Kubernetes CVE-2018-1002105, with Jordan Liggitt

Adam and Craig end the year by talking to Jordan Liggitt, the member of the Kubernetes Product Security Team who fixed the recent critical security vulnerability in the Kubernetes API server. We also take a look at the news from KubeCon. This is our last episode for 2018. Thank you for your support this year, and we’ll be back on the 8th of January! Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week etcd donated to the CNCF Chubby paper Raft paper Blog post on the relationship between Kubernetes and etcd by Gyuho Lee and Joe Betz Istio: Geekwire: Has Istio become the new cloud-native darling? Google launches Istio on GKE VMware NSX Service Mesh Aspen Mesh open beta In other service mesh news: A10 Secure Service Mesh Knative: Knative: bringing serverless to Kubernetes everywhere SAP: Extensibility on cloud-native stack Red Hat to deliver hybrid serverless workloads to the enterprise Pivotal launches Function Service GitLab and TriggerMesh announce GitLab Serverless Oracle Cloud Native Framework Microsoft: Osiris Azure Monitor for Containers is GA Phippy Goes To The Zoo Phippy, Captain Kube and friends now in the CNCF Digital Ocean Kubernetes now open to everyone Linode Kubernetes CLI Terraform scripts VMware closes its acquisition of Heptio For $550M Dell will go public again Quickfire Kubernetes security news NeuVector announced containerd and CRI-O runtime support in their container firewall Aqua’s Container Security Platform is now certified to cover the Kubernetes CIS benchmarks Lacework announced their configuration scanning platform covers Kubernetes Sysdig released Sysdig Secure 2.2, which adds Kubernetes audit events, and the ability to block deployments using Kubernetes admission controllers Twistlock released 18.11, which “introduces security visualization for Kubernetes, and compliance and security configuration checks for Istio, including new alerting integrations with PagerDuty, and cloud services Grafana Loki Thanos: Prometheus at scale Maestro – A declarative, no-code approach to Kubernetes Day 2 Operators rbacsync PlanetScale announces funding TechCrunch article Links from the interview Jordan’s suggested KubeCon talks to watch: Kelsey Hightower’s keynote, “Kubernetes and the path to serverless” Julia Evans’ keynote, “High Reliability Infrastructure Migrations” OpenShift before Kubernetes in 2014 Kubernetes Product Security Team CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections Listing in the National Vulnerability Database Originally filed as a bug against Rancher Rancher blog post How to report a vulnerability Proof of concept (third party) How it was fixed Distributor’s list Client certificate vulnerability in Kubernetes in 2016 Answering questions on Stack Overflow Jordan Liggitt on Twitter, GitHub, Slack or Stack Overflow