Re: how to fix ceph vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey Folks,

Do we have some better solution that I was not aware of at the moment?

---------- Forwarded message ---------
From: Deepika Upadhyay <dupadhya@xxxxxxxxxx>
Date: Tue, Dec 29, 2020 at 11:33 PM
Subject: Re: how to fix ceph vulnerability
To: Minor, Mona <Mona.Minor@xxxxxxxxxx>


Hey Mona,

Thanks for opting for Ceph and your security review could be useful for us in the future. 

We would love to have feedback/feel free to open PR/issue on things you want to be fixed. 
For the time being, I could suggest you to use nautilus stable release, which is a version older and hence has more stability.

ceph/daemon:latest-nautilus-devel (centos 7.9.2009)

if you want you can https://github.com/ceph/ceph-container/issues/675#issuecomment-323509081 your own registry with updates you desire. [ Please check license and other stuff prior although ]

A better place to have more suggestion would be a ceph-devel list for more suggestions.

Best,
Deepika

On Tue, Dec 29, 2020 at 8:15 PM Minor, Mona <Mona.Minor@xxxxxxxxxx> wrote:

Hi Deepika,

I am working on a project where I need storage for my kubernetes pods.
I am looking to get the storage from ceph cluster.
ceph is very nice tool for completing most of the storage requirements.

but, I am in doubt to proceed ahead as I found that ceph is “vulnerable”.
I tried to setup cluster with cephadm tool as well as ceph-ansible tool as well. After then that I also tried ceph with rook as well.
the image that’s available on docker hub (ceph/ceph) that doesn’t having any Dockerfile.
I scanned the ceph:v15.xx image with “trivy”, and its generated report with some vulnerability (with HIGH , CRITICAL ).

I am interested to get any ceph image that is not vulnerable.
please let me know if any image is available or any process that I have to follow for getting ceph image that is not vulnerable.

For your reference I have attached generated trivy report for ceph. Kindly have a look on them

Thank You and Regards,

Mona Minor

 

_______________________________________________
Dev mailing list -- dev@xxxxxxx
To unsubscribe send an email to dev-leave@xxxxxxx
[Index of Archives]     [CEPH Users]     [Ceph Devel]     [Ceph Large]     [Information on CEPH]     [Linux BTRFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]
  Powered by Linux