If you are using a version prior to 1.11.1, 1.10.2, or 1.9.4 of kubeadge, you should upgrade to one of these versions. Alternatively, you can install viaduct with the -ev1 flag and avoid the response that is causing this issue. The WSClient is a library that allows a host to invoke a WS endpoint and receive a response. Prior to version 1.11.1, 1.10.2, and 1.9.4, a large response received by the WSClient can cause an exhaustion of memory in the WSClient process. The entire body of the response is being read into memory which could allow an attacker to send a request that returns a response with a large body. The consequence of the exhaustion is that the process which invokes a WSClient will be in a denial of service. How to upgrade You can upgrade to one of the latest versions of viaduct and kubeadge by following these instructions. Alternatively, you can install viaduct with the -ev1 flag and avoid the response that is causing this issue.
Installing viaduct with the -ev1 flag
If you are already familiar with viaduct, installing viaduct with the -ev1 flag is easy. The command to install viaduct with the -ev1 flag is:
sudo pip3 install --upgrade viaduct -ev1
Steps to upgrade
1. Install viaduct and kubeadge
2. Upgrade to kubeadge 1.11.1 or 1.10.2
3. Upgrade to kubeadge 1.9.4
Install viaduct and kubeadge on your Kubernetes cluster
To install viaduct with the -ev1 flag and avoid response exhaustion, you can use the following command to install Viaduct on your cluster.
kubeadm config images "viaduct=https://github.com/viaductio/viaduct-k8s"
The image is a container image that contains a minimal viaduct installation.
Install viaduct with the -ev1 flag
A new release of viaduct was released which is designed to avoid this issue. If you are using a version prior to 1.11.1, 1.10.2, or 1.9.4 of kubeadge, you should upgrade to one of these versions instead of installing viaduct with the -ev1 flag and avoid the response that is causing this issue.
Timeline
Published on: 07/11/2022 21:15:00 UTC
Last modified on: 07/16/2022 13:47:00 UTC