According to this cve There’s a potential issue with kubernetes 1.11.1 which is used in the component pack 6.0.0.6.
So I was wondering if it is possible to upgrade the kubernetes version to the patched point release 1.11.5.
The long version can be found in the official documentation.
The short version:
#on Master Node
yum-config-manager --enable kubernetes
yum install kubeadm-1.11.5-0 --disableexcludes=kubernetes
kubeadm upgrade plan
kubeadm upgrade apply v1.11.5
#Masterupdate
kubectl drain $MASTER --ignore-daemonsets
yum install kubectl-1.11.5-0 kubelet-1.11.5-0 --disableexcludes=kubernetes
kubectl uncordon $MASTER
yum-config-manager --disable kubernetes
#repeat for each master goto Masterupdate
#for each node
kubectl drain $NODE
#Nodeupdate
#on node $NODE
yum-config-manager --enable kubernetes
yum install kubectl-1.11.5-0 kubelet-1.11.5-0 kubeadm-1.11.5-0 --disableexcludes=kubernetes
yum-config-manager --disable kubernetes
kubeadm upgrade node config --kubelet-version $(kubelet --version | cut -d ' ' -f 2)
systemctl daemon-reload
systemctl restart kubelet
#back on the master
kubectl uncordon $NODE
#repeat for each node: restart from Nodeupdate
The upgrade on my little lab environment (1 Master + 3 Worker) went smooth.