Author: Mike Mj Johnson
Kubernetes Training Fundamentals - Module 1 - Intro to Containers and Docker
by Mike 'MJ' Johnson
| Thursday, Dec 13, 2018
| Docker Kubernetes
This series is intended to be a introductory look into Kubernetes. If your organization is interested in custom training around your infrastructure, please reach out to us at BoxBoat. We are both a Docker and Linux Foundation training partner and can provide onsite corporate training on Docker and Kubernetes.
Welcome to the first post in the BoxBoat Kubernetes Training Fundamentals course. We designed a blog and video series to get you familiar with the core tenants of Kubernetes and Docker container orchestration.
Kubernetes Vulnerability - CVE-2018-1002105
by Mike 'MJ' Johnson Cole Kennedy
| Tuesday, Dec 4, 2018
With the popularity of Kubernetes, there is always potential for security vulnerabilities to be uncovered. And well, this one is a doozy.
What is it? The Kubernetes team just released a fix for CVE-2018-1002105 which allowed for anyone with API access (privileged or not) to use a specifically crafted request to obtain privilege escalation and take control of your Kubernetes cluster. Ouch.
From the CVE:
“With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.