How to resolve OKD vulnerabilities? #2065
-
|
Hi, I wanted to install "Red Hat Quay Container Security Operator" and "Compliance Operator" but from the discussion #2046 I found that it's not possible to do that in OKD. I wanted to have a system to monitor and scan containers as well as nodes for any vulnerabilities. I found and installed neuvector operator which seems to work nicely. It shows a number of node-level vulnerabilities (basically package updates). My question is, do I need to wait for a minor update to OKD 4.15 for these to resolve or can I somehow resolve these myself? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Hey, thanks for getting in touch. Node package updates would generally be applied as part of an overall cluster update, as the Node OS state is part of an OKD release payload. We are about to release 4.16/4.17 that contain more updated OS images which should quell most vulnerable packages. If you need critical security fixes, you could manually layer them on top of the node OS. Here are the docs for that. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @GingerGeek, thanks for responding to this and the very helpful link. I guess I'll wait for the updates to be released. I'm assuming the updates would show up on the Thanks |
Beta Was this translation helpful? Give feedback.
Hey, thanks for getting in touch.
Node package updates would generally be applied as part of an overall cluster update, as the Node OS state is part of an OKD release payload.
We are about to release 4.16/4.17 that contain more updated OS images which should quell most vulnerable packages.
If you need critical security fixes, you could manually layer them on top of the node OS. Here are the docs for that.