20 min listen
Kubernetes CVE-2018-1002105, with Jordan Liggitt
Kubernetes CVE-2018-1002105, with Jordan Liggitt
ratings:
Length:
28 minutes
Released:
Dec 17, 2018
Format:
Podcast episode
Description
Adam and Craig end the year by talking to Jordan Liggitt, the member of the Kubernetes Product Security Team who fixed the recent critical security vulnerability in the Kubernetes API server. We also take a look at the news from KubeCon.
This is our last episode for 2018. Thank you for your support this year, and we’ll be back on the 8th of January!
Do you have something cool to share? Some questions? Let us know:
web: kubernetespodcast.com
mail: kubernetespodcast@google.com
twitter: @kubernetespod
News of the week
etcd donated to the CNCF
Chubby paper
Raft paper
Blog post on the relationship between Kubernetes and etcd by Gyuho Lee and Joe Betz
Istio:
Geekwire: Has Istio become the new cloud-native darling?
Google launches Istio on GKE
VMware NSX Service Mesh
Aspen Mesh open beta
In other service mesh news: A10 Secure Service Mesh
Knative:
Knative: bringing serverless to Kubernetes everywhere
SAP: Extensibility on cloud-native stack
Red Hat to deliver hybrid serverless workloads to the enterprise
Pivotal launches Function Service
GitLab and TriggerMesh announce GitLab Serverless
Oracle Cloud Native Framework
Microsoft:
Osiris
Azure Monitor for Containers is GA
Phippy Goes To The Zoo
Phippy, Captain Kube and friends now in the CNCF
Digital Ocean Kubernetes now open to everyone
Linode Kubernetes CLI
Terraform scripts
VMware closes its acquisition of Heptio
For $550M
Dell will go public again
Quickfire Kubernetes security news
NeuVector announced containerd and CRI-O runtime support in their container firewall
Aqua’s Container Security Platform is now certified to cover the Kubernetes CIS benchmarks
Lacework announced their configuration scanning platform covers Kubernetes
Sysdig released Sysdig Secure 2.2, which adds Kubernetes audit events, and the ability to block deployments using Kubernetes admission controllers
Twistlock released 18.11, which “introduces security visualization for Kubernetes, and compliance and security configuration checks for Istio, including new alerting integrations with PagerDuty, and cloud services
Grafana Loki
Thanos: Prometheus at scale
Maestro – A declarative, no-code approach to Kubernetes Day 2 Operators
rbacsync
PlanetScale announces funding
TechCrunch article
Links from the interview
Jordan’s suggested KubeCon talks to watch:
Kelsey Hightower’s keynote, “Kubernetes and the path to serverless”
Julia Evans’ keynote, “High Reliability Infrastructure Migrations”
OpenShift before Kubernetes in 2014
Kubernetes Product Security Team
CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections
Listing in the National Vulnerability Database
Originally filed as a bug against Rancher
Rancher blog post
How to report a vulnerability
Proof of concept (third party)
How it was fixed
Distributor’s list
Client certificate vulnerability in Kubernetes in 2016
Answering questions on Stack Overflow
Jordan Liggitt on Twitter, GitHub, Slack or Stack Overflow
This is our last episode for 2018. Thank you for your support this year, and we’ll be back on the 8th of January!
Do you have something cool to share? Some questions? Let us know:
web: kubernetespodcast.com
mail: kubernetespodcast@google.com
twitter: @kubernetespod
News of the week
etcd donated to the CNCF
Chubby paper
Raft paper
Blog post on the relationship between Kubernetes and etcd by Gyuho Lee and Joe Betz
Istio:
Geekwire: Has Istio become the new cloud-native darling?
Google launches Istio on GKE
VMware NSX Service Mesh
Aspen Mesh open beta
In other service mesh news: A10 Secure Service Mesh
Knative:
Knative: bringing serverless to Kubernetes everywhere
SAP: Extensibility on cloud-native stack
Red Hat to deliver hybrid serverless workloads to the enterprise
Pivotal launches Function Service
GitLab and TriggerMesh announce GitLab Serverless
Oracle Cloud Native Framework
Microsoft:
Osiris
Azure Monitor for Containers is GA
Phippy Goes To The Zoo
Phippy, Captain Kube and friends now in the CNCF
Digital Ocean Kubernetes now open to everyone
Linode Kubernetes CLI
Terraform scripts
VMware closes its acquisition of Heptio
For $550M
Dell will go public again
Quickfire Kubernetes security news
NeuVector announced containerd and CRI-O runtime support in their container firewall
Aqua’s Container Security Platform is now certified to cover the Kubernetes CIS benchmarks
Lacework announced their configuration scanning platform covers Kubernetes
Sysdig released Sysdig Secure 2.2, which adds Kubernetes audit events, and the ability to block deployments using Kubernetes admission controllers
Twistlock released 18.11, which “introduces security visualization for Kubernetes, and compliance and security configuration checks for Istio, including new alerting integrations with PagerDuty, and cloud services
Grafana Loki
Thanos: Prometheus at scale
Maestro – A declarative, no-code approach to Kubernetes Day 2 Operators
rbacsync
PlanetScale announces funding
TechCrunch article
Links from the interview
Jordan’s suggested KubeCon talks to watch:
Kelsey Hightower’s keynote, “Kubernetes and the path to serverless”
Julia Evans’ keynote, “High Reliability Infrastructure Migrations”
OpenShift before Kubernetes in 2014
Kubernetes Product Security Team
CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections
Listing in the National Vulnerability Database
Originally filed as a bug against Rancher
Rancher blog post
How to report a vulnerability
Proof of concept (third party)
How it was fixed
Distributor’s list
Client certificate vulnerability in Kubernetes in 2016
Answering questions on Stack Overflow
Jordan Liggitt on Twitter, GitHub, Slack or Stack Overflow
Released:
Dec 17, 2018
Format:
Podcast episode
Titles in the series (100)
Kubernetes Community, with Paris Pittman: A chat with Paris Pittman, Kubernetes community manager by Kubernetes Podcast from Google