Replies: 1 comment
-
Our build of metrics-server pulls directly from upstream. Any version bumps would need to be done in the upstream project. Can you share more info on what specifically your scanner is showing? The most recent build of hardened-k8s-metrics-server is https://github.com/rancher/image-build-k8s-metrics-server/releases/tag/v0.6.3-build20231009 which uses the following prometheus versions: v0.7.0 appears to have updated that already; that will be picked up next time we bump metrics-server. Note that these are just the standard client libs for exposing metrics, if your scanner is suggesting that there is a whole Prometheus server instance in this image, then it is giving you bad results. |
Beta Was this translation helpful? Give feedback.
-
Hey all, we got quite some EOL notifications in our clusters from various sec-scanners that we get Prometheus 2.5.0 into our project because of the hardened metrics server from rancher... could someone give me some pointers on where to either contribute or raise issues to get the included prometheus versions bumped?
With KR
Adrian
Beta Was this translation helpful? Give feedback.
All reactions