Kubernetes 1.19 tuaj nrog kev txhawb nqa ib xyoos, TLS 1.3, txhim kho thiab lwm yam

Cov qauv tshiab ntawm Kubernetes 1.19 nyuam qhuav raug tso tawm tom qab kev ncua me ntsis, tab sis thaum kawg Tam sim no muaj nrog ntau cov hloov tshiab uas txhim kho Kubernetes ntau lawm npaj txhij. Cov kev txhim kho no suav nrog cov qauv khov kho ntawm Ingress thiab seccomp lub luag haujlwm, kev ruaj ntseg txhim kho, xws li txhawb nqa rau TLS 1.3 thiab lwm yam kev txhim kho zoo ntxiv.

Dhau li ntawd, txawm tias pab neeg Kubernetes yav dhau los tau tshaj tawm plaub qhov kev hloov tshiab hauv ib lub xyoo, lawv tsuas yuav tso peb lub xyoo no, vim yog kis mob kis hnyav. Daim Ntawv Version 1.19 yog qhov hloov tshiab tom qab lub xyoo no.

"Thaum kawg, peb tsoo Kubernetes 1.19, qhov thib ob version xyoo 2020 thiab nyob deb ntawm lub sijhawm ntev tshaj plaws uas siv tag nrho 20 lub lis piam. Nws muaj 34 txhim kho: 10 kev txhim kho tau hloov mus rau qhov chaw ruaj khov, 15 kev txhim kho rau beta version thiab 9 kev txhim kho rau alpha version.

"Version 1.19 qhov sib txawv los ntawm cov qauv xwm yeem vim los ntawm COVID-19, George Floyd qhov kev tawm tsam, thiab ntau lwm yam xwm txheej thoob ntiaj teb uas peb tau ntsib dhau los ua pab pawg ua haujlwm. «

Ntawm cov kev hloov pauv uas tshwm sim, qhov tseem ceeb tshaj yog nyob hauv Ingress uas yog Ameslikas qhia raws li beta API uas tswj hwm kev nkag tau sab nraud rau cov kev pabcuam hauv pawg, feem ntau HTTP tsheb, ntxiv rau nws tuaj yeem muab qhov kev thauj khoom sib npaug, kev txiav TLS, thiab lub npe npe virtual hosting.

Thiab hauv qhov tshiab version 1.19 no, Ingress raug hloov kho rau ib qho chaw ruaj khov thiab tau ntxiv rau Network APIs v1. Qhov hloov tshiab no ua hloov pauv tseem ceeb rau Ingress v1 khoom, suav nrog kev siv tau thiab schema hloov.

Nyob rau sab ntawm seccomp (Kev Ruaj Ntseg Qauv Khoos Kas) kuj muaj raws li cov qauv ruaj khov nyob rau hauv Kubernetes version 1.19 (seccomp yog lub Linux kev ruaj ntseg tshwj xeeb uas txwv tus naj npawb ntawm qhov kev hu xov tooj uas cov ntawv thov tuaj yeem ua).

Qhov no tau xub qhia raws li kev tsim qauv Kubernetes hauv version 1.3, tab sis nws muaj qee qhov kev txwv. Yav dhau los, ib qho lus ceeb toom ntawm PodSecurityPolicy yuav tsum tau ua thaum thov seccomp profile rau pods.

Hauv cov ntawv no, seccomp nthuav qhia daim teb seccompProfile tshiab ntxiv rau plhaub taum pauv thiab ruaj ntsegContext thawv khoom. Yuav kom ntseeg tau rov qab tau zoo nrog Kubelet, cov seccomp profiles yuav siv nyob rau hauv kev txiav txim ntawm qhov muaj feem thib:

  • Thawv tshwj xeeb daim teb.
  • Ntawv ntim tshwj xeeb.
  • Teb ntawm theem pod.
  • Daim ntawv qhia ntawm lub plhaub taum.

Lub thawv sandbox ntawm pod yog tam sim no tseem tau teeb tsa nrog ib qhov seccomp profile runtime / default cais hauv qhov hloov tshiab no.

Ib qho tseem ceeb ntxiv uas pab neeg tau tshaj tawm yog lub ncua sijhawm them nyiaj yug yuav tso cai rau ntau dua 80% ntawm cov neeg siv siv cov ntawv txhawb nqa, hloov ntawm 50-60% lawv tab tom saib tam sim no.

"Ib lub sijhawm txhawb nqa txhua xyoo muab lub ntsiab lus uas xaus cov neeg siv khoom zoo li xav tau thiab yog ntau dua li cov xwm txheej npaj txhua xyoo. Pib nrog Kubernetes version 1.19, lub qhov rais txhawb nqa yuav raug txuas ntxiv mus rau ib xyoos. "

Ntxiv thiab, Kubernetes muab ntim cov ntsaws-nkag uas nws cov kev siv lub neej yog txuas rau ntawm lub plhaub taum thiab tuaj yeem siv los ua thaj chaw ua haujlwm (piv txwv li, qhov khoob ntawm lub suab nruab nrab) lossis thauj qee cov ntaub ntawv rau hauv lub plhaub taum (piv txwv, cov chaw teeb tsa thiab cov lus zais zais, lossis "CSI tagnrho online": Cov lus zais yog ib qho khoom siv uas muaj me me ntawm cov ntaub ntawv rhiab, xws li password, token, lossis tus yuam sij.

Lub alpha tshiab nyob rau hauv Generic Ephemeral tagnrho ua rau muaj cov tswj kav uas twb muaj lawm uas txhawb nqa cov ntaub ntawv pabcuam tshwjxeeb kom siv los ua lub koob tshuaj ephemeral nrog lub ntim cov haujlwm txuas nrog lub plhaub taum.

Nws tuaj yeem siv los muab lub sijhawm ua haujlwm uas tsis yog lub hauv paus disk, xws li kev nco tsis tseg lossis ib lub zos sib cais ntawm cov ntawm no. Txhua Lub Chaw Thau Khoom Siv Ntaub Ntawv Kho Mob raug txhawb rau ntim cov ntawv pov thawj.

Tag nrho cov haujlwm txhawb los ntawm PersistentVolumeClaims tau txais kev txhawb nqaxws li kev taug qab ntawm kev cia cov khoom, cov ntxais thiab rov qab kho dua, thiab ntim qhov ntau thiab tsawg.

Thaum kawg lwm qhov kev hloov pauv zoo, yog tsom mus rau kev pom zoo ntawm xyoo tas los ntsuas kev nyab xeeb, Kubernetes version 1.19 ntxiv kev txhawb nqa rau TLS 1.3 ciphers tshiab uas tuaj yeem siv nrog Orchestrator.

Yog tias koj xav paub ntxiv txog nws, koj tuaj yeem tshawb xyuas cov ntsiab lus Hauv txuas hauv qab no.


Cov ntsiab lus ntawm tsab xov xwm ua raws li peb cov ntsiab cai ntawm kev tswj hwm kev ncaj nceesCov. Tshaj tawm ib qho yuam kev nyem no.

Yog thawj tus tuaj tawm tswv yim

Tso koj saib

Koj email chaw nyob yuav tsis tsum luam tawm. Yuav tsum tau teb cov cim nrog *

*

*

  1. Lub luag haujlwm rau cov ntaub ntawv: Miguel Ángel Gatón
  2. Lub hom phiaj ntawm cov ntaub ntawv: Tswj SPAM, kev tswj xyuas tawm tswv yim.
  3. Sau raws cai: Koj kev tso cai
  4. Kev sib txuas lus ntawm cov ntaub ntawv: Cov ntaub ntawv yuav tsis raug xa mus rau lwm tus neeg thib peb tsuas yog los ntawm kev txiav txim siab raug cai.
  5. Cov ntaub ntawv khaws cia: Cov Ntaub Ntawv khaws tseg los ntawm Occentus Networks (EU)
  6. Txoj Cai: Txhua lub sijhawm koj tuaj yeem txwv, rov qab thiab tshem tawm koj cov ntaub ntawv.