Unnecessary conditional preventing the application of CVE-2021-25742 mitigation to older versions of ingress-nginx

[AWSmith0216]

Viya4 Deployment Version Details

7.2.0

Ansible Variable File Details

INGRESS_NGINX_CHART_VERSION: 4.11.4

Steps to Reproduce

I was attempting to stage an older Kubernetes cluster (i.e. 1.27) and saw that the mitigation for CVE-2021-25742 was not applied. It would seem that the following conditional is preventing its application:

viya4-deployment/roles/baseline/tasks/ingress-nginx.yaml

Line 81 in 4a59ffb

- cluster_info.version.server.kubernetes.minor is version(ingressVersions.k8sMinorVersion.value, 'ge')

Since the current ingressVersions.k8sMinorVersion.value is 28, it seems to be getting skipped for older clusters. However, according to the SAS documentation for all currently supported cadences, this mitigation is required. Given that, I don't believe this particular conditional provides any value, and that simply removing the entire line would yield the desired behavior.

Expected Behavior

ConfigMap updates are applied

Actual Behavior

ConfigMap updates were not applied

Additional Context

No response

References

No response

Code of Conduct

• I agree to follow this project's Code of Conduct