From 509e597d2779efd6c40c37c5e1edf2f2b56aaec8 Mon Sep 17 00:00:00 2001 From: Sandhya Ravi Date: Tue, 16 Jul 2024 12:50:33 +0530 Subject: [PATCH 1/6] fix: container-toolkit patched image with fixed CVE --- licenses.d2iq.yaml | 4 ++-- .../{24.3.0 => 24.3.0-d2iq.0}/defaults/cm.yaml | 2 +- .../{24.3.0 => 24.3.0-d2iq.0}/defaults/kustomization.yaml | 0 .../grafana-dashboards/gpu-operator.json | 0 .../grafana-dashboards/kustomization.yaml | 0 .../{24.3.0 => 24.3.0-d2iq.0}/helmrelease.yaml | 2 +- .../{24.3.0 => 24.3.0-d2iq.0}/helmrelease/extra-images.txt | 0 .../{24.3.0 => 24.3.0-d2iq.0}/helmrelease/kustomization.yaml | 0 .../{24.3.0 => 24.3.0-d2iq.0}/helmrelease/nvidia.yaml | 0 .../{24.3.0 => 24.3.0-d2iq.0}/kustomization.yaml | 0 10 files changed, 4 insertions(+), 4 deletions(-) rename services/nvidia-gpu-operator/{24.3.0 => 24.3.0-d2iq.0}/defaults/cm.yaml (96%) rename services/nvidia-gpu-operator/{24.3.0 => 24.3.0-d2iq.0}/defaults/kustomization.yaml (100%) rename services/nvidia-gpu-operator/{24.3.0 => 24.3.0-d2iq.0}/grafana-dashboards/gpu-operator.json (100%) rename services/nvidia-gpu-operator/{24.3.0 => 24.3.0-d2iq.0}/grafana-dashboards/kustomization.yaml (100%) rename services/nvidia-gpu-operator/{24.3.0 => 24.3.0-d2iq.0}/helmrelease.yaml (91%) rename services/nvidia-gpu-operator/{24.3.0 => 24.3.0-d2iq.0}/helmrelease/extra-images.txt (100%) rename services/nvidia-gpu-operator/{24.3.0 => 24.3.0-d2iq.0}/helmrelease/kustomization.yaml (100%) rename services/nvidia-gpu-operator/{24.3.0 => 24.3.0-d2iq.0}/helmrelease/nvidia.yaml (100%) rename services/nvidia-gpu-operator/{24.3.0 => 24.3.0-d2iq.0}/kustomization.yaml (100%) diff --git a/licenses.d2iq.yaml b/licenses.d2iq.yaml index 838b026ba..9d3667614 100644 --- a/licenses.d2iq.yaml +++ b/licenses.d2iq.yaml @@ -403,10 +403,10 @@ resources: - license_path: LICENSE ref: ${image_tag%-ubuntu20.04} url: https://github.com/NVIDIA/nvidia-container-toolkit - - container_image: nvcr.io/nvidia/k8s/container-toolkit:v1.15.0-ubi8 + - container_image: ghcr.io/mesosphere/dkp-container-images/nvcr.io/nvidia/k8s/container-toolkit:v1.15.0-ubi8-d2iq.0 sources: - license_path: LICENSE - ref: ${image_tag%-ubi8} + ref: ${image_tag%-ubi8-d2iq.0} url: https://github.com/NVIDIA/nvidia-container-toolkit - container_image: nvcr.io/nvidia/k8s/dcgm-exporter:3.3.5-3.4.1-ubuntu22.04 sources: diff --git a/services/nvidia-gpu-operator/24.3.0/defaults/cm.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml similarity index 96% rename from services/nvidia-gpu-operator/24.3.0/defaults/cm.yaml rename to services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml index 7b0914fb8..c6b786fd2 100644 --- a/services/nvidia-gpu-operator/24.3.0/defaults/cm.yaml +++ b/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml @@ -13,7 +13,7 @@ data: config: # Create a ConfigMap (default: false) create: false - version: v0.15.0-ubi8 + version: v1.15.0-ubi8-d2iq.0 toolkit: # toolkit needs to be set on per OS # see: https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/getting-started.html#bare-metal-passthrough-with-default-configurations-on-centos diff --git a/services/nvidia-gpu-operator/24.3.0/defaults/kustomization.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/kustomization.yaml similarity index 100% rename from services/nvidia-gpu-operator/24.3.0/defaults/kustomization.yaml rename to services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/kustomization.yaml diff --git a/services/nvidia-gpu-operator/24.3.0/grafana-dashboards/gpu-operator.json b/services/nvidia-gpu-operator/24.3.0-d2iq.0/grafana-dashboards/gpu-operator.json similarity index 100% rename from services/nvidia-gpu-operator/24.3.0/grafana-dashboards/gpu-operator.json rename to services/nvidia-gpu-operator/24.3.0-d2iq.0/grafana-dashboards/gpu-operator.json diff --git a/services/nvidia-gpu-operator/24.3.0/grafana-dashboards/kustomization.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/grafana-dashboards/kustomization.yaml similarity index 100% rename from services/nvidia-gpu-operator/24.3.0/grafana-dashboards/kustomization.yaml rename to services/nvidia-gpu-operator/24.3.0-d2iq.0/grafana-dashboards/kustomization.yaml diff --git a/services/nvidia-gpu-operator/24.3.0/helmrelease.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease.yaml similarity index 91% rename from services/nvidia-gpu-operator/24.3.0/helmrelease.yaml rename to services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease.yaml index c99c0a4cd..5692a60b6 100644 --- a/services/nvidia-gpu-operator/24.3.0/helmrelease.yaml +++ b/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease.yaml @@ -9,7 +9,7 @@ spec: wait: true interval: 6h retryInterval: 1m - path: ./services/nvidia-gpu-operator/24.3.0/helmrelease + path: ./services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease sourceRef: kind: GitRepository name: management diff --git a/services/nvidia-gpu-operator/24.3.0/helmrelease/extra-images.txt b/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/extra-images.txt similarity index 100% rename from services/nvidia-gpu-operator/24.3.0/helmrelease/extra-images.txt rename to services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/extra-images.txt diff --git a/services/nvidia-gpu-operator/24.3.0/helmrelease/kustomization.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/kustomization.yaml similarity index 100% rename from services/nvidia-gpu-operator/24.3.0/helmrelease/kustomization.yaml rename to services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/kustomization.yaml diff --git a/services/nvidia-gpu-operator/24.3.0/helmrelease/nvidia.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/nvidia.yaml similarity index 100% rename from services/nvidia-gpu-operator/24.3.0/helmrelease/nvidia.yaml rename to services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/nvidia.yaml diff --git a/services/nvidia-gpu-operator/24.3.0/kustomization.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/kustomization.yaml similarity index 100% rename from services/nvidia-gpu-operator/24.3.0/kustomization.yaml rename to services/nvidia-gpu-operator/24.3.0-d2iq.0/kustomization.yaml From 0baaa5f882781058c94dda69907b5b99150f58ac Mon Sep 17 00:00:00 2001 From: Sandhya Ravi Date: Tue, 16 Jul 2024 20:40:52 +0530 Subject: [PATCH 2/6] fix: container-toolkit patched image with fixed CVE --- services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml | 2 +- .../24.3.0-d2iq.0/helmrelease/extra-images.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml index c6b786fd2..be748c81e 100644 --- a/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml +++ b/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml @@ -13,7 +13,7 @@ data: config: # Create a ConfigMap (default: false) create: false - version: v1.15.0-ubi8-d2iq.0 + version: v1.15.0-ubi8 toolkit: # toolkit needs to be set on per OS # see: https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/getting-started.html#bare-metal-passthrough-with-default-configurations-on-centos diff --git a/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/extra-images.txt b/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/extra-images.txt index 1881e4c40..d43fa160f 100644 --- a/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/extra-images.txt +++ b/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/extra-images.txt @@ -1,5 +1,5 @@ nvcr.io/nvidia/k8s/container-toolkit:{{ regexReplaceAllLiteral "-.+$" .Values.toolkit.version "" }}-ubuntu20.04 -nvcr.io/nvidia/k8s/container-toolkit:{{ regexReplaceAllLiteral "-.+$" .Values.toolkit.version "" }}-ubi8 +ghcr.io/mesosphere/dkp-container-images/nvcr.io/nvidia/k8s/container-toolkit:{{ regexReplaceAllLiteral "-.+$" .Values.toolkit.version "" }}-ubi8-d2iq.0 nvcr.io/nvidia/cloud-native/gpu-operator-validator:{{ .Values.validator.version }} nvcr.io/nvidia/cloud-native/dcgm:{{ .Values.dcgm.version }} nvcr.io/nvidia/k8s/dcgm-exporter:{{ .Values.dcgmExporter.version }} From 88118f57466f7165f4c9d6690a8989e02877c29e Mon Sep 17 00:00:00 2001 From: Sandhya Ravi Date: Tue, 16 Jul 2024 20:47:12 +0530 Subject: [PATCH 3/6] fix: container-toolkit patched image with fixed CVE --- services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml index be748c81e..7b0914fb8 100644 --- a/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml +++ b/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml @@ -13,7 +13,7 @@ data: config: # Create a ConfigMap (default: false) create: false - version: v1.15.0-ubi8 + version: v0.15.0-ubi8 toolkit: # toolkit needs to be set on per OS # see: https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/getting-started.html#bare-metal-passthrough-with-default-configurations-on-centos From 09970c9526f1aba60f9f3774e22bceeb0815ec9d Mon Sep 17 00:00:00 2001 From: Sandhya Ravi Date: Thu, 18 Jul 2024 21:03:22 +0530 Subject: [PATCH 4/6] fix: container-toolkit patched image with fixed CVE --- .../0.1.0/git-operator-manifests/all.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/services/git-operator/0.1.0/git-operator-manifests/all.yaml b/services/git-operator/0.1.0/git-operator-manifests/all.yaml index 6274eb93e..1b7ba4019 100644 --- a/services/git-operator/0.1.0/git-operator-manifests/all.yaml +++ b/services/git-operator/0.1.0/git-operator-manifests/all.yaml @@ -72,13 +72,12 @@ spec: to access the repository. properties: name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string + namespace: + type: string + required: + - name type: object - x-kubernetes-map-type: atomic url: description: URL is the URL of the git repository. type: string @@ -700,7 +699,7 @@ spec: - --metrics-bind-address=127.0.0.1:8080 - --leader-elect - --namespace=${NAMESPACE:=git-operator-system} - image: docker.io/mesosphere/git-operator:v0.9.0 + image: docker.io/mesosphere/git-operator:v0.8.3 livenessProbe: httpGet: path: /healthz From 9992a26d4f25b0ade801581c52a6b8fc844940d9 Mon Sep 17 00:00:00 2001 From: Sandhya Ravi Date: Fri, 19 Jul 2024 19:30:21 +0530 Subject: [PATCH 5/6] fix: container-toolkit patched image with fixed CVE --- services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml | 2 +- .../nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/nvidia.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml index 7b0914fb8..4988d6fc8 100644 --- a/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml +++ b/services/nvidia-gpu-operator/24.3.0-d2iq.0/defaults/cm.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: nvidia-gpu-operator-24.3.0-d2iq-defaults + name: nvidia-gpu-operator-24.3.0-d2iq.0-defaults namespace: ${releaseNamespace} data: values.yaml: | diff --git a/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/nvidia.yaml b/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/nvidia.yaml index b814da3ef..dcb91b996 100644 --- a/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/nvidia.yaml +++ b/services/nvidia-gpu-operator/24.3.0-d2iq.0/helmrelease/nvidia.yaml @@ -24,5 +24,5 @@ spec: releaseName: nvidia-gpu-operator valuesFrom: - kind: ConfigMap - name: nvidia-gpu-operator-24.3.0-d2iq-defaults + name: nvidia-gpu-operator-24.3.0-d2iq.0-defaults targetNamespace: ${releaseNamespace} From ec22b8d27537e82674444952a9e5414c8d51db1b Mon Sep 17 00:00:00 2001 From: Sandhya Ravi Date: Mon, 22 Jul 2024 15:16:31 +0530 Subject: [PATCH 6/6] fix: container-toolkit patched image with fixed CVE --- .../0.1.0/git-operator-manifests/all.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/services/git-operator/0.1.0/git-operator-manifests/all.yaml b/services/git-operator/0.1.0/git-operator-manifests/all.yaml index 1b7ba4019..6274eb93e 100644 --- a/services/git-operator/0.1.0/git-operator-manifests/all.yaml +++ b/services/git-operator/0.1.0/git-operator-manifests/all.yaml @@ -72,12 +72,13 @@ spec: to access the repository. properties: name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string - namespace: - type: string - required: - - name type: object + x-kubernetes-map-type: atomic url: description: URL is the URL of the git repository. type: string @@ -699,7 +700,7 @@ spec: - --metrics-bind-address=127.0.0.1:8080 - --leader-elect - --namespace=${NAMESPACE:=git-operator-system} - image: docker.io/mesosphere/git-operator:v0.8.3 + image: docker.io/mesosphere/git-operator:v0.9.0 livenessProbe: httpGet: path: /healthz