Hi Nguyen, This is quite an old (2016) CVE, and I see that there have been a patch for it already. On why Trust is needed - the Kubernetes cluster needs to have OpenStack credentials to be able to spin up OpenStack resources like Cinder Volumes and Octavia Loadbalancers. You should use [trust]/roles in magnum config to limit the amount of roles that the trust is created with. Typically only Member is necessary but this can vary from cloud to cloud, depending on whether your cloud have custom policies. Regards, Jake On 23/1/2023 1:59 am, Nguyễn Hữu Khôi wrote:
Hello guys. I am going to use Magnum for production but I see that https://nvd.nist.gov/vuln/detail/CVE-2016-7404 <https://nvd.nist.gov/vuln/detail/CVE-2016-7404> if I want to use cinder for k8s cluster. Is there any way to fix or minimize this problem? Thanks. Nguyen Huu Khoi