New Release and Security Update for Container Service Extension

An important new version of Container Service Extension (CSE) is now available, version 1.2.7, that includes a critical fix for a security issue in the runc component of Docker. You can read more details about the security issue in the Security Advisory: https://www.vmware.com/security/advisories/VMSA-2019-0001.html

Upgrading CSE with New Security Fix

For upgrading follow the procedure documented in Release Notes https://vmware.github.io/container-service-extension/RELEASE_NOTES.html:

Install CSE 1.2.7
Update the templates using the command

cse install -c config.yaml –template template-name –update –amqp skip –ext skip

1

cse install -c config.yaml –template template-name –update –amqp skip –ext skip

Already deployed Kubernetes clusters will not be upgraded, tenants have to recreate them or update the docker version manually.

Important Notes on New RBAC Feature

This version also includes the role-based access control (RBAC) which was introduced in 1.2.6. If you upgrade to 1.2.7 from version 1.2.5 or earlier, you have to add the “enable_authorization” parameter to the config.yaml file.

More details can be found in the RBAC documentation: https://vmware.github.io/container-service-extension/RBAC.html

Upgrading CSE with New Security Fix

Important Notes on New RBAC Feature

Related Articles

Leverage Partner Insights to Maximize Reach and Become Broadcom Sovereign Cloud Approved

Terraform VMware Cloud Director Provider v3.14.0

Delivering Private Cloud as a Service with VMware Cloud Foundation