feat/security enhancement: Provided OVA Images may include current CVE issues related to "Leaky Vessels"

[PatrickLaabs]

trafficstars

/kind feature

Describe the solution you'd like

• Having a new set of OVA provided images, which one might use to get started, without the need to build their own Kubernetes OVA Images with the Image Builder project.

• A documentation / kind of warning, that the currently provided OVAs may include the CVEs mentioned in the "Leaky Vessels".

[chrischdi]

Regarding the second point:

The docs state:

Note: These OVAs are not updated for security fixes and it is recommended to always use the latest patch version for the Kubernetes version you wish to run. For production-like environments, it is highly recommended to build and use your own custom images.

I filed https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/pull/2746 to fix formatting there for now.

For now the plan is to provide new OVA images when the next k8s minor version is released.

[sbueringer]

/close

see above

[k8s-ci-robot]

@sbueringer: Closing this issue.

In response to this:

/close

see above

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.