Solomon Hykes Leaves Docker
In the biggest story of this past week, Solomon Hykes — Docker founder and former CTO — has announced his departure from Docker, Inc. He will remain a major shareholder and active board member, but will be helping Docker find a new CTO to replace him.
Kubernetes 1.10 Release
Kubernetes reached 1.10 this past week, with the Kubernetes implementation of the Container Storage Interface (CSI) and durable (non-shared) local storage management both moving to beta. The 1.10 release also features external credential providers (alpha), and “the ability to switch the DNS service to CoreDNS at install time” (beta), among other features.
InfoSiftr’s own Noah Abrahams was part of the Kubernetes Release Team for 1.10, so we know these releases take a lot of work. Congratulations to Noah and the whole Kubernetes Release Team for this major accomplishment!
See also: Sean Michael Kerner (eWeek)’s excellent coverage of Kubernetes 1.10
Creating SSO for Kubernetes
The New Stack has been sharing a series of articles around Kubernetes user authentication and “how to create a single sign-on experience within the Kubernetes ecosystem.” The latest article extends this capability to the Kubernetes dashboard. Follow the link to read more.
Potential Security Issue w/ etcd Deployment
A recent article in The New Stack has revealed that, prior to version 2.1, etcd “didn’t support any type of authentication.” Later versions of the project have kept authentication turned off by default (for backward compatibility reasons).
Etcd is a key-value store used in Kubernetes clusters. It is used to store “highly sensitive information,” according to The New Stack.
Follow the link for more information about securing your etcd deployment.
Kubernetes Vulnerabilities (and Recent Patches)
Kubernetes was recently patched for two severe vulnerabilities. One of the vulnerabilities could bad actors to “gain read and write access to arbitrary files outside volumes specified in a pod, including files on the host’s filesystem.” The other vulnerability allowed “containers that use a secret, configMap, projected, or downwardAPI volume to trigger deletion of arbitrary files and directories on the node host.”
Patching these issues required design changes which are causing problems for some container configurations. The Kubernetes team is currently addressing the problems.
A recent article in The New Stack explores the security of microservices, including the differences between container and microservices security (although there is a lot of overlap) and the unique challenges around securing microservices. The article draws on insights from Twistlock and Aqua Security, among others. Follow the link for an in depth exploration of this topic.
Kubernetes for Scalable Deep Learning
At Nvidia’s GPU tech conference this past week, Nvidia CEO and founder Jensen Huang scaled to multiple GPUs on stage, using Kubernetes. His demo involved using a single GPU to scan and identify types of flowers in a set of photos, then spinning up replicas of the program on additional GPUs to increase the number of flowers being identified. Follow the link for the article and video of Huang’s demo.
ONAP Efforts at CNCF, ONAP on Kubernetes
The CNCF recently released CI Dashboard v1.3.0, which shows the status of their work to integrate CNCF projects with multiple cloud providers. The dashboard now include ONAP (the Open Network Automation Platform), an automation project used by telecom carriers to connect services to infrastructure.
Historically, ONAP has run on Rackspace or Azure. However, Kubernetes can act as a “universal translation layer” letting you run ONAP on any cloud (or on a hybrid cloud, or on OpenShift, or on bare metal).
Follow the link to learn more about the emerging possibilities around running ONAP on Kubernetes.