RHBA-2016:0184 - Bug Fix Advisory

标题

Updated kubernetes packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras.

描述

The kubernetes packages provide container cluster management.

This update fixes the following bugs:

• Capabilities to open port 443 for the kube-apiserver binary have been added to the kubernetes-master package. (BZ#1275379)
• The /usr/bin/kube-apiserver file had incorrectly set permissions and as a consequence, the kube-apiserver service failed to start. This bugs has been fixed and kube-apiserver now starts as expected. (BZ#1295545)

Additionally, this update also introduces the following enhancements:

• The kubernetes packages are now built from the OpenShift Enterprise source code. This change improves the stability and continuous integration of kubernetes. Also, the kubernetes packages now include support for debug info. And, internal pod infrastructure container is now used (registry.access.redhat.com/rhel7/pod-infrastructure:latest) (BZ#1295357)
• Previously, some pods occasionally remained in "Terminating" state for significantly long time after being deleted. This bug has been fixed and the pods are now deleted as expected. (BZ#1271198)
• The "/etc/kubernetes/config" file contained a typo in the "KUBE_ALLOW_PRIV" option. The "--allow_privileged" option has been renamed to the correct "--allow-privileged". (BZ#1289762)
• This update introduces the "--legacy-userspace-proxy=false" option to resolve the high CPU usage of kube-proxy. (BZ#1293718)

Users of kubernetes are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

解决方案

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

受影响的产品

• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux Server from RHUI 7 x86_64

修复

• BZ - 1271198 - Some pods stay in Terminating state after deleting.
• BZ - 1275379 - kubernetes apiserver missing capabilities to open port 443
• BZ - 1289762 - /etc/kubernetes/config has typo for privileged containers option
• BZ - 1295357 - Build kubernetes for AH 7.2.2

CVE

(none)

参考

• http://www.redhat.com/security/updates/classification/#normal