1.14 - CVE bitnami/kubernetes and Go bump (#9695)

* bump bitnami/kubectl, cloud-builders * changelog
kgateway-dev · Jun 28, 2024 · 443933d · 443933d
1 parent 4868365
commit 443933d
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 10 deletions.
diff --git a/changelog/v1.14.31/cve-24790.yaml b/changelog/v1.14.31/cve-24790.yaml
@@ -0,0 +1,11 @@
+changelog:
+  - type: DEPENDENCY_BUMP
+    dependencyOwner: bitnami
+    dependencyRepo: kubectl
+    dependencyTag: 1.27.15
+    issueLink: https://github.com/solo-io/gloo/issues/9671
+    description: Upgrade image used to build kubectl to pick up CVE fixes
+  - type: DEPENDENCY_BUMP
+    dependencyOwner: solo-io
+    dependencyRepo: cloud-builders
+    dependencyTag: v0.7.7
diff --git a/ci/cloudbuild/publish-artifacts.yaml b/ci/cloudbuild/publish-artifacts.yaml
@@ -1,6 +1,6 @@
 steps:
 
-- name: 'gcr.io/$PROJECT_ID/prepare-go-workspace:0.7.6'
+- name: 'gcr.io/$PROJECT_ID/prepare-go-workspace:0.7.7'
   id: 'prepare-workspace'
   args:
   - '--repo-name'
@@ -44,7 +44,7 @@ steps:
   - 'us-central1-a'
 
 # Run make targets to push docker images to quay.io
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.7.6'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.7.7'
   id: 'docker-push-extended'
   args:
   - 'docker-push-extended'
@@ -65,7 +65,7 @@ steps:
   waitFor:
   - 'docker-push-extended'
 
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.7.6'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.7.7'
   id: 'release-chart'
   dir: *dir
   args:
@@ -82,7 +82,7 @@ steps:
   - 'gcr-auth'
 
 # Run make targets to retag and push docker images to GCR
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.7.6'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.7.7'
   id: 'docker-push-extended-gcr'
   dir: *dir
   args:

diff --git a/ci/cloudbuild/run-tests.yaml b/ci/cloudbuild/run-tests.yaml
@@ -1,6 +1,6 @@
 steps:
 
-- name: 'gcr.io/$PROJECT_ID/prepare-go-workspace:0.7.1'
+- name: 'gcr.io/$PROJECT_ID/prepare-go-workspace:0.7.7'
   id: 'prepare-workspace'
   args:
   - '--repo-name'
@@ -23,7 +23,7 @@ steps:
     cd /go/pkg
     gsutil cat gs://$PROJECT_ID-cache/gloo/gloo-mod.tar.gz | tar -xzf - || echo "untar mod cache failed; continuing because we can download deps as we need them"
 
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.7.1'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.7.7'
   id: 'prepare-envoy'
   dir: *dir
   entrypoint: 'bash'
@@ -68,7 +68,7 @@ steps:
   waitFor:
   - 'prepare-gcr-zone'
 
-- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.7.1'
+- name: 'gcr.io/$PROJECT_ID/go-mod-make:0.7.7'
   id: 'prepare-test-tools'
   dir: *dir
   args:
@@ -79,7 +79,7 @@ steps:
   - 'prepare-gcr-zone'
   - 'prepare-test-credentials'
 
-- name: 'gcr.io/$PROJECT_ID/e2e-go-mod-ginkgo:0.7.1'
+- name: 'gcr.io/$PROJECT_ID/e2e-go-mod-ginkgo:0.7.7'
   id: 'run-tests'
   dir: *dir
   entrypoint: 'make'
@@ -90,7 +90,7 @@ steps:
   secretEnv:
   - 'JWT_PRIVATE_KEY'
 
-- name: 'gcr.io/$PROJECT_ID/e2e-go-mod-ginkgo:0.7.1'
+- name: 'gcr.io/$PROJECT_ID/e2e-go-mod-ginkgo:0.7.7'
   id: 'run-e2e-tests'
   dir: *dir
   entrypoint: 'make'

diff --git a/jobs/kubectl/Dockerfile b/jobs/kubectl/Dockerfile
@@ -1,4 +1,4 @@
-FROM bitnami/kubectl:1.27.13 as kubectl
+FROM bitnami/kubectl:1.27.15 as kubectl
 
 FROM alpine:3.17.6