Important Security Update for Container Service Extension

An important new version of Container Service Extension (CSE) is now available, version 1.2.7, that includes a critical fix for a security issue in the runc component of Docker. You can read more details about the security issue in the Security Advisory: https://www.vmware.com/security/advisories/VMSA-2019-0001.html

Upgrading CSE with New Security Fix

For upgrading follow the procedure documented in Release Notes https://vmware.github.io/container-service-extension/RELEASE_NOTES.html:

• Install CSE 1.2.7
• Update the templates using the command
  

  cse install -c config.yaml –template template-name –update –amqp skip –ext skip

  Read moreProtecting Virtual SAP Landscapes with VMware vShield App – Part 1 of 2 cse install –c config.yaml –template template–name –update –amqp skip –ext skip

Already deployed Kubernetes clusters will not be upgraded, tenants have to recreate them or update the docker version manually.

Important Notes on New RBAC Feature

This version also includes the role-based access control (RBAC) which was introduced in 1.2.6. If you upgrade to 1.2.7 from version 1.2.5 or earlier, you have to add the “enable_authorization” parameter to the config.yaml file.

More details can be found in the RBAC documentation: https://vmware.github.io/container-service-extension/RBAC.html