kubernetes: CVE-2020-8555

Backport the CVE patch from the upstream: https://github.com/kubernetes/kubernetes.git Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
author: Zhixiong Chi <zhixiong.chi@windriver.com> 2020-06-15 00:43:08 -0700
committer: Bruce Ashfield <bruce.ashfield@gmail.com> 2020-06-22 09:36:11 -0400
commit: 514ce5f6b240600f06b9956737be1e33900bacac (patch)
tree: 405e36858ad2e2b0f7c0b9f0d465ddc96bf0ab25
parent: 1a8a7996a1130d35501c0e0e62a364dcb013ffe7 (diff)
download: meta-virtualization-514ce5f6b240600f06b9956737be1e33900bacac.tar.gz
2 files changed, 325 insertions, 0 deletions
diff --git a/recipes-containers/kubernetes/kubernetes/CVE-2020-8555.patch b/recipes-containers/kubernetes/kubernetes/CVE-2020-8555.patch
new file mode 100644
index 00000000..c6f8e24c
--- /dev/null
+++ b/recipes-containers/kubernetes/kubernetes/CVE-2020-8555.patch
@@ -0,0 +1,324 @@
+From 830811b331c47b9b03c60f9156cea02698fa9e20 Mon Sep 17 00:00:00 2001
+From: Michelle Au <msau@google.com>
+Date: Thu, 2 Apr 2020 13:47:56 -0700
+Subject: [PATCH] Clean up event messages for errors.
+Change-Id: Ib70b50e676b917c4d976f32ee7a19f8fc63b6bc6
+CVE: CVE-2020-8555
+Upstream-Status: Backport [https://github.com/kubernetes/kubernetes.git branch: release-1.16]
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ src/import/pkg/volume/glusterfs/glusterfs.go      | 30 +++++++----
+ src/import/pkg/volume/quobyte/quobyte.go          | 13 ++++-
+ src/import/pkg/volume/scaleio/sio_client.go       | 71 ++++++++++++++++++--------
+ src/import/pkg/volume/storageos/storageos_util.go | 12 +++--
+ 4 files changed, 91 insertions(+), 35 deletions(-)
+diff --git a/src/import/pkg/volume/glusterfs/glusterfs.go b/src/import/pkg/volume/glusterfs/glusterfs.go
+index 52ff8cb1328..dd543c4625b 100644
+--- a/src/import/pkg/volume/glusterfs/glusterfs.go
+++ b/src/import/pkg/volume/glusterfs/glusterfs.go
+@@ -672,8 +672,9 @@ func (d *glusterfsVolumeDeleter) Delete() error {
+        err = cli.VolumeDelete(volumeID)
+        if err != nil {
+                if dstrings.TrimSpace(err.Error()) != errIDNotFound {
+-                       klog.Errorf("failed to delete volume %s: %v", volumeName, err)
+-                       return fmt.Errorf("failed to delete volume %s: %v", volumeName, err)
+                       // don't log error details from client calls in events
+                       klog.V(4).Infof("failed to delete volume %s: %v", volumeName, err)
+                       return fmt.Errorf("failed to delete volume: see kube-controller-manager.log for details")
+                }
+                klog.V(2).Infof("volume %s not present in heketi, ignoring", volumeName)
+        }
+@@ -818,7 +819,9 @@ func (p *glusterfsVolumeProvisioner) CreateVolume(gid int) (r *v1.GlusterfsPersi
+        volumeReq := &gapi.VolumeCreateRequest{Size: sz, Name: customVolumeName, Clusters: clusterIDs, Gid: gid64, Durability: p.volumeType, GlusterVolumeOptions: p.volumeOptions, Snapshot: snaps}
+        volume, err := cli.VolumeCreate(volumeReq)
+        if err != nil {
+-               return nil, 0, "", fmt.Errorf("failed to create volume: %v", err)
+               // don't log error details from client calls in events
+               klog.V(4).Infof("failed to create volume: %v", err)
+               return nil, 0, "", fmt.Errorf("failed to create volume: see kube-controller-manager.log for details")
+        }
+        klog.V(1).Infof("volume with size %d and name %s created", volume.Size, volume.Name)
+        volID = volume.Id
+@@ -839,7 +842,8 @@ func (p *glusterfsVolumeProvisioner) CreateVolume(gid int) (r *v1.GlusterfsPersi
+        if err != nil {
+                deleteErr := cli.VolumeDelete(volume.Id)
+                if deleteErr != nil {
+-                       klog.Errorf("failed to delete volume: %v, manual deletion of the volume required", deleteErr)
+                       // don't log error details from client calls in events
+                       klog.V(4).Infof("failed to delete volume: %v, manual deletion of the volume required", deleteErr)
+                }
+                klog.V(3).Infof("failed to update endpoint, deleting %s", endpoint)
+                err = kubeClient.CoreV1().Services(epNamespace).Delete(epServiceName, nil)
+@@ -957,7 +961,9 @@ func parseSecret(namespace, secretName string, kubeClient clientset.Interface) (
+ func getClusterNodes(cli *gcli.Client, cluster string) (dynamicHostIps []string, err error) {
+        clusterinfo, err := cli.ClusterInfo(cluster)
+        if err != nil {
+-               return nil, fmt.Errorf("failed to get cluster details: %v", err)
+               // don't log error details from client calls in events
+               klog.V(4).Infof("failed to get cluster details: %v", err)
+               return nil, fmt.Errorf("failed to get cluster details: see kube-controller-manager.log for details")
+        }
+ 
+        // For the dynamically provisioned volume, we gather the list of node IPs
+@@ -966,7 +972,9 @@ func getClusterNodes(cli *gcli.Client, cluster string) (dynamicHostIps []string,
+        for _, node := range clusterinfo.Nodes {
+                nodeInfo, err := cli.NodeInfo(string(node))
+                if err != nil {
+-                       return nil, fmt.Errorf("failed to get host ipaddress: %v", err)
+                       // don't log error details from client calls in events
+                       klog.V(4).Infof("failed to get host ipaddress: %v", err)
+                       return nil, fmt.Errorf("failed to get host ipaddress: see kube-controller-manager.log for details")
+                }
+                ipaddr := dstrings.Join(nodeInfo.NodeAddRequest.Hostnames.Storage, "")
+                dynamicHostIps = append(dynamicHostIps, ipaddr)
+@@ -1210,8 +1218,9 @@ func (plugin *glusterfsPlugin) ExpandVolumeDevice(spec *volume.Spec, newSize res
+        //Check the existing volume size
+        currentVolumeInfo, err := cli.VolumeInfo(volumeID)
+        if err != nil {
+-               klog.Errorf("error when fetching details of volume %s: %v", volumeName, err)
+-               return oldSize, err
+               // don't log error details from client calls in events
+               klog.V(4).Infof("error when fetching details of volume %s: %v", volumeName, err)
+               return oldSize, fmt.Errorf("failed to get volume info %s: see kube-controller-manager.log for details", volumeName)
+        }
+        if int64(currentVolumeInfo.Size) >= requestGiB {
+                return newSize, nil
+@@ -1223,8 +1232,9 @@ func (plugin *glusterfsPlugin) ExpandVolumeDevice(spec *volume.Spec, newSize res
+        // Expand the volume
+        volumeInfoRes, err := cli.VolumeExpand(volumeID, volumeExpandReq)
+        if err != nil {
+-               klog.Errorf("failed to expand volume %s: %v", volumeName, err)
+-               return oldSize, err
+               // don't log error details from client calls in events
+               klog.V(4).Infof("failed to expand volume %s: %v", volumeName, err)
+               return oldSize, fmt.Errorf("failed to expand volume: see kube-controller-manager.log for details")
+        }
+        klog.V(2).Infof("volume %s expanded to new size %d successfully", volumeName, volumeInfoRes.Size)
+        newVolumeSize := resource.MustParse(fmt.Sprintf("%dGi", volumeInfoRes.Size))
+diff --git a/src/import/pkg/volume/quobyte/quobyte.go b/src/import/pkg/volume/quobyte/quobyte.go
+index 3cfc7a800ec..f7e0e31e63b 100644
+--- a/src/import/pkg/volume/quobyte/quobyte.go
+++ b/src/import/pkg/volume/quobyte/quobyte.go
+@@ -17,6 +17,7 @@ limitations under the License.
+ package quobyte
+ 
+ import (
+       "errors"
+        "fmt"
+        "os"
+        "path/filepath"
+@@ -416,7 +417,9 @@ func (provisioner *quobyteVolumeProvisioner) Provision(selectedNode *v1.Node, al
+ 
+        vol, sizeGB, err := manager.createVolume(provisioner, createQuota)
+        if err != nil {
+-               return nil, err
+               // don't log error details from client calls in events
+               klog.V(4).Infof("CreateVolume failed: %v", err)
+               return nil, errors.New("CreateVolume failed: see kube-controller-manager.log for details")
+        }
+        pv := new(v1.PersistentVolume)
+        metav1.SetMetaDataAnnotation(&pv.ObjectMeta, util.VolumeDynamicallyCreatedByKey, "quobyte-dynamic-provisioner")
+@@ -451,7 +454,13 @@ func (deleter *quobyteVolumeDeleter) Delete() error {
+        manager := &quobyteVolumeManager{
+                config: cfg,
+        }
+-       return manager.deleteVolume(deleter)
+       err = manager.deleteVolume(deleter)
+       if err != nil {
+               // don't log error details from client calls in events
+               klog.V(4).Infof("DeleteVolume failed: %v", err)
+               return errors.New("DeleteVolume failed: see kube-controller-manager.log for details")
+       }
+       return nil
+ }
+ 
+ // Parse API configuration (url, username and password) out of class.Parameters.
+diff --git a/src/import/pkg/volume/scaleio/sio_client.go b/src/import/pkg/volume/scaleio/sio_client.go
+index bc9b9868f7b..2f8c652dd8b 100644
+--- a/src/import/pkg/volume/scaleio/sio_client.go
+++ b/src/import/pkg/volume/scaleio/sio_client.go
+@@ -126,8 +126,9 @@ func (c *sioClient) init() error {
+                        Username: c.username,
+                        Password: c.password},
+        ); err != nil {
+-               klog.Error(log("client authentication failed: %v", err))
+-               return err
+               // don't log error details from client calls in events
+               klog.V(4).Infof(log("client authentication failed: %v", err))
+               return errors.New("client authentication failed")
+        }
+ 
+        // retrieve system
+@@ -214,8 +215,9 @@ func (c *sioClient) CreateVolume(name string, sizeGB int64) (*siotypes.Volume, e
+        }
+        createResponse, err := c.client.CreateVolume(params, c.storagePool.Name)
+        if err != nil {
+-               klog.Error(log("failed to create volume %s: %v", name, err))
+-               return nil, err
+               // don't log error details from client calls in events
+               klog.V(4).Infof(log("failed to create volume %s: %v", name, err))
+               return nil, errors.New("failed to create volume: see kubernetes logs for details")
+        }
+        return c.Volume(sioVolumeID(createResponse.ID))
+ }
+@@ -243,8 +245,9 @@ func (c *sioClient) AttachVolume(id sioVolumeID, multipleMappings bool) error {
+        volClient.Volume = &siotypes.Volume{ID: string(id)}
+ 
+        if err := volClient.MapVolumeSdc(params); err != nil {
+-               klog.Error(log("failed to attach volume id %s: %v", id, err))
+-               return err
+               // don't log error details from client calls in events
+               klog.V(4).Infof(log("failed to attach volume id %s: %v", id, err))
+               return errors.New("failed to attach volume: see kubernetes logs for details")
+        }
+ 
+        klog.V(4).Info(log("volume %s attached successfully", id))
+@@ -269,7 +272,9 @@ func (c *sioClient) DetachVolume(id sioVolumeID) error {
+        volClient := sio.NewVolume(c.client)
+        volClient.Volume = &siotypes.Volume{ID: string(id)}
+        if err := volClient.UnmapVolumeSdc(params); err != nil {
+-               return err
+               // don't log error details from client calls in events
+               klog.V(4).Infof(log("failed to detach volume id %s: %v", id, err))
+               return errors.New("failed to detach volume: see kubernetes logs for details")
+        }
+        return nil
+ }
+@@ -287,7 +292,9 @@ func (c *sioClient) DeleteVolume(id sioVolumeID) error {
+        volClient := sio.NewVolume(c.client)
+        volClient.Volume = vol
+        if err := volClient.RemoveVolume("ONLY_ME"); err != nil {
+-               return err
+               // don't log error details from client calls in events
+               klog.V(4).Infof(log("failed to remove volume id %s: %v", id, err))
+               return errors.New("failed to remove volume: see kubernetes logs for details")
+        }
+        return nil
+ }
+@@ -306,8 +313,9 @@ func (c *sioClient) IID() (string, error) {
+                }
+                sdc, err := c.sysClient.FindSdc("SdcGUID", guid)
+                if err != nil {
+-                       klog.Error(log("failed to retrieve sdc info %s", err))
+-                       return "", err
+                       // don't log error details from client calls in events
+                       klog.V(4).Infof(log("failed to retrieve sdc info %s", err))
+                       return "", errors.New("failed to retrieve sdc info: see kubernetes logs for details")
+                }
+                c.instanceID = sdc.Sdc.ID
+                klog.V(4).Info(log("retrieved instanceID %s", c.instanceID))
+@@ -472,12 +480,15 @@ func (c *sioClient) WaitForDetachedDevice(token string) error {
+ // ***********************************************************************
+ func (c *sioClient) findSystem(sysname string) (sys *siotypes.System, err error) {
+        if c.sysClient, err = c.client.FindSystem("", sysname, ""); err != nil {
+-               return nil, err
+               // don't log error details from clients in events
+               klog.V(4).Infof(log("failed to find system %q: %v", sysname, err))
+               return nil, errors.New("failed to find system: see kubernetes logs for details")
+        }
+        systems, err := c.client.GetInstance("")
+        if err != nil {
+-               klog.Error(log("failed to retrieve instances: %v", err))
+-               return nil, err
+               // don't log error details from clients in events
+               klog.V(4).Infof(log("failed to retrieve instances: %v", err))
+               return nil, errors.New("failed to retrieve instances: see kubernetes logs for details")
+        }
+        for _, sys = range systems {
+                if sys.Name == sysname {
+@@ -493,8 +504,9 @@ func (c *sioClient) findProtectionDomain(pdname string) (*siotypes.ProtectionDom
+        if c.sysClient != nil {
+                protectionDomain, err := c.sysClient.FindProtectionDomain("", pdname, "")
+                if err != nil {
+-                       klog.Error(log("failed to retrieve protection domains: %v", err))
+-                       return nil, err
+                       // don't log error details from clients in events
+                       klog.V(4).Infof(log("failed to retrieve protection domains: %v", err))
+                       return nil, errors.New("failed to retrieve protection domains: see kubernetes logs for details")
+                }
+                c.pdClient.ProtectionDomain = protectionDomain
+                return protectionDomain, nil
+@@ -508,8 +520,9 @@ func (c *sioClient) findStoragePool(spname string) (*siotypes.StoragePool, error
+        if c.pdClient != nil {
+                sp, err := c.pdClient.FindStoragePool("", spname, "")
+                if err != nil {
+-                       klog.Error(log("failed to retrieve storage pool: %v", err))
+-                       return nil, err
+                       // don't log error details from clients in events
+                       klog.V(4).Infof(log("failed to retrieve storage pool: %v", err))
+                       return nil, errors.New("failed to retrieve storage pool: see kubernetes logs for details")
+                }
+                c.spClient.StoragePool = sp
+                return sp, nil
+@@ -519,14 +532,32 @@ func (c *sioClient) findStoragePool(spname string) (*siotypes.StoragePool, error
+ }
+ 
+ func (c *sioClient) getVolumes() ([]*siotypes.Volume, error) {
+-       return c.client.GetVolume("", "", "", "", true)
+       volumes, err := c.client.GetVolume("", "", "", "", true)
+       if err != nil {
+               // don't log error details from clients in events
+               klog.V(4).Infof(log("failed to get volumes: %v", err))
+               return nil, errors.New("failed to get volumes: see kubernetes logs for details")
+       }
+       return volumes, nil
+ }
+ func (c *sioClient) getVolumesByID(id sioVolumeID) ([]*siotypes.Volume, error) {
+-       return c.client.GetVolume("", string(id), "", "", true)
+       volumes, err := c.client.GetVolume("", string(id), "", "", true)
+       if err != nil {
+               // don't log error details from clients in events
+               klog.V(4).Infof(log("failed to get volumes by id: %v", err))
+               return nil, errors.New("failed to get volumes by id: see kubernetes logs for details")
+       }
+       return volumes, nil
+ }
+ 
+ func (c *sioClient) getVolumesByName(name string) ([]*siotypes.Volume, error) {
+-       return c.client.GetVolume("", "", "", name, true)
+       volumes, err := c.client.GetVolume("", "", "", name, true)
+       if err != nil {
+               // don't log error details from clients in events
+               klog.V(4).Infof(log("failed to get volumes by name: %v", err))
+               return nil, errors.New("failed to get volumes by name: see kubernetes logs for details")
+       }
+       return volumes, nil
+ }
+ 
+ func (c *sioClient) getSdcPath() string {
+diff --git a/src/import/pkg/volume/storageos/storageos_util.go b/src/import/pkg/volume/storageos/storageos_util.go
+index c7f430ea5d4..d62cae66788 100644
+--- a/src/import/pkg/volume/storageos/storageos_util.go
+++ b/src/import/pkg/volume/storageos/storageos_util.go
+@@ -128,8 +128,9 @@ func (u *storageosUtil) CreateVolume(p *storageosProvisioner) (*storageosVolume,
+ 
+        vol, err := u.api.VolumeCreate(opts)
+        if err != nil {
+-               klog.Errorf("volume create failed for volume %q (%v)", opts.Name, err)
+-               return nil, err
+               // don't log error details from client calls in events
+               klog.V(4).Infof("volume create failed for volume %q (%v)", opts.Name, err)
+               return nil, errors.New("volume create failed: see kube-controller-manager.log for details")
+        }
+        return &storageosVolume{
+                ID:          vol.ID,
+@@ -294,7 +295,12 @@ func (u *storageosUtil) DeleteVolume(d *storageosDeleter) error {
+                Namespace: d.volNamespace,
+                Force:     true,
+        }
+-       return u.api.VolumeDelete(opts)
+       if err := u.api.VolumeDelete(opts); err != nil {
+               // don't log error details from client calls in events
+               klog.V(4).Infof("volume deleted failed for volume %q in namespace %q: %v", d.volName, d.volNamespace, err)
+               return errors.New("volume delete failed: see kube-controller-manager.log for details")
+       }
+       return nil
+ }
+ 
+ // Get the node's device path from the API, falling back to the default if not
+-- 
+2.17.0
diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index c378ccc5..e96b7d6d 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.16;name=k
           file://0001-fix-compiling-failure-execvp-bin-bash-Argument-list-.patch \
           file://CVE-2020-8551.patch \
           file://CVE-2020-8552.patch \
+           file://CVE-2020-8555.patch \
          "
 DEPENDS += "rsync-native \
author	Zhixiong Chi <zhixiong.chi@windriver.com>	2020-06-15 00:43:08 -0700
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2020-06-22 09:36:11 -0400
commit	514ce5f6b240600f06b9956737be1e33900bacac (patch)
tree	405e36858ad2e2b0f7c0b9f0d465ddc96bf0ab25
parent	1a8a7996a1130d35501c0e0e62a364dcb013ffe7 (diff)
download	meta-virtualization-514ce5f6b240600f06b9956737be1e33900bacac.tar.gz

diff --git a/recipes-containers/kubernetes/kubernetes/CVE-2020-8555.patch b/recipes-containers/kubernetes/kubernetes/CVE-2020-8555.patch new file mode 100644 index 00000000..c6f8e24c --- /dev/null +++ b/recipes-containers/kubernetes/kubernetes/CVE-2020-8555.patch
@@ -0,0 +1,324 @@
		1	From 830811b331c47b9b03c60f9156cea02698fa9e20 Mon Sep 17 00:00:00 2001
		2	From: Michelle Au <msau@google.com>
		3	Date: Thu, 2 Apr 2020 13:47:56 -0700
		4	Subject: [PATCH] Clean up event messages for errors.
		5
		6	Change-Id: Ib70b50e676b917c4d976f32ee7a19f8fc63b6bc6
		7
		8	CVE: CVE-2020-8555
		9	Upstream-Status: Backport [https://github.com/kubernetes/kubernetes.git branch: release-1.16]
		10	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		11	---
		12	src/import/pkg/volume/glusterfs/glusterfs.go \| 30 +++++++----
		13	src/import/pkg/volume/quobyte/quobyte.go \| 13 ++++-
		14	src/import/pkg/volume/scaleio/sio_client.go \| 71 ++++++++++++++++++--------
		15	src/import/pkg/volume/storageos/storageos_util.go \| 12 +++--
		16	4 files changed, 91 insertions(+), 35 deletions(-)
		17
		18	diff --git a/src/import/pkg/volume/glusterfs/glusterfs.go b/src/import/pkg/volume/glusterfs/glusterfs.go
		19	index 52ff8cb1328..dd543c4625b 100644
		20	--- a/src/import/pkg/volume/glusterfs/glusterfs.go
		21	+++ b/src/import/pkg/volume/glusterfs/glusterfs.go
		22	@@ -672,8 +672,9 @@ func (d *glusterfsVolumeDeleter) Delete() error {
		23	err = cli.VolumeDelete(volumeID)
		24	if err != nil {
		25	if dstrings.TrimSpace(err.Error()) != errIDNotFound {
		26	- klog.Errorf("failed to delete volume %s: %v", volumeName, err)
		27	- return fmt.Errorf("failed to delete volume %s: %v", volumeName, err)
		28	+ // don't log error details from client calls in events
		29	+ klog.V(4).Infof("failed to delete volume %s: %v", volumeName, err)
		30	+ return fmt.Errorf("failed to delete volume: see kube-controller-manager.log for details")
		31	}
		32	klog.V(2).Infof("volume %s not present in heketi, ignoring", volumeName)
		33	}
		34	@@ -818,7 +819,9 @@ func (p glusterfsVolumeProvisioner) CreateVolume(gid int) (r v1.GlusterfsPersi
		35	volumeReq := &gapi.VolumeCreateRequest{Size: sz, Name: customVolumeName, Clusters: clusterIDs, Gid: gid64, Durability: p.volumeType, GlusterVolumeOptions: p.volumeOptions, Snapshot: snaps}
		36	volume, err := cli.VolumeCreate(volumeReq)
		37	if err != nil {
		38	- return nil, 0, "", fmt.Errorf("failed to create volume: %v", err)
		39	+ // don't log error details from client calls in events
		40	+ klog.V(4).Infof("failed to create volume: %v", err)
		41	+ return nil, 0, "", fmt.Errorf("failed to create volume: see kube-controller-manager.log for details")
		42	}
		43	klog.V(1).Infof("volume with size %d and name %s created", volume.Size, volume.Name)
		44	volID = volume.Id
		45	@@ -839,7 +842,8 @@ func (p glusterfsVolumeProvisioner) CreateVolume(gid int) (r v1.GlusterfsPersi
		46	if err != nil {
		47	deleteErr := cli.VolumeDelete(volume.Id)
		48	if deleteErr != nil {
		49	- klog.Errorf("failed to delete volume: %v, manual deletion of the volume required", deleteErr)
		50	+ // don't log error details from client calls in events
		51	+ klog.V(4).Infof("failed to delete volume: %v, manual deletion of the volume required", deleteErr)
		52	}
		53	klog.V(3).Infof("failed to update endpoint, deleting %s", endpoint)
		54	err = kubeClient.CoreV1().Services(epNamespace).Delete(epServiceName, nil)
		55	@@ -957,7 +961,9 @@ func parseSecret(namespace, secretName string, kubeClient clientset.Interface) (
		56	func getClusterNodes(cli *gcli.Client, cluster string) (dynamicHostIps []string, err error) {
		57	clusterinfo, err := cli.ClusterInfo(cluster)
		58	if err != nil {
		59	- return nil, fmt.Errorf("failed to get cluster details: %v", err)
		60	+ // don't log error details from client calls in events
		61	+ klog.V(4).Infof("failed to get cluster details: %v", err)
		62	+ return nil, fmt.Errorf("failed to get cluster details: see kube-controller-manager.log for details")
		63	}
		64
		65	// For the dynamically provisioned volume, we gather the list of node IPs
		66	@@ -966,7 +972,9 @@ func getClusterNodes(cli *gcli.Client, cluster string) (dynamicHostIps []string,
		67	for _, node := range clusterinfo.Nodes {
		68	nodeInfo, err := cli.NodeInfo(string(node))
		69	if err != nil {
		70	- return nil, fmt.Errorf("failed to get host ipaddress: %v", err)
		71	+ // don't log error details from client calls in events
		72	+ klog.V(4).Infof("failed to get host ipaddress: %v", err)
		73	+ return nil, fmt.Errorf("failed to get host ipaddress: see kube-controller-manager.log for details")
		74	}
		75	ipaddr := dstrings.Join(nodeInfo.NodeAddRequest.Hostnames.Storage, "")
		76	dynamicHostIps = append(dynamicHostIps, ipaddr)
		77	@@ -1210,8 +1218,9 @@ func (plugin glusterfsPlugin) ExpandVolumeDevice(spec volume.Spec, newSize res
		78	//Check the existing volume size
		79	currentVolumeInfo, err := cli.VolumeInfo(volumeID)
		80	if err != nil {
		81	- klog.Errorf("error when fetching details of volume %s: %v", volumeName, err)
		82	- return oldSize, err
		83	+ // don't log error details from client calls in events
		84	+ klog.V(4).Infof("error when fetching details of volume %s: %v", volumeName, err)
		85	+ return oldSize, fmt.Errorf("failed to get volume info %s: see kube-controller-manager.log for details", volumeName)
		86	}
		87	if int64(currentVolumeInfo.Size) >= requestGiB {
		88	return newSize, nil
		89	@@ -1223,8 +1232,9 @@ func (plugin glusterfsPlugin) ExpandVolumeDevice(spec volume.Spec, newSize res
		90	// Expand the volume
		91	volumeInfoRes, err := cli.VolumeExpand(volumeID, volumeExpandReq)
		92	if err != nil {
		93	- klog.Errorf("failed to expand volume %s: %v", volumeName, err)
		94	- return oldSize, err
		95	+ // don't log error details from client calls in events
		96	+ klog.V(4).Infof("failed to expand volume %s: %v", volumeName, err)
		97	+ return oldSize, fmt.Errorf("failed to expand volume: see kube-controller-manager.log for details")
		98	}
		99	klog.V(2).Infof("volume %s expanded to new size %d successfully", volumeName, volumeInfoRes.Size)
		100	newVolumeSize := resource.MustParse(fmt.Sprintf("%dGi", volumeInfoRes.Size))
		101	diff --git a/src/import/pkg/volume/quobyte/quobyte.go b/src/import/pkg/volume/quobyte/quobyte.go
		102	index 3cfc7a800ec..f7e0e31e63b 100644
		103	--- a/src/import/pkg/volume/quobyte/quobyte.go
		104	+++ b/src/import/pkg/volume/quobyte/quobyte.go
		105	@@ -17,6 +17,7 @@ limitations under the License.
		106	package quobyte
		107
		108	import (
		109	+ "errors"
		110	"fmt"
		111	"os"
		112	"path/filepath"
		113	@@ -416,7 +417,9 @@ func (provisioner quobyteVolumeProvisioner) Provision(selectedNode v1.Node, al
		114
		115	vol, sizeGB, err := manager.createVolume(provisioner, createQuota)
		116	if err != nil {
		117	- return nil, err
		118	+ // don't log error details from client calls in events
		119	+ klog.V(4).Infof("CreateVolume failed: %v", err)
		120	+ return nil, errors.New("CreateVolume failed: see kube-controller-manager.log for details")
		121	}
		122	pv := new(v1.PersistentVolume)
		123	metav1.SetMetaDataAnnotation(&pv.ObjectMeta, util.VolumeDynamicallyCreatedByKey, "quobyte-dynamic-provisioner")
		124	@@ -451,7 +454,13 @@ func (deleter *quobyteVolumeDeleter) Delete() error {
		125	manager := &quobyteVolumeManager{
		126	config: cfg,
		127	}
		128	- return manager.deleteVolume(deleter)
		129	+ err = manager.deleteVolume(deleter)
		130	+ if err != nil {
		131	+ // don't log error details from client calls in events
		132	+ klog.V(4).Infof("DeleteVolume failed: %v", err)
		133	+ return errors.New("DeleteVolume failed: see kube-controller-manager.log for details")
		134	+ }
		135	+ return nil
		136	}
		137
		138	// Parse API configuration (url, username and password) out of class.Parameters.
		139	diff --git a/src/import/pkg/volume/scaleio/sio_client.go b/src/import/pkg/volume/scaleio/sio_client.go
		140	index bc9b9868f7b..2f8c652dd8b 100644
		141	--- a/src/import/pkg/volume/scaleio/sio_client.go
		142	+++ b/src/import/pkg/volume/scaleio/sio_client.go
		143	@@ -126,8 +126,9 @@ func (c *sioClient) init() error {
		144	Username: c.username,
		145	Password: c.password},
		146	); err != nil {
		147	- klog.Error(log("client authentication failed: %v", err))
		148	- return err
		149	+ // don't log error details from client calls in events
		150	+ klog.V(4).Infof(log("client authentication failed: %v", err))
		151	+ return errors.New("client authentication failed")
		152	}
		153
		154	// retrieve system
		155	@@ -214,8 +215,9 @@ func (c sioClient) CreateVolume(name string, sizeGB int64) (siotypes.Volume, e
		156	}
		157	createResponse, err := c.client.CreateVolume(params, c.storagePool.Name)
		158	if err != nil {
		159	- klog.Error(log("failed to create volume %s: %v", name, err))
		160	- return nil, err
		161	+ // don't log error details from client calls in events
		162	+ klog.V(4).Infof(log("failed to create volume %s: %v", name, err))
		163	+ return nil, errors.New("failed to create volume: see kubernetes logs for details")
		164	}
		165	return c.Volume(sioVolumeID(createResponse.ID))
		166	}
		167	@@ -243,8 +245,9 @@ func (c *sioClient) AttachVolume(id sioVolumeID, multipleMappings bool) error {
		168	volClient.Volume = &siotypes.Volume{ID: string(id)}
		169
		170	if err := volClient.MapVolumeSdc(params); err != nil {
		171	- klog.Error(log("failed to attach volume id %s: %v", id, err))
		172	- return err
		173	+ // don't log error details from client calls in events
		174	+ klog.V(4).Infof(log("failed to attach volume id %s: %v", id, err))
		175	+ return errors.New("failed to attach volume: see kubernetes logs for details")
		176	}
		177
		178	klog.V(4).Info(log("volume %s attached successfully", id))
		179	@@ -269,7 +272,9 @@ func (c *sioClient) DetachVolume(id sioVolumeID) error {
		180	volClient := sio.NewVolume(c.client)
		181	volClient.Volume = &siotypes.Volume{ID: string(id)}
		182	if err := volClient.UnmapVolumeSdc(params); err != nil {
		183	- return err
		184	+ // don't log error details from client calls in events
		185	+ klog.V(4).Infof(log("failed to detach volume id %s: %v", id, err))
		186	+ return errors.New("failed to detach volume: see kubernetes logs for details")
		187	}
		188	return nil
		189	}
		190	@@ -287,7 +292,9 @@ func (c *sioClient) DeleteVolume(id sioVolumeID) error {
		191	volClient := sio.NewVolume(c.client)
		192	volClient.Volume = vol
		193	if err := volClient.RemoveVolume("ONLY_ME"); err != nil {
		194	- return err
		195	+ // don't log error details from client calls in events
		196	+ klog.V(4).Infof(log("failed to remove volume id %s: %v", id, err))
		197	+ return errors.New("failed to remove volume: see kubernetes logs for details")
		198	}
		199	return nil
		200	}
		201	@@ -306,8 +313,9 @@ func (c *sioClient) IID() (string, error) {
		202	}
		203	sdc, err := c.sysClient.FindSdc("SdcGUID", guid)
		204	if err != nil {
		205	- klog.Error(log("failed to retrieve sdc info %s", err))
		206	- return "", err
		207	+ // don't log error details from client calls in events
		208	+ klog.V(4).Infof(log("failed to retrieve sdc info %s", err))
		209	+ return "", errors.New("failed to retrieve sdc info: see kubernetes logs for details")
		210	}
		211	c.instanceID = sdc.Sdc.ID
		212	klog.V(4).Info(log("retrieved instanceID %s", c.instanceID))
		213	@@ -472,12 +480,15 @@ func (c *sioClient) WaitForDetachedDevice(token string) error {
		214	// ***********************************************************************
		215	func (c sioClient) findSystem(sysname string) (sys siotypes.System, err error) {
		216	if c.sysClient, err = c.client.FindSystem("", sysname, ""); err != nil {
		217	- return nil, err
		218	+ // don't log error details from clients in events
		219	+ klog.V(4).Infof(log("failed to find system %q: %v", sysname, err))
		220	+ return nil, errors.New("failed to find system: see kubernetes logs for details")
		221	}
		222	systems, err := c.client.GetInstance("")
		223	if err != nil {
		224	- klog.Error(log("failed to retrieve instances: %v", err))
		225	- return nil, err
		226	+ // don't log error details from clients in events
		227	+ klog.V(4).Infof(log("failed to retrieve instances: %v", err))
		228	+ return nil, errors.New("failed to retrieve instances: see kubernetes logs for details")
		229	}
		230	for _, sys = range systems {
		231	if sys.Name == sysname {
		232	@@ -493,8 +504,9 @@ func (c sioClient) findProtectionDomain(pdname string) (siotypes.ProtectionDom
		233	if c.sysClient != nil {
		234	protectionDomain, err := c.sysClient.FindProtectionDomain("", pdname, "")
		235	if err != nil {
		236	- klog.Error(log("failed to retrieve protection domains: %v", err))
		237	- return nil, err
		238	+ // don't log error details from clients in events
		239	+ klog.V(4).Infof(log("failed to retrieve protection domains: %v", err))
		240	+ return nil, errors.New("failed to retrieve protection domains: see kubernetes logs for details")
		241	}
		242	c.pdClient.ProtectionDomain = protectionDomain
		243	return protectionDomain, nil
		244	@@ -508,8 +520,9 @@ func (c sioClient) findStoragePool(spname string) (siotypes.StoragePool, error
		245	if c.pdClient != nil {
		246	sp, err := c.pdClient.FindStoragePool("", spname, "")
		247	if err != nil {
		248	- klog.Error(log("failed to retrieve storage pool: %v", err))
		249	- return nil, err
		250	+ // don't log error details from clients in events
		251	+ klog.V(4).Infof(log("failed to retrieve storage pool: %v", err))
		252	+ return nil, errors.New("failed to retrieve storage pool: see kubernetes logs for details")
		253	}
		254	c.spClient.StoragePool = sp
		255	return sp, nil
		256	@@ -519,14 +532,32 @@ func (c sioClient) findStoragePool(spname string) (siotypes.StoragePool, error
		257	}
		258
		259	func (c sioClient) getVolumes() ([]siotypes.Volume, error) {
		260	- return c.client.GetVolume("", "", "", "", true)
		261	+ volumes, err := c.client.GetVolume("", "", "", "", true)
		262	+ if err != nil {
		263	+ // don't log error details from clients in events
		264	+ klog.V(4).Infof(log("failed to get volumes: %v", err))
		265	+ return nil, errors.New("failed to get volumes: see kubernetes logs for details")
		266	+ }
		267	+ return volumes, nil
		268	}
		269	func (c sioClient) getVolumesByID(id sioVolumeID) ([]siotypes.Volume, error) {
		270	- return c.client.GetVolume("", string(id), "", "", true)
		271	+ volumes, err := c.client.GetVolume("", string(id), "", "", true)
		272	+ if err != nil {
		273	+ // don't log error details from clients in events
		274	+ klog.V(4).Infof(log("failed to get volumes by id: %v", err))
		275	+ return nil, errors.New("failed to get volumes by id: see kubernetes logs for details")
		276	+ }
		277	+ return volumes, nil
		278	}
		279
		280	func (c sioClient) getVolumesByName(name string) ([]siotypes.Volume, error) {
		281	- return c.client.GetVolume("", "", "", name, true)
		282	+ volumes, err := c.client.GetVolume("", "", "", name, true)
		283	+ if err != nil {
		284	+ // don't log error details from clients in events
		285	+ klog.V(4).Infof(log("failed to get volumes by name: %v", err))
		286	+ return nil, errors.New("failed to get volumes by name: see kubernetes logs for details")
		287	+ }
		288	+ return volumes, nil
		289	}
		290
		291	func (c *sioClient) getSdcPath() string {
		292	diff --git a/src/import/pkg/volume/storageos/storageos_util.go b/src/import/pkg/volume/storageos/storageos_util.go
		293	index c7f430ea5d4..d62cae66788 100644
		294	--- a/src/import/pkg/volume/storageos/storageos_util.go
		295	+++ b/src/import/pkg/volume/storageos/storageos_util.go
		296	@@ -128,8 +128,9 @@ func (u storageosUtil) CreateVolume(p storageosProvisioner) (*storageosVolume,
		297
		298	vol, err := u.api.VolumeCreate(opts)
		299	if err != nil {
		300	- klog.Errorf("volume create failed for volume %q (%v)", opts.Name, err)
		301	- return nil, err
		302	+ // don't log error details from client calls in events
		303	+ klog.V(4).Infof("volume create failed for volume %q (%v)", opts.Name, err)
		304	+ return nil, errors.New("volume create failed: see kube-controller-manager.log for details")
		305	}
		306	return &storageosVolume{
		307	ID: vol.ID,
		308	@@ -294,7 +295,12 @@ func (u storageosUtil) DeleteVolume(d storageosDeleter) error {
		309	Namespace: d.volNamespace,
		310	Force: true,
		311	}
		312	- return u.api.VolumeDelete(opts)
		313	+ if err := u.api.VolumeDelete(opts); err != nil {
		314	+ // don't log error details from client calls in events
		315	+ klog.V(4).Infof("volume deleted failed for volume %q in namespace %q: %v", d.volName, d.volNamespace, err)
		316	+ return errors.New("volume delete failed: see kube-controller-manager.log for details")
		317	+ }
		318	+ return nil
		319	}
		320
		321	// Get the node's device path from the API, falling back to the default if not
		322	--
		323	2.17.0
		324


diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb index c378ccc5..e96b7d6d 100644 --- a/recipes-containers/kubernetes/kubernetes_git.bb +++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.16;name=k
14	file://0001-fix-compiling-failure-execvp-bin-bash-Argument-list-.patch \	14	file://0001-fix-compiling-failure-execvp-bin-bash-Argument-list-.patch \
15	file://CVE-2020-8551.patch \	15	file://CVE-2020-8551.patch \
16	file://CVE-2020-8552.patch \	16	file://CVE-2020-8552.patch \
		17	file://CVE-2020-8555.patch \
17	"	18	"
18		19
19	DEPENDS += "rsync-native \	20	DEPENDS += "rsync-native \