Language Selection

English French German Italian Portuguese Spanish

Kubernetes and Containers Leftovers

Filed under
Server
OSS
Security
  • Production-Ready Kubernetes Cluster Creation with kubeadm

    kubeadm is a tool that enables Kubernetes administrators to quickly and easily bootstrap minimum viable clusters that are fully compliant with Certified Kubernetes guidelines. It’s been under active development by SIG Cluster Lifecycle since 2016 and we’re excited to announce that it has now graduated from beta to stable and generally available (GA)!

    This GA release of kubeadm is an important event in the progression of the Kubernetes ecosystem, bringing stability to an area where stability is paramount.

    The goal of kubeadm is to provide a foundational implementation for Kubernetes cluster setup and administration. kubeadm ships with best-practice defaults but can also be customized to support other ecosystem requirements or vendor-specific approaches. kubeadm is designed to be easy to integrate into larger deployment systems and tools.

  • Docker Looks to Improve Container Development With Enterprise Desktop

    Docker CEO Steve Singh kicked off DockerCon Europe 2018 here with a bold statement: Companies need to transform, or risk becoming irrelevant.

    According to Singh, Docker is a key tool for enabling organizations to transform their businesses. To date for enterprises, the core Docker Enterprise Platform has been largely focused on operations and deployment, with the community Docker Desktop project available for developers to build applications. That's now changing with the announcement at DockerCon Europe of the new Docker Desktop Enterprise, adding new commercially supported developer capabilities to help corporate developers fully benefit from Docker.

    "Our commitment is to provide a development experience that makes it easy to build applications with one platform, upon which you can build, ship and run any application on any infrastructure," Singh said.

  • Canonical publishes auto-apply vulnerability patch for Kubernetes
  • Critical Kubernetes privilege escalation disclosed

    A critical flaw in the Kubernetes container orchestration system has been announced. It will allow any user to compromise a Kubernetes cluster by way of exploiting any aggregated API server that is deployed for it. This affects all Kubernetes versions 1.0 to 1.12, but is only fixed in the supported versions (in 1.10.11, 1.11.5, and 1.12.3)

Why Docker Swarm Remains Important

  • Why Docker Swarm Remains Important

    Docker Swarm remains a core element of Docker Inc's plans and that's not going to change anytime soon. That's the strong message coming from Docker CEO Steve Singh, during a briefing with press and analysts at the Dockercon Europe 2018 event here.

    A year ago, in October 2017 at the last Dockercon Europe event, Docker announced that it would be support the erstwhile rival Kubernetes container orchestration system. At the time, Docker's management committed to continuing to support Swarm and now a year later, they are still on that same path. Docker has been developing its own Swarm system since December 2014.

    "We have many clients that continue to run Docker Swarm in production," Singh said. "Swarm continues to be a very well adopted container orchestration tool, in large part, honestly because it's ridiculously simple to use."

By Steven J. Vaughan-Nichols

  • ​Kubernetes' first major security hole discovered

    Kubernetes has become the most popular cloud container orchestration system by far, so it was only a matter of time until its first major security hole was discovered. And the bug, CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It's a CVSS 9.8 critical security hole.

    With a specially crafted network request, any user can establish a connection through the Kubernetes application programming interface (API) server to a backend server. Once established, an attacker can send arbitrary requests over the network connection directly to that backend. Adding insult to injury, these requests are authenticated with the Kubernetes API server's Transport Layer Security (TLS) credentials.

Critical Kubernetes Bug

  • Kubernetes Discloses Major Security Flaw

    Kubernetes disclosed a critical security flaw — the container orchestration tool’s first major vulnerability to date — and released Kubernetes 1.13.

    But first: the security flaw. It affects all Kubernetes-based products and services, and it gives hackers full administrative privileges on any compute node being run in a Kubernetes cluster.

    As Red Hat’s Ashesh Badani wrote, “This is a big deal. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”

  • Critical Kubernetes Bug Gives Anyone Full Admin Privileges [Ed: No, not everyone. Only those who already have access to that particular system.]

What does the Kubernetes privilege escalation flaw mean

Article by Lucian Constantin

  • Critical Vulnerability Allows Kubernetes Node Hacking

    Kubernetes has received fixes for one of the most serious vulnerabilities ever found in the project to date. If left unpatched, the flaw could allow attackers to take over entire compute nodes.

    “With a specially crafted request, users that are allowed to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection,” the Kubernetes developers said in an advisory.

More on Kubernetes Security Flaw

  • Before Patched, Kubernetes Security Flaw Spread to OpenShift

    A security flaw discovered in the de facto standard Kubernetes cloud container orchestrator allowed unauthorized users access to Kubernetes clusters and the data they contain.

    The “privilege escalation vulnerability” announced Monday (Dec. 3) by developers affects versions 1.0 and higher of the Kubernetes orchestrator along with Red Hat OpenShift container platform. Red Hat rated the vulnerability as “critical,” denoting its potential impact on production operations.

  • Upgrades Recommended To Address Critical Kubernetes Flaws

    The flaws are associated with privilege "abuse," but there's also a problem with being able to exploit calls to Kubernetes API servers. Default Kubernetes configurations permit "all users (authenticated and unauthenticated)" to make such API server calls, according to the announcement, so it's a wide-open issue. Attacks can get initiated by a "specially crafted request" sent to the back end server, according to the Kubernetes announcement, which omitted the details.

Kubernetes hit by major security flaw

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Try the Dash to Dock extension for Fedora Workstation

The default desktop of Fedora Workstation — GNOME Shell — is known and loved by many users for its minimal, clutter-free user interface. However, one thing that many users want is an always-visible view of open applications. One simple and effective way to get this is with the awesome Dash to Dock GNOME Shell extension. Dash to Dock takes the dock that is visible in the GNOME Shell Overview, and places it on the main desktop. This provides a view of open applications at a glance, and provides a quick way to switch windows using the mouse. Additionally, Dash to Dock adds a plethora of additional features and options over the built-in Overview dock, including autohide, panel mode, and window previews. Read more

Android Leftovers

Snake your way across your Linux terminal

Welcome back to the Linux command-line toys advent calendar. If this is your first visit to the series, you might be asking yourself what a command-line toy even is. It's hard to say exactly, but my definition is anything that helps you have fun at the terminal. We've been on a roll with games over the weekend, and it was fun, so let's look at one more game today, Snake! Snake is an oldie but goodie; versions of it have been around seemingly forever. The first version I remember playing was one called Nibbles that came packaged with QBasic in the 1990s, and was probably pretty important to my understanding of what a programming language even was. Here I had the source code to a game that I could modify and just see what happens, and maybe learn something about what all of those funny little words that made up a programming language were all about. Read more

Growing Your Small Business With An Affordable OS

Your small business needs to grow, there's no doubt about that. Expansion is the name of the game when you have a one or two man company, and you're going to want to bring on at least 20 or more people to really get the cogs grinding. And if you're working on a digital interface, slowly phasing pen and paper out of the office you operate in, you're going to need plenty of people around to oil the engine and keep the tech in a usable state. Because of this, technology helps your small business grow, and can do quite a few wonders for the time and effort you invested into it. Even if you're working on a minimal budget, there's quite a few option to look into to make sure you've got just as much of a chance as the shop next door to you that seems to have a never ending stream of customers. After all, you've got to get your internal processes working perfectly first, and with a bit of technological aid, you might manage that faster than you first thought. Read more