-
Problem report
-
Resolution: Fixed
-
Trivial
-
None
-
None
-
Sprint 101 (Jun 2023)
-
0.25
Zabbix's helm charts have a hardcoded dependency on kube-state-metrics 2.2.0 (chart version 3.5.*), which was built on 8/24/2021. It is currently being flagged with 25 OS vulnerabilities by my employer's vulnerability scanning software.
The 3.5 version series of the kube-state-metrics helm chart does not appear to be receiving further updates and the dependency needs to be updated on the Zabbix side. Please certify a newer version of the kube-state-metrics for usage with the Zabbix helm chart.
Here is the dependency as is it is recorded in https://git.zabbix.com/projects/ZT/repos/kubernetes-helm/browse/Chart.yaml:
- name: kube-state-metrics
version: "3.5.*"
repository: https://prometheus-community.github.io/helm-charts
condition: kubeStateMetrics.enabled
Please note that this 3.5.* dependency appears in several branches of the Zabbix git repo (master, 6.4, 6.2, 6.0), as well as Zabbix's [individually versioned helm repos|https://cdn.zabbix.com/zabbix/integrations/kubernetes-helm/.] All of these will need to be updated.