Protected: CVE-2025-1974 – Patch for: Critical Ingress NGINX Controller vulnerabilities
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
Prerequisites The following article was written with Bright Cluster Manager version 10 (10.23.09 or newer) in mind. We assume we have shared storage available as a mount in /cm/shared, we will create a target directory there for our Etcd backups. The backup part of this KB article (Section 2) is…
A security issue has been found in nvidia-container-toolkit. Since the NVIDIA GPU Operator has the ability to take care of installing this toolkit on the Kubernetes hosts that require this provisioning for proper integration of GPUs with Kubernetes, this security issue might affect the GPU operator as well. This feature…
A security issue has been found in nvidia-container-toolkit. All nodes that have this package installed need to have the package updated. On BCM clusters, the package can be either called cm-nvidia-container-toolkit or nvidia-container-toolkit. The (cm-)nvidia-container-toolkit packages must be updated on the head nodes and in all relevant software images. 1….
In BCM 9.2 (and also earlier versions) we depended on the Pod Security Policies (PSP) feature of Kubernetes in order to restrict user privileges. PSP provided a way to block host system mounts from arbitrary directories, running privileged containers, and so on. However in Kubernetes 1.21 PSP was deprecated, and…
1. Prerequisites and Requirements We will setup the following: Kubernetes version: v1.30.5 Base Command Manager (BCM) version: 10.24.09 On Linux OS: Ubuntu 22.04, Ubuntu 24.04, Rocky Linux 9u3 or RHEL 9u3. On an air-gapped cluster (no internet access at all) The first instructions are to be executed on a host with…
1. Prerequisites and Requirements We will setup the following: Kubernetes version: v1.29.6 Base Command Manager (BCM) version: 10.24.07 On Linux OS: Ubuntu 22.04. On an air-gapped cluster (no internet access at all) Head Nodes cannot be selected as Kubernetes nodes at the time of writing. The first instructions are to…
Prerequisites This article is written with Bright Cluster Manager 9.2 in mind, where Kubernetes is currently deployed with the default version 1.24.9 using containerd as its container runtime. The instructions are written with RHEL 8 and Ubuntu 20.04 in mind. These instructions have been run in dev environments a couple…
0. Prerequisites This KB article assumes a Rocky9 cluster and NVIDIA cluster manager version 9.2. This KB article assumes a Kubernetes installation already present (based on Calico or Flannel) The Kubernetes setup wizard does currently not support Cilium. If support is added we will update this KB article accordingly. 1….
1. Prerequisites This article is written with Bright Cluster Manager 9.1 in mind, where Kubernetes is currently deployed with the default version 1.18.15. The instructions are written with RHEL 8 and Ubuntu 20.04 in mind. These instructions have been executed in production environments a couple of times, all caveats should…