Few components like cstor-volume-manager and cstor-csi-plugin seem to be using ubuntu:16.04 as base image. According to below document, ubuntu 16.04 has reached it's EOL-
https://wiki.ubuntu.com/Releases
Update the base images
https://github.com/openebs/cstor-operators/blob/master/build/volume-manager/Dockerfile#L17
https://github.com/openebs/cstor-csi/blob/master/buildscripts/cstor-csi-driver/Dockerfile#L16
+1 since we are evaluating openebs as well.
can we use debian images instead of ubuntu?
We are in the process of upgrading the images to latest ubuntu as part of 2.9.
Will follow-up on this issue with the status after the next community sync-up with the contributors.
@kmova these are EOL images, would produce N number of un-patchable vulnerabilities, would it be possible to have the fix made available ASAP? may be backported to 2.8 as well. Just a request.
@kmova are there any updates, when can we expect the new images? We cannot use vulnerable images.
Requesting to expedite.
The following images are available now @abhiTamrakar. The 2.9.0 images will be generated on 15th.
โ openebs/linux-utils:2.9.0-RC2
โ openebs/cstor-pool:2.9.0-RC2
โ openebs/cstor-istgt:2.9.0-RC2
โ openebs/jiva:2.9.0-RC2
โ openebs/m-apiserver:2.9.0-RC2
โ openebs/cstor-pool-mgmt:2.9.0-RC2
โ openebs/cstor-volume-mgmt:2.9.0-RC2
โ openebs/m-exporter:2.9.0-RC2
โ openebs/m-upgrade:2.9.0-RC2
โ openebs/admission-server:2.9.0-RC2
โ openebs/openebs-k8s-provisioner:2.9.0-RC2
โ openebs/snapshot-controller:2.9.0-RC2
โ openebs/snapshot-provisioner:2.9.0-RC2
โ openebs/velero-plugin:2.9.0-RC2
โ openebs/provisioner-localpv:2.9.0-RC2
โ openebs/cstor-csi-driver:2.9.0-RC2
โ openebs/cvc-operator:2.9.0-RC2
โ openebs/cspc-operator:2.9.0-RC2
โ openebs/cstor-volume-manager:2.9.0-RC2
โ openebs/cstor-pool-manager:2.9.0-RC2
โ openebs/cstor-webhook:2.9.0-RC2
โ openebs/upgrade:2.9.0-RC2
โ openebs/migrate:2.9.0-RC2
โ openebs/jiva-operator:2.9.0-RC2
โ openebs/zfs-driver:1.7.0-RC2
โ openebs/node-disk-manager:1.4.1-RC2
โ openebs/node-disk-operator:1.4.1-RC2
โ openebs/node-disk-exporter:1.4.1-RC2
โ openebs/lvm-driver:0.5.0-RC2
Most helpful comment
@kmova these are EOL images, would produce N number of un-patchable vulnerabilities, would it be possible to have the fix made available ASAP? may be backported to 2.8 as well. Just a request.