Open max-allan opened 1 month ago
From the helm values file:
repository: "kubesphere/fluentd" tag: "v1.15.3"
That image has (according to Grype) a lot of vulnerabilities:
3 critical, 5 high, 22 medium, 1 low, 0 negligible
Also, fluentd 1.15.3 is EOL.
https://github.com/fluent/fluentd/blob/master/SECURITY.md
Can we update the image to 1.16 or 1.17? Will the operator work with newer versions?
Anywhere that image is referenced will need updating, not just that location in the chart.
In addition, fluent-bit 2.2.2 is EOL in a few weeks time.
See the values file
Current/supported versions of fluentd and fluent-bit are used by default.
- Fluent Operator version: 2.8.0 - Container Runtime: any - Operating system: any - Kernel version: any
Helm
No response
@max-allan Good point, we do need hands to upgrade and test new version of fluentd and fluentbit
Describe the issue
From the helm values file:
That image has (according to Grype) a lot of vulnerabilities:
Also, fluentd 1.15.3 is EOL.
https://github.com/fluent/fluentd/blob/master/SECURITY.md
Can we update the image to 1.16 or 1.17? Will the operator work with newer versions?
Anywhere that image is referenced will need updating, not just that location in the chart.
In addition, fluent-bit 2.2.2 is EOL in a few weeks time.
To Reproduce
See the values file
Expected behavior
Current/supported versions of fluentd and fluent-bit are used by default.
Your Environment
How did you install fluent operator?
Helm
Additional context
No response