Preface: Microsoft officials said a bug in Ubuntu 18/04 “will lead to DNS resolution errors”, and that “reports of this issue are confined to this single Ubuntu version.” 31st Aug 2022
Background: How to install Kubernetes on Ubuntu 18.04 Bionic Beaver Linux?
- Install docker on every node (master and slave nodes). Execute the below linux command to install docker on all your Kubernetes nodes:
$ sudo apt install docker[.]io
Once the Docker is installed ensure that it is enabled to start after reboot:
$ sudo systemctl enable docker - Install Kubernetes on all nodes (master & slave):
Adding the Kubernetes signing key:
$ curl -s https://packages[.]cloud[.]google.com/apt/doc/apt-key[].gpg | sudo apt-key add - Add the Kubernetes repository and install Kubernetes
$ sudo apt-add-repository “deb http://apt[.]kubernetes[.]io/ kubernetes-xenial main”
$ sudo apt install kubeadm - Disable swap memory on all your nodes (master & slave):
$ sudo swapoff -a - Next, ensure that all your nodes have a unique host name. set the master node with the kubernetes-master hostname:
$ sudo hostnamectl set-hostname kubernetes-master
5.1 Set the slave node with the kubernetes-master hostname:
$ sudo hostnamectl set-hostname kubernetes-slave
6.Initialize the Kubernetes master node – Execute the following linux command on your master node:
kubernetes-master:~$ sudo kubeadm init –pod-network-cidr=10[.]244[.]0[.]0/16
6.1 Execute the bellow commands as a regular user to start using Kubernetes cluster:
kubernetes-master:~$ mkdir -p $HOME/.kube
kubernetes-master:~$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
kubernetes-master:~$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
7.Deploy a pod network
kubernetes-master:~$ kubectl apply -f https://raw[.]githubusercontent[.]com/coreos/flannel/master/Documentation/kube-flannel[.]yml - Join Kubernetes Cluster
kubernetes-slave:~$ sudo kubeadm join 10[.]1[.]1[.]9:6443 –token qdjnpd[.]5glu39uxr92xarsj –discovery-token-ca-cert-hash sha256:ed0684156c718caf425ceae6c85a56c05f7b49037cde3a2f1fd57430a4f58f89
Remark: Refer Step 6, copy the token hash from the screen display.
Vulnerability details: A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in ‘resolved-dns-stream[.]c’ not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
For headline news details, please refer to the link – https://www.theregister.com/2022/08/30/ubuntu_systemd_dns_update/