Add features for Metrics Server, Cert Status Checker, VSphere VCP, and Cilium Envoy (Moderate)
Description:
Metrics Server
* Support monitoring of *CPU* and *memory* of a pod or node. Cert Status Checker * Exposes cluster-wide certificates status and use monitoring stack (Prometheus and Grafana) to receives alerts by Prometheus Alertmanager and monitors certificate status by Grafana dashboard. VSphere VCP * Allow Kubernetes pods to use VMWare vSphere Virtual Machine Disk (VMDK) volumes as persistent storage. Cilium Envoy * Updated Cilium from version 1.5.3 to version 1.6.6 * Provide Envoy-proxy support for Cilium * Envoy and its dependencies packaged for version 1.12.2 * Cilium uses CRD and ConfigMap points on etcd are removed See release notes for installation instructions: https://www.suse.com/releasenotes/x86_64/SUSE-CAASP/4/
Following CVE entries are relevant for the casp 4.2.1 update:
cilium-proxy:
CVE-2019-18801: An untrusted remote client might have been able to send HTTP/2 requests via cilium-proxyx that could have written to the heap outside of the request buffers when the upstream is HTTP/1. (bsc#1159002) CVE-2019-18802: A malformed request header may have caused bypass of route matchers resulting in escalation of privileges or information disclosure (bsc#1159003) CVE-2019-18838: A malformed HTTP request without the Host header may cause abnormal termination ofthe Envoy process (bsc#1159004) CVE-2019-18836: Excessive iteration due to listener filter timeout in envoy could lead to DoS (bsc#1156450)
kafka:
CVE-2018-1288: authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request. (bsc#1102920)