https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# neuvector-security
a
This message was deleted.
i
The way I install the patch in rancher is as follows: I update the installed neuvector app using the rancher GUI, setting the image tag to 5.2.4-s1. But the image is not found.
q
There’s often a delta between the source being released and the images being built from said source.
i
Yes, but it is a security patch of a security tool, and one might think it should be distributed more rapidly. Also the container image was published a day later in docker neuvector/controller but one week later it is still not in rancher/mirrord-neuvector-controller. I do not know why there are two docker repos, perhaps because neuvector is now part of SuSE, but if there is a technical reason for having two (quality control or supply chain security), it would be nice to know.
q
100%
The delays one sees in Rancher catalog entries indeed is driven by quality control for Rancher. In any case where a user desires to install an application (stack) that’s not yet in the Rancher catalog can indeed choose to do so manually.
In this particular case, nudging the tag in the Neuvector chart should work quite fine.
TBF, I personally concur with your frustration about the gap between the release on GitHub and the images being built and posted to Docker Hub. While one could argue that the images could be built from the public repo, most of us have a workflow that utilizes the prebuilt images. For what it’s worth, this particular gap seems well out of the norm, but I have shared feedback with engineering.
i
Thanks for clarification. For now, I think I will switch to neuvector/controller
q
Note from Eng
Copy code
The source code tag is always created first, then the build it created based on the tag. In the past, the GA tag normally will pass all the tests, still the test will take a few days.
i
Yes, this is what seems to happen when a version is released in github, then it is pushed to neuvector/* in docker hub within days, including the release notes in the online manual. The rancher/mirrored-neuvector-, however, seems to be independent of that. It still has no 5.2.4-s1 release. In the meantime I moved to neuvector/ repos running 5.2.4-s1.
q
…and 5.3 should be out soon.
i
Good to know, thanks! I will try it. Perhaps it also solves some issues I found recently.
q
It looks to be stuffed with a lot of updates and fixes.
there’s a 5.3.0-b2 image in docker hub that I tossed in a test cluster to mess around with.
(it’s still far from the final release, that I can tell)
i
I do not have a test cluster for testing really, everything here is production, be it dev, test or prod 😉 But I will run the released version asap in dev, then test and prod. Also, my proplems only show in prod, because there is enough traffic going on.
q
Are you a “customer” such that you can open tickets? 😉
i
Not yet, but I am working on that because I think it is worth it (already had some chat with pre-sales). Only a question of time. However, I consider it good practice to submit bug reports on github. I do that in all open source projects.
🏆 1
6 Views
Open in Slack
PreviousNext
Powered by