Is loki-stack deprecated? #3300
Comments
|
Following #3149 (comment) this is the case. |
|
So it would be great to follow best practice an update the chart then? |
|
I highly recommend you not to use this chart, its very old and makes your cluster vulnerable to attacks if you don't add Ingress whitelist blocks for grafana itself to your specific IP. Maybe someone should do a pull request to remove the chart completely |
|
@OliverStutz would you elaborate please? |
|
@erkules well, you patch your windows, linux OS versions hopefully at least weekly. This is unpatched since march and its super dangerous to use this in production, even in development environments. This helm chart is a ticking timebomb for your safety. I understand that you want it patched but for myself i consider a chart which is 6 month old , too old. |
|
Elaborate about ingress, grafana and whitelisting and the kind of attackvector please. |
|
@erkules put your grafana dashboard behind an ingress and safeguard it by only allowing certain ips. you can use the following under the ingress annotation to protect it and only allow certain ranges to access. Looking at the vulnerability scanner, there are so many attack vectors which are possible, looking at the amount of outdated images it would not be a huge effort to rebuild those versions and push new images i recon, that there are still Issues detected on that image from 2022 is frightening; CVE-2022-32207 for curl/7.79.1-r1 (alpine) |
I wonder if loki-stack is depreacated or lacks maintenance?
Why I'm asking;
When deprecated it would be nice to add
deprecated: trueto the Chart.yamlIf it lacks maintenance we should just update it.
The text was updated successfully, but these errors were encountered: