On December 3 2018, the Kubernetes project disclosed a security vulnerability in all versions of its popular container orchestration software. The vulnerability, CVE-2018-1002105, exists in the Kubernetes API server, and allows an attacker to send arbitrary requests to backend cluster services, such as kubelets. The flaw effectively allows any user to gain full administrator privileges on any compute node in the cluster. Worse still, it is nearly impossible to detect whether the security hole has been exploited.
Patches have been released to fix the security flaw in all supported versions of Kubernetes, and are available in versions 1.10.11, 1.11.5, and 1.12.3. Although some non-upgrade mitigations are possible, they are likely to be disruptive, and the Kubernetes team strongly recommends upgrading to one of the patched versions listed above.
For users of the Charmed Distribution of Kubernetes (CDK), updating to the patched versions requires no manual intervention. As of December 4 2018 in the morning, CDK clusters running any supported version (1.10.x, 1.11.x, 1.12.x) will begin to receive and apply the patches automatically, thanks to the auto-updating nature of snap packages. For CDK users running versions older than 1.10, Canonical recommends upgrading to a supported version as soon as possible.
Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.
As 14.04 reaches the end of its five-year, Standard Security Maintenance, LTS window in April 2019, support for the OS is transitioning into a new phase – Extended Security Maintenance (ESM).
Kubernetes, the flexible software that coordinates containers, runs on a range of platforms, from public to private cloud, data centers, bare metal and virtualised infrastructure, and requires a number of considerations for design and…
February 28, 2019 – Canonical today announced support for containerd in its 1.14 releases of Charmed Kubernetes and Microk8s, improving security and robustness. “Containerd has become the industry-standard container runtime focused on…