PKS 1.2.3 release – and Kubernetes CVE-2018-1002105

PKS 1.2.3 was released on Friday Nov 30, 2018, and adds new stuff that is important:

  • NSX-T and vCenter IaaS proxy – these have been added to keep accelerating our “enterprise readiness”, lots of input from customers about what they need for authentication and proxying those authenticaion requests.
  • Large-sized NSX-T load balancer types – these have been added as people scale up how they are using PKS and NSX-T together.   While PKS is absolutely open, has Flannel as “batteries included”, and can work with the broad ecosystem around CNI – the most valuable, deepest integration (and strongest SDN) is NSX-T.   Larger NSX-T load balancers are important for several use cases, including some of the data ecosystem.
  • Kubernetes v1.11.5.   More on this in a second, but the pattern of making native, vanilla k8s fast and easy (“constant compatibility” is one of the essential elements)
  • On-demand-broker v0.24.
  • Xenial Stemcell v97.34.
  • Fix: Issue with mounting NFS Persistent Volumes is resolved.

Now, a bit more on Kubernetes v1.11.5.   Kubernetes has been a very solid OSS project, and there have been very few CVEs (IMO), but CVEs will occur, and how we all respond is essential.   This one is relatively material as it enables carefully crafted k8s API calls to gain elevated privileges to backend resources like kubelet APIs.  You can find out details on the CVE here.

Good news – our OCD focus on alignment and more importantly that we make it easy for our customers to automated platform updates to happen all day long, and in prod should make updating PKS easy.

Software, Documentation and Links:

Leave a Reply

Your email address will not be published. Required fields are marked *