I-Kubernetes 1.13 ifika futhi ilungisa ukuba sengozini okubucayi okutholakele

Kubernetes

I-Kubernetes Container Platform Ukukhishwa Okusha 1.13 Kususa Ukuba Sengozini Okubalulekile (CVE-2018-1002105), evumela noma imuphi umsebenzisi ukuthi akwazi ukulawula ngokuphelele iqembu leziqukathi ezingazodwa. Le nkinga iphinde yalungiswa kuzibuyekezo 1.10.11, 1.11.5, naku-1.12.3.

Kokuba sengozini okutholakala eKubernetes, ukuze kwenziwe lokhu kuhlasela, kwanele ukuthumela isicelo esiklanywe ngokukhethekile nge-API ukuthola ukunqamula emuva (isicelo sokuthola).

Mayelana nokuba sengozini kweKubernetes

Ngenxa yephutha, lolu hlobo lwesicelo lushiya ukuxhumana kwenethiwekhi kuvulekile, kuvumela ukusetshenziswa kweseva ye-API (i-kube-apiserver) njengomxhumanisi wokuthumela izicelo kunoma iyiphi iseva isebenzisa ukuxhumana okusungulwe neseva ye-API.

Ngenxa yalokho, izicelo ezidluliselwe ngaphezulu kokuxhumeka okunjalo zizocutshungulwa nge-backend njengezicelo zangaphakathi zeseva ye-API, Ithunyelwe kusetshenziswa amapharamitha wokufakazela ubuqiniso besiphakeli se-API.

Ngephutha, bonke abasebenzisi beKubernetes abagunyaziwe nabangaqinisekisiwe banamandla okuthumela izicelo nge-API yokutholwa, eyanele ukuqala ukuhlasela.

Ngakho-ke, noma imuphi umsebenzisi we-Kubernetes ongenalungelo lokufinyelela ku-API angathola ukulawula okuphelele kuyo yonke ingqalasizinda, ngokwesibonelo ngokuthumela isicelo sokusebenzisa ikhodi yakhe kumsingathi.

Ngaphezu kokulawula ingqalasizinda ye-Kubernetes, ukuba sengozini kungasebenza nasekuhlaselweni okubhekiswe kumakhasimende ngokukhohlisa izinsizakalo zamakhasimende ezenzelwe ifu.

Inkinga izibonakalisa kuzo zonke izinhlobo zamaKubernetes, kuqala ngohlobo 1.0.

Ngakho-ke, bonke abaphathi beKubernetes bayakhuthazwa ukuthi bavuselele ngokuphuthumayo amasistimu abo ezindabeni zamanje, futhi bacwaninge izingodo zohlelo ukuze zenze umsebenzi onobungozi.

Njengesixazululo sokuvikela ekuhlaselweni okuvela kubasebenzisi abangagunyaziwe, bangakhubaza ukufinyelela okungaziwa kwe-API usebenzisa inketho "- engaziwa-auth = yamanga" futhi ubuyise amalungelo wokwenza / ukunamathisela / ukuhambisa imisebenzi.

Kuyaziwa ngokwehlukana ukuthi kuzingodo zeKubernetes ukuhlaselwa kusetshenziswa izicelo ezingagunyaziwe akungenanga nhlobo, ngakho-ke bekunganqunywa ukuthi ngabe ukuvumelana kuyenzeka kuphela ngezimpawu ezingaqondile.

Mayelana nokukhishwa okusha kweKubernetes 1.13 nokuthi yini okusha

Ama-Kubernetes 1.13

Kulokhu kukhishwa okusha kweBubernetes 1.13 Isixhumi esibonakalayo se-CSI (Container Storage Interface) sizinzile, sikuvumela ukuthi wakhe ama-plugins wokuxhasa amasistimu wokugcina amaningi.

I-CSI inikeza isikhombimsebenzisi esisodwa sokwaba isikhala, ukunamathisela, nokufaka amakhosombe, okuvumela ukuthi unikeze ama-plugins wokuhlanganiswa nezinsizakalo ezahlukahlukene zokugcina ngaphandle kwesidingo soshintsho ku-Kubernetes codebase.

Ngokuzenzakalelayo, iseva yeCoreDNS DNS iyasetshenziswa.

ICoreDNS ibhalwe ngolimi lweGo futhi ivelela ukwakheka okuguqukayo okususelwa ku-plugin.

Isibonelo, imisebenzi ethile efana nokutholwa kwensizakalo ye-Kubernetes, ukuqoqwa kwemethrikhi yohlelo lokuqapha i-Prometheus, nokuhlanganiswa nohlelo lokulungiswa kokulungiswa, njll. zenziwa ngama-plugins.

IKubeadm iqinisiwe njengesixhumi esibonakalayo esenziwe lula sokuphatha iqoqo leKubernetes, ekuvumela ukuthi wenze imisebenzi efana nokwakha nokuhambisa iqoqo kukhompyutha ekhona, lungiselela izingxenye eziyisisekelo zeKubernete, xhuma futhi ususe ama-node, wenze imisebenzi yokuthuthukisa;

I-interface yokuhlola yethulwa ngokwakha ama-plugins wokuhlanganiswa nezinhlelo zokuqapha ezivela eceleni.

Ukubhaliswa kwe-plugin yedivayisi eqiniswe yisevisi, okunikeza izindlela zokufinyelela ku-Kubelet kusuka kuma-plugins.

Isihleli sokusatshalaliswa kweziqukathi se-TAVS (Topology Aware Volume Scheduling) sesizinzile, kucatshangelwa isihloko sendawo yezingxenye zemidumba (kucatshangelwa imikhawulo ebekelwe izindawo nezindawo).

Saya esigabeni sokuhlolwa kwe-beta se-APIServer DryRun, iqembu le-Kubectl Diff kanye nekhono lokusebenzisa amadivayisi we-block eluhlaza njengemithombo yedatha ephikelelayo (umthombo wevolumu ophikelelayo).

Uma ufuna ukwazi okuthe xaxa ngalokhu kukhishwa okusha kungaba vakashela isixhumanisi esilandelayo.


Yiba ngowokuqala ukuphawula

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.