BoxBoat Blog

Service updates, customer stories, and tips and tricks for effective DevOps

Author: Cole Kennedy

Kubernetes Vulnerability - CVE-2018-1002105

Kubernetes Vulnerability - CVE-2018-1002105

by Mike 'MJ' Johnson Cole Kennedy | Tuesday, Dec 4, 2018 | News

With the popularity of Kubernetes, there is always potential for security vulnerabilities to be uncovered. And well, this one is a doozy. What is it? The Kubernetes team just released a fix for CVE-2018-1002105 which allowed for anyone with API access (privileged or not) to use a specifically crafted request to obtain privilege escalation and take control of your Kubernetes cluster. Ouch. From the CVE: “With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.

Building Containers with Kubernetes and Knative

Building Containers with Kubernetes and Knative

by Cole Kennedy | Friday, Aug 10, 2018 | Kubernetes

Developing for Kubernetes can be a daunting task for any developer not familiar with the ecosystem. The developer needs to understand how to create spec files, author CI/CD scripts with a system such as Jenkins or CircleCI, and instrument logging and tracing. Knative aims to solve some of these issues, abstracting the details of building images away from the developer. Knative helps developers build, deploy, and manage modern serverless workloads on Kubernetes.