Hey Folks,
Do we have some better solution that I was not aware of at the moment?
---------- Forwarded message ---------
From: Deepika Upadhyay <dupadhya(a)redhat.com>
Date: Tue, Dec 29, 2020 at 11:33 PM
Subject: Re: how to fix ceph vulnerability
To: Minor, Mona <Mona.Minor(a)unisys.com>
Hey Mona,
Thanks for opting for Ceph and your security review could be useful for us
in the future.
We would love to have feedback/feel free to open PR/issue on things you
want to be fixed.
For the time being, I could suggest you to use nautilus stable release,
which is a version older and hence has more stability.
ceph/daemon:latest-nautilus-devel (centos 7.9.2009)
if you want you can
https://github.com/ceph/ceph-container/issues/675#issuecomment-323509081
your own registry with updates you desire. [ Please check license and other
stuff prior although ]
A better place to have more suggestion would be a ceph-devel list for more
suggestions.
Best,
Deepika
On Tue, Dec 29, 2020 at 8:15 PM Minor, Mona <Mona.Minor(a)unisys.com> wrote:
Hi Deepika,
I am working on a project where I need storage for my kubernetes pods.
I am looking to get the storage from ceph cluster.
ceph is very nice tool for completing most of the storage requirements.
but, I am in doubt to proceed ahead as I found that ceph is “vulnerable”.
I tried to setup cluster with cephadm tool as well as ceph-ansible tool
as well. After then that I also tried ceph with rook as well.
the image that’s available on docker hub (ceph/ceph) that doesn’t having
any Dockerfile.
I scanned the ceph:v15.xx image with “trivy”, and its generated report
with some vulnerability (with HIGH , CRITICAL ).
I am interested to get any ceph image that is not vulnerable.
please let me know if any image is available or any process that I have
to follow for getting ceph image that is not vulnerable.
For your reference I have attached generated trivy report for ceph.
Kindly have a look on them
Thank You and Regards,
Mona Minor