What’s new in Kubernetes 1.19
Thanks to Sascha Grunert for the technical content of this post. In addition to being a member of the Containers Squad of the SUSE CaaS Platform team, Sascha is Technical Lead in the Kubernetes Release Engineering Subproject, which is part of SIG Release. He participated in many Kubernetes release cycles from different roles and is thrilled to give you an update about the next version.
SUSE congratulates the Kubernetes Project on another evolution of the most popular container orchestration and management platform, which forms the basis of our SUSE CaaS Platform. You can expect to see Kubernetes 1.19 supported in a future SUSE release.[...]
Two Common Vulnerabilities and Exposures (CVE) will be fixed in Kubernetes v1.19.0.
The first one is CVE-2020-8559, which allows a privilege escalation from a node inside the cluster. This means if it is possible to intercept certain requests to the Kubelet, then an attacker could send a redirect response that may be followed by a client request using the credentials from the original request. This can lead to compromise of other nodes inside the cluster.The other fixed vulnerability is CVE-2020-8557. This CVE allows a Denial of Service (DoS) via a mounted /etc/hosts file inside a container. If a container writes a huge set of data to the /etc/hosts file, then it could fill the storage space of the node and cause the node to fail. Root cause for this issue was that the kubelet does not evict this part of the ephemeral storage.
SUSE plots edgier Kubernetes with Linux behind the wheel
SUSE has had a busy year, with a switch of CEO, the ditching of OpenStack, and the buy of Kubernetes darling Rancher Labs.
The Register spoke to the veteran Linux flinger's president of Engineering and Innovation, Thomas Di Giacomo, and CTO and openSUSE chair Gerald Pfeifer, about cars, Kubernetes, open source and life free from the clutches of its previous owner.
Last month's Rancher Labs slurp highlighted the freedom SUSE now enjoys after it was jettisoned from Micro Focus in 2018.
The Dog days of Summer means we are that much closer to SUSE Digital Partner Summit
Two weeks – we’ll be firmly in September with kids in some form of school AND the SUSE Digital Partner Summit beginning its first day (hint: register!). As mentioned in an earlier post day, 1 features a keynote from Melissa Di Donato and Paul Devlin and the announcement of the SUSE One Partner Program and why the program is evolving to the specializations of INNOVATE, BUILD, SELL, MANAGE, SERVICE and TRAIN to be covered by Rachel Cassidy. Rachel will be joined by Julie Baldwin as they discuss how one of our partners have found ways to stay relevant in a cloud-first world.