Hello.
I want to ask that it is hard to limit roles because we use it for public cloud. Could you give some experiences for this case.
Thank you.
Nguyen Huu Khoi


On Mon, Jan 30, 2023 at 5:38 AM Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com> wrote:
Thank you for your reply. 
I will test and let you know.
Nguyen Huu Khoi


On Fri, Jan 27, 2023 at 5:16 PM Jake Yip <jake.yip@ardc.edu.au> wrote:
Hi Nguyen,

This is quite an old (2016) CVE, and I see that there have been a patch
for it already.

On why Trust is needed - the Kubernetes cluster needs to have OpenStack
credentials to be able to spin up OpenStack resources like Cinder
Volumes and Octavia Loadbalancers.

You should use [trust]/roles in magnum config to limit the amount of
roles that the trust is created with. Typically only Member is necessary
but this can vary from cloud to cloud, depending on whether your cloud
have custom policies.

Regards,
Jake

On 23/1/2023 1:59 am, Nguyễn Hữu Khôi wrote:
> Hello guys.
> I am going to use Magnum for production but I see that
> https://nvd.nist.gov/vuln/detail/CVE-2016-7404
> <https://nvd.nist.gov/vuln/detail/CVE-2016-7404> if I want to use cinder
> for k8s cluster. Is there any way to fix or minimize this problem?
> Thanks.
> Nguyen Huu Khoi