You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When upgrading k8ssandra helm chart from v1.5.0 to v1.5.2 , reaper-operator is not updating the cassandra-reaper initContainer image while main container image gets updated.
To Reproduce
Steps to reproduce the behavior:
Install k8ssandra chart version v1.5.0
Check cassandra-reaper deployment images version (containers & initContainers) - should be 3.1.1 for both images
Upgrade chart version to v1.5.2
Check cassandra-reaper deployment images version (containers & initContainers) - should be 3.2.1 for both image, but initContainers image is still on version 3.1.1 which is vulnerable image.
Expected behavior
Post upgrade to k8ssandra v1.5.2, cassandra-reaper's container and initContainer images must be on version 3.2.1
Cassandra reaper image 3.2.1 released in v1.5.2 of k8ssandra chart fixes a Critical vulnerability CVE-2022-42889 in cassandra-reaper image. But chart upgrade partially fixes this vulnerability in cassandra-reaper as initContainer image is still on vulnerable version.
Screenshots
If applicable, add screenshots to help explain your problem.
Environment (please complete the following information):
Shivam0609
changed the title
Cassandra reaper deployments, initContainer image version doesn't update on helm chart upgrade
Cassandra reaper deployments initContainer image version doesn't update on helm chart upgrade
Dec 16, 2022
Seems ReconcileDeployment function supports only deployment.spec.template.spec.containers , Can be checked here . This could be reason when upgrading chart version reconciler updates deployment but initContainer is not updated.
But in case of fresh installation it creates reaper-schema-init container with same image as main container image. Can be checked here
So might be something similar can be done for initContainers as we can see for containers in ReconcileDeployment function.
Bug Report
Describe the bug
When upgrading k8ssandra helm chart from v1.5.0 to v1.5.2 , reaper-operator is not updating the
cassandra-reaper
initContainer image while main container image gets updated.To Reproduce
Steps to reproduce the behavior:
cassandra-reaper
deployment images version (containers & initContainers) - should be 3.1.1 for both imagescassandra-reaper
deployment images version (containers & initContainers) - should be 3.2.1 for both image, but initContainers image is still on version 3.1.1 which is vulnerable image.Expected behavior
Post upgrade to k8ssandra v1.5.2, cassandra-reaper's container and initContainer images must be on version 3.2.1
Cassandra reaper image 3.2.1 released in v1.5.2 of k8ssandra chart fixes a Critical vulnerability
CVE-2022-42889
incassandra-reaper
image. But chart upgrade partially fixes this vulnerability in cassandra-reaper as initContainer image is still on vulnerable version.Screenshots
If applicable, add screenshots to help explain your problem.
Environment (please complete the following information):
(root:~) kubectl version --short Client Version: v1.23.9 Server Version: v1.23.13-eks-fb459a0
Additional context
The text was updated successfully, but these errors were encountered: