Task weight: 2%
(can be solved in any kubectl context)
The Vulnerability Scanner trivy is installed on your main terminal. Use it to scan the following images for known CVEs:
- nginx:1.16.1-alpine
- k8s.gcr.io/kube-apiserver:v1.18.0
- k8s.gcr.io/kube-controller-manager:v1.18.0
- docker.io/weaveworks/weave-kube:2.7.0
Write all images that don't contain the vulnerabilities CVE-2020-10878 or CVE-2020-1967 into /opt/course/21/good-images.
译文
任务权重:2
(可以在任何kubectl环境下解决)
漏洞扫描器 trivy 被安装在你的主终端上。用它来扫描以下镜像中的已知CVEs。
- nginx:1.16.1-alpine
- k8s.gcr.io/kube-apiserver:v1.18.0
- k8s.gcr.io/kube-controller-manager:v1.18.0
- docker.io/weaveworks/weave-kube:2.7.0
将所有不包含 CVE-2020-10878 或 CVE-2020-1967 漏洞的图像写入 /opt/course/21/good-images 中。
解答
通过脚本批量实现
vim images.txt
nginx:1.16.1-alpine
k8s.gcr.io/kube-apiserver:v1.18.0
k8s.gcr.io/kube-controller-manager:v1.18.0
docker.io/weaveworks/weave-kube:2.7.0
for i in `cat images.txt`; do echo $i ;trivy image $i | grep -iE 'CVE-2020-10878|CVE-2020-1967' ; echo ; done
没有漏洞的镜像写入文件 /opt/course/21/good-images
# /opt/course/21/good-images
docker.io/weaveworks/weave-kube:2.7.0