base_release: v1.18.20-ci
57+
patches:
58+
- CVE-2020-8554.1.18
59+
- fix-missing-env-91500.1.18
60+
- CVE-2021-25741.1.18
61+
- nokmem.1.20
62+
- update-kube-proxy-iptables.1.18.patch
5463

5564
- name: v1.17.17-lts.2
5665
base_release: v1.17.17-ci

0 commit comments

Comments
 (0)