Open spowelljr opened 1 year ago
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
I assume this is complicated to resolve, are there anywhere to go read up on how to solve this issue?
It requires replacing the vulnerable elasticsearch image with an updated one and making sure the addon still works as intended. After that's completed we can unban the addon.
Hi, I know its a risk, however for local dev, Is there any work around, in favor of made possible enable the addon?
Hi @spowelljr
Any update on this?
Any updates?
I created a PR to update the elasticsearch
, kibana
, and alpine
images. I have no idea if the addon will continue to work with the updated images. You can test the PR once it's finished building and let me know if it's working as expected.
The pods are coming up which is promising
$ kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-787d4945fb-rfbgc 1/1 Running 0 2m45s
kube-system elasticsearch-logging-hnpz6 1/1 Running 0 118s
kube-system etcd-minikube 1/1 Running 0 2m58s
kube-system fluentd-es-xxsjv 1/1 Running 0 118s
kube-system kibana-logging-vl7s9 1/1 Running 0 118s
kube-system kube-apiserver-minikube 1/1 Running 0 3m
kube-system kube-controller-manager-minikube 1/1 Running 0 2m58s
kube-system kube-proxy-zvmp9 1/1 Running 0 2m45s
kube-system kube-scheduler-minikube 1/1 Running 0 2m58s
kube-system storage-provisioner 1/1 Running 1 (2m14s ago) 2m57s
Here's the macOS amd64 binary: https://storage.googleapis.com/minikube-builds/16343/minikube-darwin-amd64 Linux amd64 binary: https://storage.googleapis.com/minikube-builds/16343/minikube-linux-amd64
If someone could test it and let me know if it works as expected. If someone needs a different binary just let me know
Here's the macOS amd64 binary: https://storage.googleapis.com/minikube-builds/16343/minikube-darwin-amd64 Linux amd64 binary: https://storage.googleapis.com/minikube-builds/16343/minikube-linux-amd64
If someone could test it and let me know if it works as expected. If someone needs a different binary just let me know
Hello, I've tested it. And confirm it's works fine. Thank You.
Hi @Sikamator, just confirming that the addon is working as expected as well? ie. It's aggregating logs as expected, not just that the addon started
@spowelljr, your PR review failed, and as a result, wasn't merged
still can't enable any updates ?
The
efk
addon contains the imagek8s.gcr.io/elasticsearch:v5.6.2@sha256:7e95b32a7a2aad0c0db5c881e4a1ce8b7e53236144ae9d9cfb5fbe5608af4ab2
This image contains Log4j CVEs
If you are using the addon we recommend you run
minikube addons disable efk
to terminate the vulnerable pod. If you are not using theefk
addon you are not vulnerable.