Like any other software, Kubernetes reveals some security breaches from time to time. On November 26th, 2018 CVE-2018-1002105 was published with a critical score of 9,8 (10 is maximum).
With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.
Every team running one of the following Kubernetes version, should update immediately:
- Kubernetes v1.0.x-1.9.x
- Kubernetes v1.10.0-1.10.10 (fixed in v1.10.11)
- Kubernetes v1.11.0-1.11.4 (fixed in v1.11.5)
- Kubernetes v1.12.0-1.12.2 (fixed in v1.12.3)
After 1,5 years working intensively with Amazon Web Services (AWS), my current project builds its infrastructure in Microsoft Azure. This forces me to learn some new things, concepts and notations. A common task I like to use is to access a single file (for example a Kubernetes configuration) on object storage. Azure’s object storage is called Azure Blob storage.
Blob storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that does not adhere to a particular data model or definition, such as text or binary data.
Azure Blob storage is the equivalent of Amazon Simple Storage Service (Amazon S3).
If you ever need to delete or deactivate (deactivate is a more appropriate word in PuppetDB context) a node in your PuppetDB, follow these steps.
Testing your Puppet code locally with Vagrant is great. Fast and clean development and testing of your code can be done in this comfortable way. The base setup is easy:
- Download and install Vagrant
- Download and install VirtualBox
- Download and install Puppet
So far, so good. When it comes to Hiera, I was struggling around with a setup that actually uses Hiera data. I couldn’t convince Vagrant to notice my Hiera configuration. And so none of my keys and values inside my YAML files found their way into my Puppet manifests.
vagrant provision puppet_dev always failed with this error: