[Magnum]enable cluster user trust
Jake Yip
jake.yip at ardc.edu.au
Fri Jan 27 10:15:56 UTC 2023
Hi Nguyen,
This is quite an old (2016) CVE, and I see that there have been a patch
for it already.
On why Trust is needed - the Kubernetes cluster needs to have OpenStack
credentials to be able to spin up OpenStack resources like Cinder
Volumes and Octavia Loadbalancers.
You should use [trust]/roles in magnum config to limit the amount of
roles that the trust is created with. Typically only Member is necessary
but this can vary from cloud to cloud, depending on whether your cloud
have custom policies.
Regards,
Jake
On 23/1/2023 1:59 am, Nguyễn Hữu Khôi wrote:
> Hello guys.
> I am going to use Magnum for production but I see that
> https://nvd.nist.gov/vuln/detail/CVE-2016-7404
> <https://nvd.nist.gov/vuln/detail/CVE-2016-7404> if I want to use cinder
> for k8s cluster. Is there any way to fix or minimize this problem?
> Thanks.
> Nguyen Huu Khoi
More information about the openstack-discuss
mailing list