Vulnerabilities Surface as Kubernetes is Upgraded
The second release this year of the upgraded Kubernetes cluster orchestrator includes no less than 26 enhancements, including three deemed to be “stable.”
Meanwhile, another security issue has turned up in a Kubernetes interface used to run commands against Kubernetes clusters.
Community leaders noted that the latest Kubernetes upgrade focuses on easing installation, configuring and upgrading the cluster orchestrator widely used to deliver applications and other micro-services. For example, a tool called kubeadm graduated to beta, enabling users to become more familiar with configuring and deploying so-called “high-availability” clusters.
The new version also delivers greater functionality for the Kubernetes container storage interface, including a new capability called “volume cloning” that can be used when provisioning a new storage volume.
As Kubernetes gains traction as an enterprise de facto standard, project managers stressed the latest release also looks beyond new features to unsure greater stability. Kubernetes developers “have been working on improving test coverage, ensuring the basics stay reliable and stability of the core feature set and working on maturing existing features and cleaning up the backlog,” the group said in a blog post.
Kubernetes 1.15 is available for download on GitHub. The exploding Kubernetes community recommends using the kubeadm tool, defined as a “lifecycle building block,” to launch an initial production Kubernetes cluster conforming with best practices.
A blog detailing Kubernetes 1.15 upgrades is available here.
Broader use of the cluster orchestrator has also attracted security threats as hackers probe for weaknesses. Another vulnerability was disclosed over the weekend affecting the kubectl command interface. The security gap could, for example, allow an intruder to install a malicious container that could replace or create files on an infected machine. The client-side defect is listed as “high severity,” and users of older versions are urged to upgrade their systems. Installation instructions are here.
Container security specialists said Monday (June 24) the vulnerability likely stems from incomplete fixes to a previously disclosed security threat. “This vulnerability is concerning because it would allow an attacker to overwrite sensitive file paths or add files that are malicious programs, which could then be leveraged to compromise significant portions of Kubernetes environments,” said Wei Lien Dang, co-founder and vice president of products at StackRox, a container and Kubernetes security vendor.
“We expect that this vulnerability is one of several that will be disclosed as a result of the security audit” sponsored by the Cloud Native Computing Foundation, StackRox added.