Set containerd version to 1.2.10 #81
Conversation
Found issue with containerd 1.3.0:containerd/containerd#3761 we can look for version upgrade when issue solved. containerd v1.2.10 has fixed CVE-2019-16884 and don't have issue above. Signed-off-by: Hui Luo <[email protected]>
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: figo The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
approved
k8s-ci-robot
added
the
do-not-merge/hold
|
Also, 1.3.0 has the runc patch for CVE-2019-16884 containerd/containerd@95dbbdc I really don't want to regress other things because Artifactory is broken. |
@dims i appreciate the finding, just went through both Docker Registry spec and OAuth spec, what's not clear to me is: whether JFrog agree on Containerd's interpretation of specifications (scope field is optional at OAuth spec), need to wait for their triage of the issue. Put that aside, i am fully support of fixes brought in by Containerd 1.3.0, |
|
@figo the problems enumerated in #77 is way more severe than breaking a very very limited number of users. Liveness/Readiness failing sporadically is not an easy/fun thing to diagnose. If folks REALLY want to use jfrog with private auth, they can build the images themselves. I would not advise breaking everyone else at the cost of very few folks. |
|
cc @andreikom |
|
no movement on this one for a couple of weeks now... @figo, okay to close? |
|
This one looks good to me, although it's a tad old. Can we update it to https://github.com/containerd/containerd/releases/tag/v1.3.1? Thoughts @figo @codenrhoden |
|
update, i talked to @estesp (containerd) and artifactory folks (jfrog) while at kubecon, fix for https://www.jfrog.com/jira/browse/RTFACT-20170 is in progress and very imminent. code will not be changed in containerd to tolerate just artifactory (we need to stick to spec!). |
We've been experiencing a potentially related issue with pulling from private registries (non jfrog), wondering if this could be related. |
Hi @dennisme could you write up a new issue for the problem you may facing, base on @dims said above, we are expecting to see an artifactory (jfrog) change soon, i am tended to close this issue. Thanks |
|
@figo you okay with closing this now? |
|
/close |
|
@figo: Closed this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@dims and others; just FYI: containerd/containerd#3556 (comment) (summary: JFrog Artifactory fix releases is now available for this issue) |
|
Excellent news. thanks @estesp |
6 participants
Found issue with containerd 1.3.0:containerd/containerd#3761
we can look for version upgrade when issue solved.
containerd v1.2.10 has fixed CVE-2019-16884 and don't have issue above.
Signed-off-by: Hui Luo [email protected]
cc @dims @jiatongw @codenrhoden @frapposelli