This project contains Ansible code that creates a baseline in an existing Kubernetes environment for use with the SAS Viya Platform, generates the manifest for an order, and then can also deploy that order into the Kubernetes environment specified.
Updates required to remediate critical security vulnerabilities
move kubectl to version 1.25.9 to remediate critical CVE
move helm to version 3.11.3 to remediate critical CVE
removed vulnerable and unused binaries git-lfs and helm-diff
Use apt-get clean and remove apt lists/* on RUN commands to trim image size
Use pip cache purge following pip install to trim image size
qualify apt-get install commands with --no-install-recommends to prevent unwanted/unknown installs
remove unused infinidat and netbox ansible collections to remediate critical CVEs
removed ssh host keys in /etc/ssh flagged as sensitive data
Tests
Aqua scan of docker image built using the changes below was marked compliant with no Critical CVEs or sensitive data present. See internal ticket for added detail.
Changes
Updates required to remediate critical security vulnerabilities
Tests
Aqua scan of docker image built using the changes below was marked compliant with no Critical CVEs or sensitive data present. See internal ticket for added detail.