The latest security vulnerability discovered within the Kubernetes cluster orchestrator could allow intruders to access, modify or delete computing and storage resources configured across a cluster. The flaw in the Kubernetes server API, designated CVE-2019-11247, allows access and deletion of those “custom resources.” Intruders could access cluster-wide resources with only standard role-based access control, or RBAC, permissions. In response, Kubernetes security monitors who announced the vulnerability earlier this week pushed patch releases for the 1.13.9,1.14.5 and 1.15.2 versions of Kubernetes. This week’s security vulnerability is the latest to plague the popular cluster orchestrator that is gaining widespread enterprise deployment for handling growing volumes of distributed applications. In the latest instance, Kubernetes security monitors said “a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges).” Previous releases of Kubernetes have emphasized security along with stability as vulnerabilities are exposed in accelerating enterprise deployments. Among the upgrades are expanded security for application containers running on the Microsoft Azure cloud.
1 month, 1 week agoAporeto Launches Zero Trust Cloud Security Solution For Kubernetes Multi-cluster Deployments
Aporeto, the leader in Zero Trust Cloud Security, announced its cloud network security solution for ..
1 month, 2 weeks agoMigrating From Kubernetes Deployment to Knative Serving
When I talk about Knative, I often get questions on how to migrate an app from Kubernetes Deployment..
1 month, 2 weeks agoCloud Native Application From Scratch - Kamil Hajduczenia
Ready to see some code? Containers, microservices, GKE, and more. Dive deep into application develop..
1 month, 3 weeks agoGitlab And Google Webcast - Running Containerized Applications on Modern Serverless Platforms
In this webcast, we'll walk through some of the benefits and challenges of using cloud-vendor-specif..