search

operator-framework / operator-sdk

SDK for building Kubernetes applications. Provides high level APIs, useful abstractions, and project scaffolding.
https://sdk.operatorframework.io
Apache License 2.0
7.1k stars 1.73k forks source link

Not able to run update and upgrade to fix CVEs #6772

Closed anujkaushal closed 3 weeks ago

anujkaushal commented 3 weeks ago

Bug Report

I am trying to fix CVE by running microdnf update and microdnf upgrade but it's throwing error.

What did you do?

Pulled the latest helm-operator image from the quay.io - helm-operator container repository. Inside the container i tried to update and upgrade packages but it didn't work and throws error mentioned below.

sh-4.4$ microdnf update
error: Failed to create: /var/cache/yum/metadata
sh-4.4$ microdnf upgrade
error: Failed to create: /var/cache/yum/metadata

What did you expect to see?

I want to helm-operator image to be able to run update and upgrade to fix CVEs.

What did you see instead? Under which circumstances?

While try to debug the problem i have tried to create that folder path manually from the error message. But it required root permission.

sh-4.4$ touch /var/cache/yum/metadata
touch: cannot touch '/var/cache/yum/metadata': No such file or directory
sh-4.4$ mkdir -p /var/cache/yum
mkdir: cannot create directory '/var/cache/yum': Permission denied

Also it seems sudo is not install.

sh-4.4$ sudo -i
sh: sudo: command not found
sh-4.4$ sudo mkdir -p /var/cache/yum
sh: sudo: command not found

Environment

Operator SDK v1.31.1 Operator K8s version: 1.28

Operator type: Helm Based Operator

/language helm

Kubernetes cluster type:

AWS EKS

$ operator-sdk version

operator-sdk version: "v1.34.1", commit: "edaed1e5057db0349568e0b02df3743051b54e68", kubernetes version: "v1.28.0", go version: "go1.21.7", GOOS: "darwin", GOARCH: "amd64"

$ kubectl version

Client Version: v1.28.4
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.9-eks-036c24b

Possible Solution

Additional context

acornett21 commented 3 weeks ago

Hi @anujkaushal you can't do this from a running container, you need to recreate your controller image by updating the docker file and regenerating. Something like the below:

FROM quay.io/operator-framework/helm-operator

USER root

RUN microdnf update && microdnf clean all

# anything else needed

I hope this helps.

anujkaushal commented 2 weeks ago

Thanks @acornett21