Open Stack

Hello.
I want to ask that it is hard to limit roles because we use it for public
cloud. Could you give some experiences for this case.
Thank you.
Nguyen Huu Khoi


On Mon, Jan 30, 2023 at 5:38 AM Nguyễn Hữu Khôi <nguyenhuukhoinw at gmail.com>
wrote:

> Thank you for your reply.
> I will test and let you know.
> Nguyen Huu Khoi
>
>
> On Fri, Jan 27, 2023 at 5:16 PM Jake Yip <jake.yip at ardc.edu.au> wrote:
>
>> Hi Nguyen,
>>
>> This is quite an old (2016) CVE, and I see that there have been a patch
>> for it already.
>>
>> On why Trust is needed - the Kubernetes cluster needs to have OpenStack
>> credentials to be able to spin up OpenStack resources like Cinder
>> Volumes and Octavia Loadbalancers.
>>
>> You should use [trust]/roles in magnum config to limit the amount of
>> roles that the trust is created with. Typically only Member is necessary
>> but this can vary from cloud to cloud, depending on whether your cloud
>> have custom policies.
>>
>> Regards,
>> Jake
>>
>> On 23/1/2023 1:59 am, Nguyễn Hữu Khôi wrote:
>> > Hello guys.
>> > I am going to use Magnum for production but I see that
>> > https://nvd.nist.gov/vuln/detail/CVE-2016-7404
>> > <https://nvd.nist.gov/vuln/detail/CVE-2016-7404> if I want to use
>> cinder
>> > for k8s cluster. Is there any way to fix or minimize this problem?
>> > Thanks.
>> > Nguyen Huu Khoi
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230216/cf9a13a2/attachment-0001.htm>