kubernetes kubeadm-ha-setup kubeadm-upgrade security update

kubernetes
[1.12.10-1.0.11]

• [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads
  [1.12.10-1.0.10]
• [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS
  [1.12.10-1.0.9]
• Define rolling update for flannel
  [1.12.10-1.0.8]
• Modify flannel/dashboard image tags to use images that have the cve fix
  [1.12.10-1.0.7]
• [CVE-2019-11253] Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack
  [1.12.10-1.0.6]
• [CVE-2019-16276] bump golang to 1.12.10
  [1.12.10-1.0.5]
• added THIRD_PARTY_LICENSES.txt file
  [1.12.10-1.0.4]
• fix for CVE-2019-11251
  [1.12.10-1.0.3]
• replacing references to kubernetes-dashboard-amd64 with kubernetes-dashboard
  [1.12.10-1.0.2]
• Added Oracle specific build files for Kubernetes
  kubeadm-ha-setup
  [0.0.2-1.0.69]
• [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads
  [0.0.2-1.0.68]
• Pull image prior to update and fix image repo for addons
  [0.0.2-1.0.67]
• Bump golang build version
  [0.0.2-1.0.66]
• [CVE-2019-16276] Support patching flannel/dashboard on upgrade
  [0.0.2-1.0.65]
• [CVE 2019-16276] Support deploygin 1.12 and 1.13 with CVE patched
  [0.0.2-1.0.64]
• [CVE-2019-16276] Support patching etcd on upgrade
  [0.0.2-1.0.63]
• [CVE-2019-16276] while upgrading a cluster patch the coredns image
  [0.0.2-1.0.62]
• CVE-2019-16276 : Update flannel , etcd coredns and dashboard images.
  [0.0.2-1.0.61]
• Added Support for 1.13.11 and removed support for 1.13.10
  [0.0.2-1.0.59]
• Remove Support for 1.14.6
  [0.0.2-1.0.58]
• Replacing reference to kubernetes-dashboard-amd64 with kubernetes-dashboard
  [0.0.2-1.0.57]
• Support 1.12.10
  [0.0.2-1.0.56]
• Support 1.14.6
  [0.0.2-1.0.55]
• Support 1.13.10
  [0.0.2-1.0.54]
• Support 1.13.9
  [0.0.2-1.0.53]
• Mark 1.14 as a developer build
  [0.0.2-1.0.52]
• Restore fails when trying to restore after a failed update
  [0.0.2-1.0.51]
• Minor version update doesn’t update kubeadm on all master nodes
  [0.0.2-1.0.50]
• Make k8s 1.14 specific changes
  [0.0.2-1.0.49]
• Remove 1.10 and 1.11 version since they are incompatable
  [0.0.2-1.0.48]
• Support deploying 5 master nodes
  [0.0.2-1.0.47]
• Only update/upgrade the controlplane images if they changed in the Release object
  [0.0.2-1.0.46]
• Fix version comparison function during upgrade
  [0.0.2-1.0.45]
• Fix rpm version compare
• Allow kubernetes updates for patch version
  [0.0.2-1.0.44]
• Allow assume yes to deploy a single master without the prompt
  [0.0.2-1.0.43]
• Post cluster creation should check only for master nodes
  [0.0.2-1.0.42]
• Update keepalived check api server to ensure we are grepping the correct IP
  [0.0.2-1.0.41]
• Make ha.yaml an optional argument in the cli for single master cluster
  [0.0.2-1.0.40]
• Add pod cidr default and refactor ha.yaml example
  [0.0.2-1.0.39]
• Remove features: feature1_13=true from config
  [0.0.2-1.0.38]
• Default kubernetes version to latest production version
  [0.0.2-1.0.37]
• Fix keepalived issue when firewalld is disable
  [0.0.2-1.0.36]
• Default kubernetes version to latest production version
  [0.0.2-1.0.35]
• Add addons template and config files
  [0.0.2-1.0.34]
• Enhance tests
  [0.0.2-1.0.33]
• fix regression of previous firewall fix
  [0.0.2-1.0.32]
• Fix firewall issues during restore
  [0.0.2-1.0.31]
• Fix firewall issues
  [0.0.2-1.0.30]
• Enhance output while validating the system
  [0.0.2-1.0.29]
• Fix DR in 1.13
  [0.0.2-1.0.28]
• Fix apiserver_cert_extra_sans for 1.13 clusters
  [0.0.2-1.0.27]
• Fix update/upgrade output message
  [0.0.2-1.0.26]
• Fix major upgrade
  [0.0.2-1.0.25]
• Add registry migration
  [0.0.2-1.0.24]
• Return stdout and stderr from Run function to allow the caller decided what to display
  [0.0.2-1.0.23]
• Proxy variable is inherited in remote master
  [0.0.2-1.0.22]
• The Trim function doesn’t work for replacing strings
• Upgrade should use the pause container instead of pause-amd64
  [0.0.2-1.0.21]
• Include 1.12.7 image and update 1.13 and metric servers info
  [0.0.2-1.0.20]
• Support new registries and allow for password to have a colon
  [0.0.2-1.0.19]
• –force flag for full restore
  [0.0.2-1.0.18]
• Change update help message
  [0.0.2-1.0.17]
• Change update message, add ha install command and ask for confirmation
  [0.0.2-1.0.16]
• Change upgrade command name to update
  [0.0.2-1.0.15]
• Fix upgrade for point release
  [0.0.2-1.0.14]
• Move file.go to config.go
  [0.0.2-1.0.13]
• Feature Flag 1.13 code
  [0.0.2-1.0.12]
• Add support of upgrading HA master nodes
  [0.0.2-1.0.11]
• Support deploying Kubernetes version 1.13.2
  [0.0.2-1.0.10]
• CVE-2018-16875
  [0.0.2-1.0.9]
• Add timeout to Run() (gitlab issues #3)
• Rename path to linux-git.us.oracle.com/Kubernetes
  [0.0.2-1.0.8]
• Remove releases.json dependency
  [0.0.2-1.0.7]
• Pin dependent kubernetes packages
  [0.0.2-1.0.6]
• Update deps for kube 1.13
  [0.0.2-1.0.5]
• Add test runner in makefile and execute it in CI/CD
  [0.0.2-1.0.4]
• Fix backup path issue again found by Tom Cocozzello
  [0.0.2-1.0.3]
• [Orabug 29152516] Backup and restore /var/lib/kubelet/kubeadm-flags.env too
• Cleanup kube-ipvs0 interface too
• More code cleanup
• Use map for checking kernel module
• Fix client joining errors
• Addressing Tom Cocozzello’s review
• Enabling IPVS in HA
  [0.0.2-1.0.2]
• Update dashboard image (CVE-2018-18264)
  [0.0.2-1.0.1]
• Allow Oracle certified addons to be installed via cli
  [0.0.1-2.0.9]
• Use ‘dep ensure’ to clean up symlinks in the vendor directory
  [0.0.1-2.0.5]
• Clean up un-used build scripts
  [0.0.1-2.0.4]
• Add Makefile for building and testing code
  [0.0.1-2.0.3]
• Fix file restore issue when it contains ‘./’
  [0.0.1-2.0.2]
• Resolve the full filepath when ‘.’ is passed in
• Addressing review by Muminul Islam
  [0.0.1-2.0.1]
• Remove ‘firewall-cmd --reload’ as it can hangs OCI
• Fix some errors reported by Shubham
• Error out if options is not currently supported in HandleEtcdOps
• Fix down issue
• Dump log output to /var/log/kubeadm-ha-setup
  [0.0.1-1.0.37]
• Fix kubernetes version
• Include log printing when error occurs
• Fix client.go regression due to new down function
  [0.0.1-1.0.36]
• Remove Godeps, using dep for now
• Check if image is not set before referencing
• Rename getEtcdConfigV2 to getEtcdConfig
• Adding down functionality
• Update ha.yaml file
  [0.0.1-1.0.35]
• Removing etcd.go
• Addressing Tom Cocozzello review
• [Orabug 28977571]
  [0.0.1-1.0.34]
• Enabling full restore on HA master and single master
• Cleanup
• Enable single master backup
• Double the context request timeout
• Implement retryable AddMember
  [0.0.1-1.0.33]
• Modified DR for One node case to use new etcd API
• Enhanced the helper scripts such that it will error out
• HealthCheck re-implementation
  [0.0.1-1.0.32]
• Update dashboard image
  [0.0.1-1.0.31]
• Needs to be run as a privileged user
• Enable CoreDNS as default
  [0.0.1-1.0.30]
• Enable single master setup
  [0.0.1-1.0.29]
• Redesigned for setting up v1.12 HA clusters
  [0.0.1-1.0.28]
• Fixes for v1.11
• Addressing Laszlo Peter review
• Addressing Daniel Krasinski review
  [0.0.1-1.0.27]
• Fix build failure
• Add UPL LICENSE
• Fix the usage of defer
• Re-try when docker pull image gets a timeout
• Refactor SetupCreds()
• Remove --force flag for restore
• When something fail, we should lenghten the timeout time
  [0.0.1-1.0.26]
• When context timed out catch it and print stdout, stderr
  [0.0.1-1.0.25]
• Check output from docker client and probe for error
  [0.0.1-1.0.24]
• Properly parse if repo has a special ‘:’ character
  [0.0.1-1.0.23]
• Checking the total nodes would be better implementation
• Fixup etcd add member errors
  [0.0.1-1.0.22]
• Pod count could be >= 20
• Remove port 30000-32767/tcp check for client node
• Querying k8s cluster health instead of etcd for backup
• Cosmestic fix
• Etcd one node restore problems
  [0.0.1-1.0.21]
• Check whether repo needs auth even in one node restore case
• Fixup the restore script
• docker pull image change in behavior in 18.03
• Include client side image repo checking too
• Provide a full repo path for comparison
• Make kubernetes_developer as the sample repo
• Use strings.Contains to compare strings
• Fix README
• Initial README
• Include changes in kube.go
  [0.0.1-1.0.20]
• In OCI LB can takes time to setup properly
• Fix random string
• [Orabug 28445064]
• Replace RunCmdExec() with just Run()
• Sanity check for # of master
• Make kubeadm token default to be random
  [0.0.1-1.0.19]
• Check if docker exec etcd returns Error
• Check env first before trying to pull image
• [Orabug 28461826]
  [0.0.1-1.0.18]
• Fixing LB, kubelet, kubectl-proxy
• Add a DEBUG flag for more verbose output
  [0.0.1-1.0.17]
• Don’t loop forever in client, make Run() more consistent in master
• Fixup LB for OCI
• Add apiserver-bind-port capability
  [0.0.1-1.0.17]
• Include apiserver_cert_extra_sans and service_cidr
  [0.0.1-1.0.16]
• Include restoring keepalived for one and full restore
• For Full Restore we need to first clean up before anything else
• Clean up DR, make backup check etcd health first
• Properly clean-up flannel.1 and cni0
  [0.0.1-1.0.15]
• DR code cleanup
• Changed permission on the created dir to 0755
• Fix filename not found error
  [0.0.1-1.0.14]
• Don’t panic()
• In One node restore case verify the ca.crt MD5SUM
• Full DR feature
• Redesign of the DR
• Include file and its line number for logging
• Put the binary full path
• Re-arrange varibles for ssh.go
• Separate etcd cli to another file (etcd.go)
• Addition to kubectl cli
• Check if MyIP for local node is missing/empty
  [0.0.1-1.0.13]
• Replace binary names
• Include the ability to re-try master setup
  [0.0.1-1.0.12]
• Renamed the whole REPO to kubeadm-ha-setup
• Don’t print out more logs as necessary
  [0.0.1-1.0.12]
• Enhance ssh/sftp code
  [0.0.1-1.0.11]
• Change the storePath
• Include keepalived backup and change backup.sh/restore.sh
  [0.0.1-1.0.10]
• Continuing on the restore part
• Make the script to query all KUBEDIR directory from a single file
• Consolidate KUBEDIR
• Make systemd related file 0644
  [0.0.1-1.0.9]
• Fixup the hardcoded directory as such we are reading from only limited source
• Include the Docker API for restore
• Initial implementation of DR
  [0.0.1-1.0.8]
• Fixup kubeadm-setup join
• systemctl enable kubelet
  [0.0.1-1.0.7]
• Fix LoadBalancer to take care of extra steps
  [0.0.1-1.0.6]
• Cleanup some stdout
• Add token field in ha.yaml for ease of automated setup
  [0.0.1-1.0.5]
• If Loadbalancer is preferred/used
  [0.0.1-1.0.4]
• Remove goroutine sleep - unnecessary
• Provides structure to store required files and cert files
• Fix merge errors
  [0.0.1-1.0.3]
• Create /run/kubeadm w-w/o --skip
  [0.0.1-1.0.2]
• NoHA and LoadBalancer
  [0.0.1-1.0.1]
• Initial build
  kubeadm-upgrade
  [0.0.1-1.0.28]
  – [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads
  [0.0.1-1.0.27]
  – [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS
  [0.0.1-1.0.26]
  – Create log folder before any log write or error exit [ orabug: 29806186 ]
  [0.0.1-1.0.25]
  – Enforce exit on errors
  [0.0.1-1.0.24]
  – Dashboard yaml location was moved in Kubernetes 1.12.7
  [0.0.1-1.0.23]
  – Detect latest kubernetes version from yum
  [0.0.1-1.0.22]
  – Bump up 1.12.7 version for coredns fix
  [0.0.1-1.0.21]
  – CVE-2019-9946
  [0.0.1-1.0.20]
  – CVE-2019-1002101
  [0.0.1-1.0.19]
  – Bump up 1.12.6 version
  [0.0.1-1.0.18]
  – Upgrade from 1.9 to 1.12 fails
  [0.0.1-1.0.17]
  – Update the Kubernetes version to include the conntrack fix
  [0.0.1-1.0.16]
  – CVE-2019-1002100
  [0.0.1-1.0.15]
  – CVE-2018-1002105
  [0.0.1-1.0.14]
  – Fix kube version for 1.10.5
  [0.0.1-1.0.13]
  – Updating 1.10 and 1.11 version for CVE fixes
  – Include flannel and dashboard upgrade
  [0.0.1-1.0.12]
  – Upgrade to 1.12.5-2.1.1
  [0.0.1-1.0.11]
  – Upgrade to 1.12.5
  [0.0.1-1.0.10]
  – Add license info to the script
  [0.0.1-1.0.9]
  – Add license file
  [0.0.1-1.0.8]
  – Fix the bug on number of CPU checking
  [0.0.1-1.0.7]
  – Use install instead of update for a specifc 1.12 version
  [0.0.1-1.0.6]
  – Upgrade cluster to 1.12.3-* version only
  [0.0.1-1.0.5]
  – Add exit handler to gather logs on failure
  [0.0.1-1.0.4]
  – Enhance logging and check return code after kubeadm apply. Checking CPU and Memory of the system
  [0.0.1-1.0.3]
  – Change REPO_PREFIX to use a single repo, increased timeout during cluster health check
  [0.0.1-1.0.2]
  – Added comments and fix rpm name
  [0.0.1-1.0.1]
• Upgrade to 1.12.3