I have configured kafka using strimzi operator with 3 replicas in bare metal server .Everything is working fine(producer and consumer).My client is asking that Kafka images with 0 vulnerablities .when i scan images using trivy it is reporting some vulnerabilities which is listed below quay.io/strimzi/kafka:0.32.0-kafka-3.3.1
Total: 130 (UNKNOWN: 0, LOW: 58, MEDIUM: 68, HIGH: 1, CRITICAL: 3)
quay.io/strimzi/operator:0.32.0
Total: 96 (UNKNOWN: 0, LOW: 47, MEDIUM: 45, HIGH: 1, CRITICAL: 3)
Can anyone help me to solve this issue ?
I deployed kafka in bare metal server (1 master node and 2 worker node) using the following commands kubectl create -f 'https://strimzi.io/install/latest?namespace=kafka' -n kafka After that i applied manifest file with 3 replicas .Everything is workig fine(producer is producing message and consumer is consuming message).
Kafka itself has known vulnerabilities, and it's not Strimzi team responsibility to fix them. You won't find an image with zero vulnerabilities, and if you did, might not be very long after you deploy it until there is a vulnerability. Kubernetes itself unlikely has zero vulnerabilities...
Create, or search and watch a Kafka JIRA ticket for vulnerabilities. Contribute a fix if you want.
For the Strimzi Operator itself, file issues at https://github.com/strimzi/strimzi-kafka-operator/issues