ELSA-2023-12564

Описание

kubernetes [1.25.11-1]

• Added Oracle specific build files for Kubernetes

olcne [1.6.2-1]

• CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11
• Add all modules to registry-image-helper
• update yq to 4.x

[1.6.1-9]

• Updated the CVE ID's in Istio-1.16.4 changelog entry

[1.6.1-8]

• Update Istio config to include 1.15.7 to support upgrade from 1.5.x to 1.6.x

[1.6.1-7]

• Bugfix:Append a slash in oci-instance-metada query url

[1.6.1-6]

• Fixed helm installation in OLCNE upgrade

[1.6.1-5]

• Deprecate oci-private-key in favour of oci-private-key-file
• Updated olcne_version argument in olcnectl provision to support <major.minor.patch>

[1.6.1-4]

• Update Istio version to 1.16.4 to address CVE's
• CVE-2023-27496
• CVE-2023-27488
• CVE-2023-27493
• CVE-2023-27492
• CVE-2023-27491
• CVE-2023-27487

[1.6.1-3]

• Resolved the issue to install multiple network cards using multus

[1.6.1-2]

• Update kubelet for upstream runc misc cgroups patch

[1.6.1-1]

• Fix the bug olcnectl provision fails if ol8_developer does not exist

[1.6.0-4]

• Removed PodSecurityPolicy from the Grafana Helm chart due to the removal of the API in Kubernetes 1.25
• Fixed an issue where creating an instance of the Istio module without Helm already installed would fail

[1.6.0-3]

• Move template to olcne-api-server and provide default calico config

[1.6.0-2]

• Update KubeVirt version to 0.58.0

[1.6.0-1]

• Update Kubernetes version to 1.25.7
• Update Helm version to 3.11.1
• Update Istio version to 1.16.2
• Add Calico CNI 3.25
• Add Multus CNI 3.9.3
• Technical preview for KubeVirt 0.52.0
• Technical preview for Rook 1.10.9
• Add subcommand to olcnectl that lists version information for modules
• Add support for --control-plane-nodes argument to the Kubernetes module for specifying control plane nodes
• olcnectl provision can now update existing module instances
• Deprecate Helm module in favor of automatically installing Helm with Kubernetes
• Deprecate --master-nodes argument to the Kubernetes module
• Deprecate Kata container runtime
• Deprecate Flannel CNI
• Deprecate GlusterFS CSI Driver

[1.5.11-1]

• Expose metrics endpoints for kube-system services
• Support installation with or without firewalld running
• Open port 9100 on nodes when installing Kubernetes module
• Make disable swap persist after reboot of control plane node

[1.5.10-2]

• Update istio to 1.15.3 to address Istio CVE-2022-392787

[1.5.9-1]

• Fix a regression during provisioning where arguments for the externalip restriction webhook are handled incorrectly

[1.5.8-4]

• Fix 1.21 kubernetes version to align with last upstream release

[1.5.8-3]

• Increase timeout value for update module

[1.5.8-2]

• Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24
• Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23
• Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.22
• Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21

[1.5.8-1]

• Improve error reporting and logging when using olcnectl provision
• Environment creation is now idempotent

[1.5.7-6]

• Unpinned podman for OL7

[1.5.7-5]

• Updated the kubernetes-dashboard version to v2.5.1 in the registry-image-helper.sh script for kubernetes-1.24.5

[1.5.7-4]

• Upgraded helm-3.7.1 to 3.9.4

[1.5.7-3]

• Resolved kubernetes-1.22.14 upgrade issue

[1.5.7-1]

• Upgrade Kubernetes to 1.24.5
• Upgrade Istio to 1.14.3
• Update OCI-CCM to 1.24.0 for kubernetes 1.24
• Update kubernetes-dashboard to v2.5.1
• Added support for custom profiles to the Istio module
• Added support for multiple instances of the Istio module with independent profiles
• Implemented automation within olcnectl for provisioning of Platform components and modules for existing compute resources

[1.5.6-1]

• Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14
• Resolve Kubernetes CVE-2022-3172 for version 1.21
• Resolve Kubernetes CVE-2022-3172 for version 1.22
• Resolve Kubernetes CVE-2022-3172 for version 1.23

[1.5.5-1]

• Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045

[1.5.4-3]

• Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over

[1.5.4-2]

• Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227

[1.5.4-1]

• Upgrade Kubernetes to 1.23.7

[1.5.3-1]

• Address qemu CVE-2022-26353, CVE-2021-3748

[1.5.2-1]

• Excluded unnecessary directories from k8s backup files

[1.5.1-1]

• Fixed the bug in fetching node metadata for non-cloud nodes

[1.5.0-2]

• Upgrade Helm to 3.7.1-2

[1.5.0-2]

• fix null pointer exception in systemd service state validation

[1.5.0-1]

• Introduce support for compact Kubernetes clusters
• Introduce MetalLB
• Introduce Oracle Cloud Infrastructure Cloud Controller Manager
• Improved log messages in Platform API Server and Platform Agent
• Upgrade Kubernetes to 1.22.8
• Upgrade Istio to 1.13.2
• Renamed the oci-csi module to oci-ccm

[1.5.0-20.alpha]

• Update istio-1.13.2 grafana to 7.5.15

[1.5.0-14.alpha]

• Metallb fix

[1.5.0-11.alpha]

• Remove module directories when olcne rpm is uninstalled

[1.5.0-10.alpha]

• OCI CCM 0.13.0

[1.5.0-9.alpha]

• Reworked log messages

[1.5.0-8.alpha]

• Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6)

[1.5.0-7.alpha]

• Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15)

[1.5.0-6.alpha]

• Update to k8s 1.22 with golang 1.17

[1.5.0-5.alpha]

• Update internal docs for oci-ccm module

[1.5.0-4.alpha]

• Extend oci-ccm module to support load balancer

[1.5.0-3.alpha]

• Firewall pre-req

[1.5.0-2.alpha]

• Ensure that config map settings needed by metallb is preserved during k8s upgrade

[1.5.0-1.alpha]

• Metallb module

[1.4.1-14]

• Added 1.4 extra images to registry-image-helper.sh script

[1.4.1-13]

• Update sudoers file and changed its permissions to '0440'

[1.4.1-12]

• Update olcne-kubernetes.md file for 'compact' flag

[1.4.1-11]

• Ensure that the order of items in an upgraded config file is stable with respect to the original file

[1.4.1-10]

• Ensure that old olcnectl config files are upgraded

[1.4.1-9]

• Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation

[1.4.1-8]

• Make 'compact' flag updatable

[1.4.1-7]

• Introduce 'compact' that enables control-plane nodes to run any workloads

[1.4.1-6]

• Ability to label 1 or more kubernetes nodes

[1.4.1-5]

• Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start.

[1.4.1-4]

• Update helm to 3.7.1

[1.4.1-3]

• Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11

[1.4.1-2]

• Allow loadbalancer to be configured regardless of security list mode

[1.4.0-4]

• Fix bug in initialising certs manager when environment name not mentioned

[1.4.0-3]

• Fix bug in fetching report for multi-environment

[1.4.0-2]

• Pause image is 3.4.1

[1.4.0-1]

• CSI plugin
• Reports feature
• Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade
• Istio-1.9.4 to Istio-1.11.4 upgrade
• Component upgrades
• Config file feature

[1.3.0-13]

• Fix iptables issue when running on OL7 host using OL8 image

[1.3.0-12]

• Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007

[1.3.0-11]

• Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]

[1.3.0-10]

• Fixed missing double semicolon in registry image helper

[1.3.0-9] yq [4.34.1-1]

• Added Oracle specific build files