Skip to content

Instantly share code, notes, and snippets.

@amandadebler
Created February 13, 2019 07:39
Show Gist options
  • Save amandadebler/54d68cf8afbb1e560006ac45226d81ee to your computer and use it in GitHub Desktop.
Save amandadebler/54d68cf8afbb1e560006ac45226d81ee to your computer and use it in GitHub Desktop.
For CVE-2019-5736 (runc container breakout)
# works with both Get-AzAks cluster object and az aks list | ConvertFrom-Json PSCustomObjects
function Get-AKSHotfixVersion {
param($AKSCluster)
$hotfixVersions = @{'12'='1.12.5'; '11'='1.11.7'; '10'='1.10.12'; '9'='1.9.11'}
foreach ($cluster in $AKSCluster) {
$currentVersion = $cluster.KubernetesVersion
[string]$majorRelease = $currentVersion.split('.')[1]
$hotfixVersion = $hotfixVersions.$majorRelease
$hotfixVersion
}
}
$mySubscriptions = $(az account list --query [].id -o tsv)
foreach ($subscription in $mySubscriptions) {
$clusters = $(az aks list --subscription $subscription) | ConvertFrom-Json
foreach ($cluster in $clusters) {
$targetVersion = Get-AKSHotfixVersion -AKSCluster $cluster
az aks upgrade --resource-group $($cluster.resourceGroup) --name $($cluster.name) --kubernetes-version $targetVersion --subscription $subscription --no-wait --yes
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment