My Oracle Support Banner

Update CRI-O version by recreating Kubernetes worker nodes (Doc ID 2861215.1)

Last updated on FEBRUARY 08, 2024

Applies to:

Oracle Cloud Infrastructure - Oracle Container Engine for Kubernetes
Information in this document applies to any platform.

Details

ORACLE CONFIDENTIAL

This notification is about Kubernetes CVE-2022-0811, also referred to as cr8escape. Oracle Container Engine for Kubernetes (OKE) has released software updates for Kubernetes 1.20 or 1.21 that allow customers to remediate the cr8escape vulnerability in CRI-O by recreating impacted nodes. This notification is being sent OKE customers with worker nodes running Kubernetes 1.20 or 1.21. Your cluster(s) has been identified as matching these criteria. Oracle highly recommends upgrading worker nodes to Kubernetes 1.22.5. Refer to Supported Versions of Kubernetes for more information about supported Kubernetes versions.

Actions

How do I recreate impacted worker nodes?
 
Nodes created prior to the dates listed in customer notifications must be terminated and recreated. All nodes created after the dates listed below will have the fix applied. You are not required to modify the Node Pool properties, such as by selecting a new image or Kubernetes version. Follow the instructions in Upgrading the Kubernetes Version on Worker Nodes in a Cluster to create new nodes and move over your workloads. The aforementioned document includes steps for how to drain workloads from specific nodes or node pools before creating new nodes.

Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
 ORACLE CONFIDENTIAL
Actions
Contacts

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.