Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feat] update support kubernetes v1.25.x and fix security risk #43

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[feat] update support kubernetes v1.25.x and fix security risk #43

wants to merge 1 commit into from

Conversation

dongjiang1989
Copy link

What type of PR is this?

/kind feature

  • Unittest
  • Coverage 80%+
  • Build Success

What this PR does / why we need it:

  1. support kubernetes ge v1.25.x
  2. fix base image and package security risk
  3. update golang to 1.19.x

Notes

image

@github-actions
Copy link

🎉 Successfully Build Images.
Now Support ARM Platforms.
Comment Post Time(CST): 2023-05-24 15:13
Git Version: b871212

Docker Registry

Overview: https://hub.docker.com/u/gocrane

Image Pull Command
crane-scheduler:pr-43-b871212 docker pull gocrane/crane-scheduler:pr-43-b871212
crane-scheduler-controller:pr-43-b871212 docker pull gocrane/crane-scheduler-controller:pr-43-b871212

Coding Registry

Overview: https://finops.coding.net/public-artifacts/gocrane/crane/packages

Image Pull Command
crane-scheduler:pr-43-b871212 docker pull finops-docker.pkg.coding.net/gocrane/crane/crane-scheduler:pr-43-b871212
crane-scheduler-controller:pr-43-b871212 docker pull finops-docker.pkg.coding.net/gocrane/crane/crane-scheduler-controller:pr-43-b871212

Ghcr Registry

Overview: https://github.com/orgs/gocrane/packages?repo_name=crane

Image Pull Command
crane-scheduler:pr-43-b871212 docker pull ghcr.io/gocrane/crane/crane-scheduler:pr-43-b871212
crane-scheduler-controller:pr-43-b871212 docker pull ghcr.io/gocrane/crane/crane-scheduler-controller:pr-43-b871212

@dongjiang1989
Copy link
Author

@qmhu PTAL

@qmhu
Copy link
Member

qmhu commented May 25, 2023

Hi @dongjiang1989 :

Do you meet problems in 1.25? The risk for upgrade version is high, we need to think carefully.

@dongjiang1989
Copy link
Author

Hi @dongjiang1989 :

Do you meet problems in 1.25? The risk for upgrade version is high, we need to think carefully.

In Kubernetes 1.24, scheduler framework PreFilter interface add return a PreFilterResult. so update major release version

kubernetes/kubernetes#108648

@qmhu
Copy link
Member

qmhu commented May 25, 2023

Hi @dongjiang1989 :
Do you meet problems in 1.25? The risk for upgrade version is high, we need to think carefully.

In Kubernetes 1.24, scheduler framework PreFilter interface add return a PreFilterResult. so update major release version

kubernetes/kubernetes#108648

I mean do you deploy crane-scheduler in a 1.25 cluster and meet problem?

@dongjiang1989
Copy link
Author

Hi @dongjiang1989 :
Do you meet problems in 1.25? The risk for upgrade version is high, we need to think carefully.

In Kubernetes 1.24, scheduler framework PreFilter interface add return a PreFilterResult. so update major release version
kubernetes/kubernetes#108648

I mean do you deploy crane-scheduler in a 1.25 cluster and meet problem?

Thank you for your response. While it's reassuring to know that the specific vulnerable features are not currently being used in our product, I would like to highlight that the identified vulnerability has been flagged in our recent security assessment. Our security team has thoroughly reviewed the issue and determined that it poses a significant risk to the overall security of our product. That's why we would like to incorporate latest vulnerability free binary in our system as soon as possible.

@duanmengkk
Copy link

Hi @dongjiang1989 :
Do you meet problems in 1.25? The risk for upgrade version is high, we need to think carefully.

In Kubernetes 1.24, scheduler framework PreFilter interface add return a PreFilterResult. so update major release version
kubernetes/kubernetes#108648

I mean do you deploy crane-scheduler in a 1.25 cluster and meet problem?

Thank you for your response. While it's reassuring to know that the specific vulnerable features are not currently being used in our product, I would like to highlight that the identified vulnerability has been flagged in our recent security assessment. Our security team has thoroughly reviewed the issue and determined that it poses a significant risk to the overall security of our product. That's why we would like to incorporate latest vulnerability free binary in our system as soon as possible.

What was the vulnerability that you discovered? I have reviewed the code you provided, but I didn't see any specific fixes for the identified vulnerability and security risk. Could you please provide more information? Do you mean there is some security risk in base image alpine:3.13.5?

@dongjiang1989
Copy link
Author

Hi @dongjiang1989 :
Do you meet problems in 1.25? The risk for upgrade version is high, we need to think carefully.

In Kubernetes 1.24, scheduler framework PreFilter interface add return a PreFilterResult. so update major release version
kubernetes/kubernetes#108648

I mean do you deploy crane-scheduler in a 1.25 cluster and meet problem?

Thank you for your response. While it's reassuring to know that the specific vulnerable features are not currently being used in our product, I would like to highlight that the identified vulnerability has been flagged in our recent security assessment. Our security team has thoroughly reviewed the issue and determined that it poses a significant risk to the overall security of our product. That's why we would like to incorporate latest vulnerability free binary in our system as soon as possible.

What was the vulnerability that you discovered? I have reviewed the code you provided, but I didn't see any specific fixes for the identified vulnerability and security risk. Could you please provide more information? Do you mean there is some security risk in base image alpine:3.13.5?

image
about base packages and base image

@taomaree
Copy link

taomaree commented Oct 10, 2023
edited
Loading

Hi @dongjiang1989 :
Do you meet problems in 1.25? The risk for upgrade version is high, we need to think carefully.

In Kubernetes 1.24, scheduler framework PreFilter interface add return a PreFilterResult. so update major release version
kubernetes/kubernetes#108648

I mean do you deploy crane-scheduler in a 1.25 cluster and meet problem?

deploy current verson crane-scheduler with k8s 1.27,1.28, running error:

pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167: Failed to watch *v1beta1.CSIStorageCapacity: failed to list *v1beta1.CSIStorageCapacity: the server could not find the requested resource

because since k8s 1.27 removed v1beta1.CSIStorageCapacity,and changed to v1.CSIStorageCapacity .
storage.k8s.io/v1 API since k8s 1.24.

this pr #43 version test works k8s 1.28.

https://kubernetes.io/blog/2023/03/17/upcoming-changes-in-kubernetes-v1-27/

so, we need a new version.
current version support k8s version 1.22 -1.26
this new pr version supprt k8s version >= 1.24

@taomaree taomaree mentioned this pull request Oct 15, 2023
Open
@qmhu
Copy link
Member

qmhu commented Oct 16, 2023

Hi @dongjiang1989 :
Do you meet problems in 1.25? The risk for upgrade version is high, we need to think carefully.

In Kubernetes 1.24, scheduler framework PreFilter interface add return a PreFilterResult. so update major release version
kubernetes/kubernetes#108648

I mean do you deploy crane-scheduler in a 1.25 cluster and meet problem?

deploy current verson crane-scheduler with k8s 1.27,1.28, running error:

pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167: Failed to watch *v1beta1.CSIStorageCapacity: failed to list *v1beta1.CSIStorageCapacity: the server could not find the requested resource

because since k8s 1.27 removed v1beta1.CSIStorageCapacity,and changed to v1.CSIStorageCapacity . storage.k8s.io/v1 API since k8s 1.24.

this pr #43 version test works k8s 1.28.

https://kubernetes.io/blog/2023/03/17/upcoming-changes-in-kubernetes-v1-27/

so, we need a new version. current version support k8s version 1.22 -1.26 this new pr version supprt k8s version >= 1.24

Is this version works in 1.18? We want to make sure the main code works for at lease 1.18 version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dongjiang1989 @qmhu @duanmengkk @taomaree