Prevent enabling efk addon due to containing Log4j CVE

cmd/minikube/cmd/config/enable.go

@@ -18,20 +18,16 @@ package config
 
 import (
 	"errors"
-	"fmt"
 
-	"github.com/blang/semver/v4"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"k8s.io/minikube/pkg/addons"
 	"k8s.io/minikube/pkg/minikube/assets"
 	"k8s.io/minikube/pkg/minikube/config"
-	"k8s.io/minikube/pkg/minikube/constants"
 	"k8s.io/minikube/pkg/minikube/exit"
 	"k8s.io/minikube/pkg/minikube/out"
 	"k8s.io/minikube/pkg/minikube/reason"
 	"k8s.io/minikube/pkg/minikube/style"
-	"k8s.io/minikube/pkg/util"
 )
 
 var addonsEnableCmd = &cobra.Command{
@@ -44,16 +40,12 @@ var addonsEnableCmd = &cobra.Command{
 			exit.Message(reason.Usage, "usage: minikube addons enable ADDON_NAME")
 		}
 		addon := args[0]
-		// replace heapster as metrics-server because heapster is deprecated
-		if addon == "heapster" {
-			out.Styled(style.Waiting, "using metrics-server addon, heapster is deprecated")
-			addon = "metrics-server"
-		}
-		if addon == "ambassador" {
-			out.Styled(style.Warning, "The ambassador addon has stopped working as of v1.23.0, for more details visit: https://github.com/datawire/ambassador-operator/issues/73")
-		}
-		if addon == "olm" {
-			out.Styled(style.Warning, "The OLM addon has stopped working, for more details visit: https://github.com/operator-framework/operator-lifecycle-manager/issues/2534")
+		isDeprecated, replacement, msg := addons.Deprecations(addon)
+		if isDeprecated && replacement == "" {
+			exit.Message(reason.InternalAddonEnable, msg)
+		} else if isDeprecated {
+			out.Styled(style.Waiting, msg)
+			addon = replacement
 		}
 		addonBundle, ok := assets.Addons[addon]
 		if ok {
@@ -80,53 +72,6 @@ You can view the list of minikube maintainers at: https://github.com/kubernetes/
 		if err != nil && !errors.Is(err, addons.ErrSkipThisAddon) {
 			exit.Error(reason.InternalAddonEnable, "enable failed", err)
 		}
-		if addon == "dashboard" {
-			tipProfileArg := ""
-			if ClusterFlagValue() != constants.DefaultClusterName {
-				tipProfileArg = fmt.Sprintf(" -p %s", ClusterFlagValue())
-			}
-			out.Styled(style.Tip, `Some dashboard features require the metrics-server addon. To enable all features please run:
-
-	minikube{{.profileArg}} addons enable metrics-server	
-
-`, out.V{"profileArg": tipProfileArg})
-
-		}
-		if addon == "headlamp" {
-			out.Styled(style.Tip, `To access Headlamp, use the following command:
-minikube service headlamp -n headlamp
-
-`)
-			tokenGenerationTip := "To authenticate in Headlamp, fetch the Authentication Token using the following command:"
-			createSvcAccountToken := "kubectl create token headlamp --duration 24h -n headlamp"
-			getSvcAccountToken := `export SECRET=$(kubectl get secrets --namespace headlamp -o custom-columns=":metadata.name" | grep "headlamp-token")
-kubectl get secret $SECRET --namespace headlamp --template=\{\{.data.token\}\} | base64 --decode`
-
-			clusterName := ClusterFlagValue()
-			clusterVersion := ClusterKubernetesVersion(clusterName)
-			parsedClusterVersion, err := util.ParseKubernetesVersion(clusterVersion)
-			if err != nil {
-				tokenGenerationTip = fmt.Sprintf("%s\nIf Kubernetes Version is <1.24:\n%s\n\nIf Kubernetes Version is >=1.24:\n%s\n", tokenGenerationTip, createSvcAccountToken, getSvcAccountToken)
-			} else {
-				if parsedClusterVersion.GTE(semver.Version{Major: 1, Minor: 24}) {
-					tokenGenerationTip = fmt.Sprintf("%s\n%s", tokenGenerationTip, createSvcAccountToken)
-				} else {
-					tokenGenerationTip = fmt.Sprintf("%s\n%s", tokenGenerationTip, getSvcAccountToken)
-				}
-			}
-			out.Styled(style.Tip, fmt.Sprintf("%s\n", tokenGenerationTip))
-
-			tipProfileArg := ""
-			if clusterName != constants.DefaultClusterName {
-				tipProfileArg = fmt.Sprintf(" -p %s", clusterName)
-			}
-			out.Styled(style.Tip, `Headlamp can display more detailed information when metrics-server is installed. To install it, run:
-
-minikube{{.profileArg}} addons enable metrics-server	
-
-`, out.V{"profileArg": tipProfileArg})
-
-		}
 		if err == nil {
 			out.Step(style.AddonEnable, "The '{{.addonName}}' addon is enabled", out.V{"addonName": addon})
 		}

cmd/minikube/cmd/config/flags.go

@@ -19,16 +19,9 @@ package config
 import (
 	"github.com/spf13/viper"
 	"k8s.io/minikube/pkg/minikube/config"
-	"k8s.io/minikube/pkg/minikube/mustload"
 )
 
 // ClusterFlagValue returns the current cluster name based on flags
 func ClusterFlagValue() string {
 	return viper.GetString(config.ProfileName)
 }
-
-// ClusterKubernetesVersion returns the current Kubernetes version of the cluster
-func ClusterKubernetesVersion(clusterProfile string) string {
-	_, cc := mustload.Partial(clusterProfile)
-	return cc.KubernetesConfig.KubernetesVersion
-}

pkg/addons/addons.go

@@ -76,16 +76,90 @@ func RunCallbacks(cc *config.ClusterConfig, name string, value string) error {
 		return errors.Wrap(err, "running validations")
 	}
 
+	preStartMessages(name, value)
+
 	// Run any callbacks for this property
 	if err := run(cc, name, value, a.callbacks); err != nil {
 		if errors.Is(err, ErrSkipThisAddon) {
 			return err
 		}
 		return errors.Wrap(err, "running callbacks")
 	}
+
+	postStartMessages(cc, name, value)
+
 	return nil
 }
 
+func preStartMessages(name, value string) {
+	if value != "true" {
+		return
+	}
+	switch name {
+	case "ambassador":
+		out.Styled(style.Warning, "The ambassador addon has stopped working as of v1.23.0, for more details visit: https://github.com/datawire/ambassador-operator/issues/73")
+	case "olm":
+		out.Styled(style.Warning, "The OLM addon has stopped working, for more details visit: https://github.com/operator-framework/operator-lifecycle-manager/issues/2534")
+	}
+}
+
+func postStartMessages(cc *config.ClusterConfig, name, value string) {
+	if value != "true" {
+		return
+	}
+	clusterName := cc.Name
+	tipProfileArg := ""
+	if clusterName != constants.DefaultClusterName {
+		tipProfileArg = fmt.Sprintf(" -p %s", clusterName)
+	}
+	switch name {
+	case "dashboard":
+		out.Styled(style.Tip, `Some dashboard features require the metrics-server addon. To enable all features please run:
+
+	minikube{{.profileArg}} addons enable metrics-server	
+
+`, out.V{"profileArg": tipProfileArg})
+	case "headlamp":
+		out.Styled(style.Tip, `To access Headlamp, use the following command:
+minikube service headlamp -n headlamp
+
+`)
+		tokenGenerationTip := "To authenticate in Headlamp, fetch the Authentication Token using the following command:"
+		createSvcAccountToken := "kubectl create token headlamp --duration 24h -n headlamp"
+		getSvcAccountToken := `export SECRET=$(kubectl get secrets --namespace headlamp -o custom-columns=":metadata.name" | grep "headlamp-token")
+kubectl get secret $SECRET --namespace headlamp --template=\{\{.data.token\}\} | base64 --decode`
+
+		clusterVersion := cc.KubernetesConfig.KubernetesVersion
+		parsedClusterVersion, err := util.ParseKubernetesVersion(clusterVersion)
+		if err != nil {
+			tokenGenerationTip = fmt.Sprintf("%s\nIf Kubernetes Version is <1.24:\n%s\n\nIf Kubernetes Version is >=1.24:\n%s\n", tokenGenerationTip, createSvcAccountToken, getSvcAccountToken)
+		} else {
+			if parsedClusterVersion.GTE(semver.Version{Major: 1, Minor: 24}) {
+				tokenGenerationTip = fmt.Sprintf("%s\n%s", tokenGenerationTip, createSvcAccountToken)
+			} else {
+				tokenGenerationTip = fmt.Sprintf("%s\n%s", tokenGenerationTip, getSvcAccountToken)
+			}
+		}
+		out.Styled(style.Tip, fmt.Sprintf("%s\n", tokenGenerationTip))
+		out.Styled(style.Tip, `Headlamp can display more detailed information when metrics-server is installed. To install it, run:
+
+minikube{{.profileArg}} addons enable metrics-server	
+
+`, out.V{"profileArg": tipProfileArg})
+	}
+}
+
+// Deprecations if the selected addon is deprecated return the replacement addon, otherwise return the passed in addon
+func Deprecations(name string) (bool, string, string) {
+	switch name {
+	case "heapster":
+		return true, "metrics-server", "using metrics-server addon, heapster is deprecated"
+	case "efk":
+		return true, "", "The current images used in the efk addon contain Log4j vulnerabilities, the addon will be disabled until images are updated, see: https://github.com/kubernetes/minikube/issues/15280"
+	}
+	return false, "", ""
+}
+
 // Set sets a value in the config (not threadsafe)
 func Set(cc *config.ClusterConfig, name string, value string) error {
 	a, valid := isAddonValid(name)
@@ -426,9 +500,13 @@ func Start(wg *sync.WaitGroup, cc *config.ClusterConfig, toEnable map[string]boo
 
 	// Apply new addons
 	for _, name := range additional {
-		// replace heapster as metrics-server because heapster is deprecated
-		if name == "heapster" {
-			name = "metrics-server"
+		isDeprecated, replacement, msg := Deprecations(name)
+		if isDeprecated && replacement == "" {
+			out.FailureT(msg)
+			continue
+		} else if isDeprecated {
+			out.Styled(style.Waiting, msg)
+			name = replacement
 		}
 		// if the specified addon doesn't exist, skip enabling
 		_, e := isAddonValid(name)

translations/de.json

@@ -927,6 +927,7 @@
 	"config modifies minikube config files using subcommands like \"minikube config set driver kvm2\"\nConfigurable fields: \n\n": "config modifiziert Minikube Konfigurations Dateien mit Unter-Befehlen wie \"minikube config set driver kvm2\"\nConfigurable fields: \n\n",
 	"config view failed": "config view fehlgeschlagen",
 	"containers paused status: {{.paused}}": "Container in pausiert status: {{.paused}}",
+	"dashboard": "",
 	"dashboard service is not running: {{.error}}": "Dashboard Service läuft nicht: {{.error}}",
 	"delete ctx": "lösche ctx",
 	"deleting node": "lösche Node",
@@ -953,6 +954,7 @@
 	"failed to set cloud shell kubelet config options": "Setzen der Cloud Shell Kublet Konfigurations Opetionen fehlgeschlagen",
 	"failed to set extra option": "",
 	"failed to start node": "Start des Nodes fehlgeschlagen",
+	"false": "",
 	"fish completion failed": "fish completion fehlgeschlagen",
 	"fish completion.": "fish fehlgeschlagen",
 	"if true, will embed the certs in kubeconfig.": "Falls gesetzt, werden die Zeritifikate in die kubeconfig integriert.",
@@ -1012,6 +1014,7 @@
 	"status json failure": "Status json Fehler",
 	"status text failure": "Status text Fehler",
 	"too many arguments ({{.ArgCount}}).\nusage: minikube config set PROPERTY_NAME PROPERTY_VALUE": "Zu viele Parameter ({{.ArgCount}}).\nVerwendung: minikube config set PROPERTY_NAME PROPERTY_VALUE",
+	"true": "",
 	"tunnel creates a route to services deployed with type LoadBalancer and sets their Ingress to their ClusterIP. for a detailed example see https://minikube.sigs.k8s.io/docs/tasks/loadbalancer": "",
 	"unable to bind flags": "Kann Parameter nicht zuweisen",
 	"unable to daemonize: {{.err}}": "Kann nicht in den Hintergrund starten (daemonize): {{.err}}",

translations/es.json

@@ -925,6 +925,7 @@
 	"config modifies minikube config files using subcommands like \"minikube config set driver kvm2\"\nConfigurable fields: \n\n": "",
 	"config view failed": "",
 	"containers paused status: {{.paused}}": "",
+	"dashboard": "",
 	"dashboard service is not running: {{.error}}": "",
 	"delete ctx": "",
 	"deleting node": "",
@@ -949,6 +950,7 @@
 	"failed to save config": "",
 	"failed to set extra option": "",
 	"failed to start node": "",
+	"false": "",
 	"fish completion failed": "",
 	"fish completion.": "",
 	"if true, will embed the certs in kubeconfig.": "",
@@ -1006,6 +1008,7 @@
 	"status json failure": "",
 	"status text failure": "",
 	"too many arguments ({{.ArgCount}}).\nusage: minikube config set PROPERTY_NAME PROPERTY_VALUE": "",
+	"true": "",
 	"tunnel creates a route to services deployed with type LoadBalancer and sets their Ingress to their ClusterIP. for a detailed example see https://minikube.sigs.k8s.io/docs/tasks/loadbalancer": "",
 	"unable to bind flags": "",
 	"unable to daemonize: {{.err}}": "",
@@ -1026,7 +1029,6 @@
 	"usage: minikube config unset PROPERTY_NAME": "",
 	"usage: minikube delete": "",
 	"usage: minikube profile [MINIKUBE_PROFILE_NAME]": "",
-	"using metrics-server addon, heapster is deprecated": "",
 	"version json failure": "",
 	"version yaml failure": "",
 	"yaml encoding failure": "",

translations/fr.json

@@ -899,6 +899,7 @@
 	"config modifies minikube config files using subcommands like \"minikube config set driver kvm2\"\nConfigurable fields: \n\n": "config modifie les fichiers de configuration de minikube à l'aide de sous-commandes telles que \"minikube config set driver kvm2\"\nChamps configurables : \n\n",
 	"config view failed": "échec de la vue de configuration",
 	"containers paused status: {{.paused}}": "état des conteneurs en pause : {{.paused}}",
+	"dashboard": "",
 	"dashboard service is not running: {{.error}}": "le service de tableau de bord ne fonctionne pas : {{.error}}",
 	"delete ctx": "supprimer ctx",
 	"deleting node": "suppression d'un nœud",
@@ -925,6 +926,7 @@
 	"failed to set cloud shell kubelet config options": "échec de la définition des options de configuration cloud shell kubelet",
 	"failed to set extra option": "impossible de définir une option supplémentaire",
 	"failed to start node": "échec du démarrage du nœud",
+	"false": "",
 	"fish completion failed": "la complétion fish a échoué",
 	"fish completion.": "complétion fish.",
 	"if true, will embed the certs in kubeconfig.": "si vrai, intégrera les certificats dans kubeconfig.",
@@ -984,6 +986,7 @@
 	"status json failure": "état du JSON en échec",
 	"status text failure": "état du texte en échec",
 	"too many arguments ({{.ArgCount}}).\nusage: minikube config set PROPERTY_NAME PROPERTY_VALUE": "trop d'arguments ({{.ArgCount}}).\nusage : jeu de configuration de minikube PROPERTY_NAME PROPERTY_VALUE",
+	"true": "",
 	"tunnel creates a route to services deployed with type LoadBalancer and sets their Ingress to their ClusterIP. for a detailed example see https://minikube.sigs.k8s.io/docs/tasks/loadbalancer": "le tunnel crée une route vers les services déployés avec le type LoadBalancer et définit leur Ingress sur leur ClusterIP. Pour un exemple détaillé, voir https://minikube.sigs.k8s.io/docs/tasks/loadbalancer",
 	"unable to bind flags": "impossible de lier les configurations",
 	"unable to daemonize: {{.err}}": "impossible de démoniser : {{.err}}",

translations/ja.json

@@ -861,6 +861,7 @@
 	"config modifies minikube config files using subcommands like \"minikube config set driver kvm2\"\nConfigurable fields: \n\n": "config コマンドは「minikube config set driver kvm2」のようにサブコマンドを使用して、minikube 設定ファイルを編集します。 \n設定可能なフィールド:\n\n",
 	"config view failed": "設定表示が失敗しました",
 	"containers paused status: {{.paused}}": "コンテナー停止状態: {{.paused}}",
+	"dashboard": "",
 	"dashboard service is not running: {{.error}}": "ダッシュボードサービスが実行していません: {{.error}}",
 	"delete ctx": "ctx を削除します",
 	"deleting node": "ノードを削除しています",
@@ -885,6 +886,7 @@
 	"failed to save config": "設定保存に失敗しました",
 	"failed to set extra option": "追加オプションの設定に失敗しました",
 	"failed to start node": "ノード開始に失敗しました",
+	"false": "",
 	"fish completion failed": "fish のコマンド補完に失敗しました",
 	"fish completion.": "fish のコマンド補完です。",
 	"if true, will embed the certs in kubeconfig.": "true の場合、kubeconfig に証明書を埋め込みます。",
@@ -944,6 +946,7 @@
 	"status json failure": "status json に失敗しました",
 	"status text failure": "status text に失敗しました",
 	"too many arguments ({{.ArgCount}}).\nusage: minikube config set PROPERTY_NAME PROPERTY_VALUE": "引数 ({{.ArgCount}} 個) が多すぎます。\n使用法: minikube config set PROPERTY_NAME PROPERTY_VALUE",
+	"true": "",
 	"tunnel creates a route to services deployed with type LoadBalancer and sets their Ingress to their ClusterIP. for a detailed example see https://minikube.sigs.k8s.io/docs/tasks/loadbalancer": "tunnel は LoadBalancer タイプで作成されたサービスへのルートを作成し、Ingress をサービスの ClusterIP に設定します。詳細例は https://minikube.sigs.k8s.io/docs/tasks/loadbalancer を参照してください",
 	"unable to bind flags": "フラグをバインドできません",
 	"unable to daemonize: {{.err}}": "デーモン化できません: {{.err}}",

translations/ko.json

@@ -927,6 +927,7 @@
 	"config view failed": "config view 가 실패하였습니다",
 	"containers paused status: {{.paused}}": "",
 	"creating api client": "api 클라이언트 생성 중",
+	"dashboard": "",
 	"dashboard service is not running: {{.error}}": "대시보드 서비스가 실행 중이지 않습니다: {{.error}}",
 	"delete ctx": "",
 	"deleting node": "",
@@ -952,6 +953,7 @@
 	"failed to save config": "",
 	"failed to set extra option": "",
 	"failed to start node": "",
+	"false": "",
 	"fish completion failed": "",
 	"fish completion.": "",
 	"getting config": "컨피그 조회 중",
@@ -1014,6 +1016,7 @@
 	"status json failure": "",
 	"status text failure": "",
 	"too many arguments ({{.ArgCount}}).\nusage: minikube config set PROPERTY_NAME PROPERTY_VALUE": "",
+	"true": "",
 	"tunnel creates a route to services deployed with type LoadBalancer and sets their Ingress to their ClusterIP. for a detailed example see https://minikube.sigs.k8s.io/docs/tasks/loadbalancer": "",
 	"unable to bind flags": "",
 	"unable to daemonize: {{.err}}": "",
@@ -1035,7 +1038,6 @@
 	"usage: minikube config unset PROPERTY_NAME": "",
 	"usage: minikube delete": "",
 	"usage: minikube profile [MINIKUBE_PROFILE_NAME]": "",
-	"using metrics-server addon, heapster is deprecated": "",
 	"version json failure": "",
 	"version yaml failure": "",
 	"yaml encoding failure": "",

translations/pl.json

@@ -937,6 +937,7 @@
 	"config modifies minikube config files using subcommands like \"minikube config set driver kvm2\"\nConfigurable fields: \n\n": "",
 	"config view failed": "",
 	"containers paused status: {{.paused}}": "",
+	"dashboard": "",
 	"dashboard service is not running: {{.error}}": "",
 	"delete ctx": "",
 	"deleting node": "",
@@ -961,6 +962,7 @@
 	"failed to save config": "",
 	"failed to set extra option": "",
 	"failed to start node": "",
+	"false": "",
 	"fish completion failed": "",
 	"fish completion.": "",
 	"if true, will embed the certs in kubeconfig.": "Jeśli ta opcja będzie miała wartoś true, zakodowane w base64 certyfikaty zostaną osadzone w pliku konfiguracyjnym kubeconfig zamiast ścieżek do plików z certyfikatami",
@@ -1019,6 +1021,7 @@
 	"status json failure": "",
 	"status text failure": "",
 	"too many arguments ({{.ArgCount}}).\nusage: minikube config set PROPERTY_NAME PROPERTY_VALUE": "",
+	"true": "",
 	"tunnel creates a route to services deployed with type LoadBalancer and sets their Ingress to their ClusterIP. for a detailed example see https://minikube.sigs.k8s.io/docs/tasks/loadbalancer": "",
 	"unable to bind flags": "",
 	"unable to daemonize: {{.err}}": "",
@@ -1040,7 +1043,6 @@
 	"usage: minikube config unset PROPERTY_NAME": "użycie: minikube config unset PROPERTY_NAME",
 	"usage: minikube delete": "użycie: minikube delete",
 	"usage: minikube profile [MINIKUBE_PROFILE_NAME]": "użycie: minikube profile [MINIKUBE_PROFILE_NAME]",
-	"using metrics-server addon, heapster is deprecated": "",
 	"version json failure": "",
 	"version yaml failure": "",
 	"yaml encoding failure": "",