Critical Vulnerability to be Fixed in Kubernetes 1.13

Issue allowed to get full control over the cluster of containers
06 December 2018   827

Kubernetes 1.13 released, in which developers have eliminated the vulnerability of the illegal privilege escalation. The bug allowed to get full control over the cluster of containers.

To exploit the breach, it was necessary to send a specially designed discovery request to the backend API, which left the network connection open. This allowed access to the API server and send arbitrary commands to it. At the same time, the backend perceived requests as being sent by the server.

In addition, all Kubernetes users, including those who failed to authenticate, could use this flaw. As it turned out, the problem "stretches" from version 1.0.

To fix it, you need to update Kubernetes to versions 1.10.11, 1.11.5, 1.12.3 and 1.13.0 or at least block anonymous access to the API using the option --anonymous-auth = false, and also revoke the rights to perform exec operations / attach / portforward.

New Kubernates 1.13 features:

  • The Container Storage interface has been stabilized to create plug-ins for various storage systems. The developers also stabilized a simplified interface for managing the Kubernetes cluster.
  • TAVS container distribution planner, as well as the Kubelet Device Plugin Registration service, which provides access to the Kubelet from plug-ins.
  • An experimental interface for creating plug-ins has been added, which allows integrating third-party monitoring systems into Kubernetes.
  • The status of beta versions was obtained by APIServer DryRun, the Kubectl Diff team and the ability to use local block devices as permanent data stores.
  • The default CoreDNS DNS server is now used.

 

Mirantis to Acquire Docker Enterprise Platform

After the sale of the enterprise part, Docker Inc will continue to exist in the form of an independent company and will be focused around the Docker Hub
14 November 2019   323

Mirantis, an OpenStack and Kubernetes-based cloud solution, has bought part of the Docker Enterprise platform business from Docker Inc (a commercial version of the enterprise toolkit and Docker engine, which also includes the Docker Enterprise Container Engine, Docker Trusted Registry, and Docker Universal Control Plane). After the sepation of the business, Docker Inc will continue to exist in the form of an independent company and will focus its activities around the Docker Hub catalog and the integrated development environment for microservices and Docker Desktop applications launched in containers.

Financial terms of the transaction were not disclosed. The team of developers, managers and support specialists who developed the Docker Enterprise platform will move to Mirantis. Mirantis will also receive contracts with 750 customers. The development of the open-source Docker project will continue with the participation of both companies, who together will continue to work on the Docker core and will ensure compatibility and portability in their products.