kubeadm: Fix panic in isCoreDNSVersionSupported

A narrow assumption of what is contained in the `imageID` fields for the
CoreDNS pods causes a panic upon upgrade.
Fix this by using a proper regex to match a trailing SHA256 image digest
in `imageID` or return an error if it cannot find it.

Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
This commit is contained in:
Rostislav M. Georgiev 2020-03-26 20:24:21 +02:00
parent 9a4b30099e
commit fbfd44f337

View File

@ -21,6 +21,7 @@ import (
"encoding/json"
"fmt"
"net"
"regexp"
"strings"
"github.com/caddyserver/caddy/caddyfile"
@ -397,6 +398,11 @@ func isCoreDNSConfigMapMigrationRequired(corefile, currentInstalledCoreDNSVersio
return isMigrationRequired, nil
}
var (
// imageDigestMatcher is used to match the SHA256 digest from the ImageID of the CoreDNS pods
imageDigestMatcher = regexp.MustCompile(`^.*(?i:sha256:([[:alnum:]]{64}))$`)
)
func isCoreDNSVersionSupported(client clientset.Interface) (bool, error) {
isValidVersion := true
coreDNSPodList, err := client.CoreV1().Pods(metav1.NamespaceSystem).List(
@ -410,8 +416,12 @@ func isCoreDNSVersionSupported(client clientset.Interface) (bool, error) {
}
for _, pod := range coreDNSPodList.Items {
imageID := strings.Split(pod.Status.ContainerStatuses[0].ImageID, ":")
if !migration.Released(imageID[2]) {
imageID := imageDigestMatcher.FindStringSubmatch(pod.Status.ContainerStatuses[0].ImageID)
if len(imageID) != 2 {
return false, errors.Errorf("unable to match SHA256 digest ID in %q", pod.Status.ContainerStatuses[0].ImageID)
}
// The actual digest should be at imageID[1]
if !migration.Released(imageID[1]) {
isValidVersion = false
}
}