fvaleri
commented
8 months ago This is done as part of #9840. Do you see some leftover?
Open ppatierno opened 8 months ago
fvaleri
commented
8 months ago This is done as part of #9840. Do you see some leftover?
ppatierno
commented
8 months ago Nope but there is a work to do in our cekit related files here. It's not related with upstream.
k-wall
commented
2 months ago Looking at the 2.8 branch, we've still got references to stunnel, including the installation on a additional RPM. This will give us a great potential for CVEs. All of these references are to be removed, right?
Should we raise a JIRA to make sure we get this done for 2.8?
grep -ir stunnel .
./kafka/kafka-3.7.0/image.yaml: - stunnel
./kafka/kafka-3.6.0/image.yaml: - stunnel
./kafka/modules/kafka/base/install.sh:mkdir $STUNNEL_HOME
./kafka/modules/kafka/base/install.sh:cp -r ${SCRIPTS_DIR}/stunnel/* ${STUNNEL_HOME}/
./kafka/modules/kafka/base/install.sh:chmod -R 755 ${STUNNEL_HOME}
./kafka/modules/kafka/base/module.yaml: - name: "STUNNEL_HOME"
./kafka/modules/kafka/base/module.yaml: value: "/opt/stunnel"
Because of this PR https://github.com/strimzi/strimzi-kafka-operator/pull/9840 on the upstream Strimzi project, we are removing the support for the Bidirectional Topic Operator so the corresponding TLS sidecar as well. It means that
stunnelis not needed anymore. We should remove any reference and usage tostunnelwithin the Kafka images build for AMQ Streams.