Hello. I want to ask that it is hard to limit roles because we use it for public cloud. Could you give some experiences for this case. Thank you. Nguyen Huu Khoi On Mon, Jan 30, 2023 at 5:38 AM Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com> wrote:
Thank you for your reply. I will test and let you know. Nguyen Huu Khoi
On Fri, Jan 27, 2023 at 5:16 PM Jake Yip <jake.yip@ardc.edu.au> wrote:
Hi Nguyen,
This is quite an old (2016) CVE, and I see that there have been a patch for it already.
On why Trust is needed - the Kubernetes cluster needs to have OpenStack credentials to be able to spin up OpenStack resources like Cinder Volumes and Octavia Loadbalancers.
You should use [trust]/roles in magnum config to limit the amount of roles that the trust is created with. Typically only Member is necessary but this can vary from cloud to cloud, depending on whether your cloud have custom policies.
Regards, Jake
On 23/1/2023 1:59 am, Nguyễn Hữu Khôi wrote:
Hello guys. I am going to use Magnum for production but I see that https://nvd.nist.gov/vuln/detail/CVE-2016-7404 <https://nvd.nist.gov/vuln/detail/CVE-2016-7404> if I want to use cinder for k8s cluster. Is there any way to fix or minimize this problem? Thanks. Nguyen Huu Khoi