From 9b23c74d8a5251613a01947e52780b5fe96b2d0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Bojanowski?= Date: Mon, 5 Aug 2024 08:58:40 +0200 Subject: [PATCH] bump default coredns image to v1.11.3 (because previous ones had CVEs) --- pkg/coredns/coredns.go | 2 +- test/e2e/coredns/coredns.go | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/pkg/coredns/coredns.go b/pkg/coredns/coredns.go index 7f62408f2..22d8a3fcd 100644 --- a/pkg/coredns/coredns.go +++ b/pkg/coredns/coredns.go @@ -16,7 +16,7 @@ import ( ) const ( - DefaultImage = "coredns/coredns:1.11.1" + DefaultImage = "coredns/coredns:1.11.3" ManifestRelativePath = "coredns/coredns.yaml" ManifestsOutputFolder = "/tmp/manifests-to-apply" VarImage = "IMAGE" diff --git a/test/e2e/coredns/coredns.go b/test/e2e/coredns/coredns.go index 425a01c29..6e714997f 100644 --- a/test/e2e/coredns/coredns.go +++ b/test/e2e/coredns/coredns.go @@ -3,6 +3,7 @@ package coredns import ( "fmt" + "github.com/loft-sh/vcluster/pkg/coredns" "github.com/loft-sh/vcluster/pkg/util/podhelper" "github.com/loft-sh/vcluster/pkg/util/random" "github.com/loft-sh/vcluster/test/framework" @@ -74,4 +75,14 @@ var _ = ginkgo.Describe("CoreDNS resolves host names correctly", func() { framework.ExpectEqual(string(stdoutBuffer), "ok") } }) + ginkgo.It("Test coredns uses pinned image version", func() { + coreDNSName, coreDNSNamespace := "coredns", "kube-system" + coreDNSDeployment, err := f.VClusterClient.AppsV1().Deployments(coreDNSNamespace).Get(f.Context, coreDNSName, metav1.GetOptions{}) + framework.ExpectNoError(err) + framework.ExpectEqual(len(coreDNSDeployment.Spec.Template.Spec.Containers), 1) + framework.ExpectEqual(coreDNSDeployment.Spec.Template.Spec.Containers[0].Image, coredns.DefaultImage) + // these are images with known security vulnerabilities. + framework.ExpectNotEqual(coreDNSDeployment.Spec.Template.Spec.Containers[0].Image, "1.11.1") + framework.ExpectNotEqual(coreDNSDeployment.Spec.Template.Spec.Containers[0].Image, "1.11.0") + }) })