This year, 2019 is typically a good start for Kubernetes. With the launch of its new version 1.14, Kubernetes has introduced newer features such as the production-level support for Windows nodes and a process that defines how and when the enhancements are accepted and move through the Kubernetes development cycle. In the current scenario, Kubernetes is the current de facto standard for container orchestration.
The popularity and demand for containers are increasing and many organisations are adopting lightweight containers than the resource intensive virtual machines. The rate of Kubernetes adoption was doubled in 2018. Even though Kubernetes was successful and had many advantages, a security hole in the form of a privilege-escalation flaw was discovered which allowed hackers to exploit it.
The Security Flaw
The first major security hole in Kubernetes was discovered in early November 2018. The bug was termed as CVE-2018-1002105, also known as the Kubernetes privilege escalation flaw. The bug allowed the attacker to gain full administrator privileges on various Kubernetes compute nodes. The flaw was rated 9.8 out of 10 which is critical, according to the Common Vulnerabilities Scoring System (CVSS).
No cloud-based platform can be termed as 100 per cent secure, issues can happen at any time. It only matters how the issues are resolved with proper security measures and prevent further issues in the future. In the case of Kubernetes, with the discovery of the privilege-escalation flaw, it cannot be termed as completely secure. Kubernetes was originally developed by Google before being a part of the CNCF
The thing is that cloud services usually operate on a shared responsibility model. The Cloud service platform is responsible for managing the security of the cloud, and the organization that uses the cloud service is usually responsible for implementing security in it. By following certain practices, it can manage the security of Kubernetes and protect the cloud containers.
Updating to the latest version
The security flaw in Kubernetes was eventually resolved by updating Kubernetes to the latest version by using patches. To stay secure in the current scenario of vulnerabilities, it is always recommended to update to the latest version. Typically patches and security fixes are released on a periodic basis.
Know your Kubernetes clusters
Usually, when workloads increases, clusters will have to be deployed to handle, however, when more and more clusters are deployed, it will lead to cluster sprawl. It is always recommended to know what clusters are used for managing workloads by using discovery tools offered by the cloud service provider.
Security and Compliance
Securing the cloud is not the same as securing an on-premise environment. Similarly for containers, securing containers is also not the same as securing a non-container system. Even though Kubernetes manages multiple container orchestration, the container environments are still complex, dynamic. With the discovery of new threats and vulnerabilities, managing security is not an easy task, therefore, the organizations must ensure that the container configurations and security controls have adhered to applicable compliance requirements.
Urolime is one of the leading DevOps consulting company with considerable experience in supporting customers around the globe in adopting DevOps practices. As an AWS and Cloud consulting partner, Urolime not only has experience in Cloud Migrations but also support the vast customer base to enable scalable and highly available architecture on AWS, Azure, and GCP. The customers benefit from our expert involvement in Deployment Automation (CI/CD), Infrastructure Automation, Dockerization, Security, Disaster Recovery Planning & Implementation and 24/7 Managed Services with 10 Minutes SLA. Urolime is one of the companies which deals with a bunch of Kubernetes solution build for the customer on AWS, Azure, and GCP.