posted

0 Comments

An important new version of Container Service Extension (CSE) is now available, version 1.2.7, that includes a critical fix for a security issue in the runc component of Docker. You can read more details about the security issue in the Security Advisory: https://www.vmware.com/security/advisories/VMSA-2019-0001.html

VMware Security Advisory Container Service Extension

Upgrading CSE with New Security Fix

For upgrading follow the procedure documented in Release Notes https://vmware.github.io/container-service-extension/RELEASE_NOTES.html:

  • Install CSE 1.2.7
  • Update the templates using the command

Already deployed Kubernetes clusters will not be upgraded, tenants have to recreate them or update the docker version manually.

Important Notes on New RBAC Feature

This version also includes the role-based access control (RBAC) which was introduced in 1.2.6. If you upgrade to 1.2.7 from version 1.2.5 or earlier, you have to add the “enable_authorization” parameter to the config.yaml file.

More details can be found in the RBAC documentation: https://vmware.github.io/container-service-extension/RBAC.html