Bumping the k8s.io dependencies to v0.26.7. The main intention
is to update the client-go library dependency for kube 1.27+,
where aggregated discovery is enabled. With client-go lower than
v0.26.4 in some cases it is possible that the discovery response
comes with the malformed response with nil GVK leading to Crash
Loop Back Off state.
Upstream kubernetes issue:
https://github.com/kubernetes/kubernetes/pull/116603
Signed-off-by: karthik-us <ksubrahm@redhat.com>
This commit also fixes k8s.io/cloud-providers v0.22.2,
instead of v1.22.1 which does not exist and was overrided
in replace.
Signed-off-by: Rakshith R <rar@redhat.com>
Dependabot can not update the dependencies for k8s.io/kubernetes
correctly. Helping the bot out with this additional commit.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Kubernetes v1.22 version has been released and this update
ceph csi dependencies to use the same version.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Updated kubernetes packages to latest release.
resizefs package has been included into k8s.io/mount-utils
package. updated code to use the same.
Updates: #1968
Signed-off-by: Rakshith R <rar@redhat.com>
client-go 1.20.6 has a fix for below CVE: This patch address this
via updating client-go and other dependencies.
CVE-2019-11250 : The MITRE CVE dictionary describes this issue as:
The Kubernetes client-go library logs request headers at verbosity
levels of 7 or higher. This can disclose credentials to unauthorized
users via logs or command output. Kubernetes components (such as
kube-apiserver) prior to v1.16.0, which make use of basic or bearer
token authentication, and run at high verbosity levels, are affected.
Ref# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11250
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
