Ceph allow_insecure_global_id_reclaim false on bionic causes ceph-fs service not to deploy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubernetes Control Plane Charm |
Triaged
|
High
|
Unassigned |
Bug Description
I have deployed 1.22.4 on bionic with Ceph nautilus for ceph-fs storage. As per CVE-2021-20288 [1] I have set `auth_allow_
unit-kubernetes
It looks like this error comes from `query_
If I set `auth_allow_
Since there is not a way to define which repository the ceph packages come from for kubernetes-master we are unable to resolve the CVE without manual intervention on the k-m nodes.
[1] https:/
[2] https:/
description: | updated |
Changed in charm-kubernetes-master: | |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: sts |
Changed in charm-kubernetes-master: | |
importance: | Medium → High |
This does look like there is a general requirement for Kubernetes charms being able to specify the cloud-archive ceph packages that will be used in order to match the ceph cluster version
Kubernetes charm may need to add a "source" option to specify the ceph package that should be installed.