Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Virtualization

    Kubernetes 1.12 Improves Cloud-Native Security With TLS Bootstrap

    By
    SEAN MICHAEL KERNER
    -
    September 28, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Kubernetes

      Some features take longer than others to get right.

      On Sept. 27, the Cloud Native Computing Foundation announced the general availability of Kubernetes 1.12. Among the highlights of the update is the stable release of TLS Bootstrapping, a security capability that developers have been working on for the past two years, since the release of Kubernetes 1.4 in 2016. For context, Kubernetes has only existed for four years.

      “Security is a very nuanced complicated space,” Tim Pepper, senior staff engineer at VMware and release lead for Kubernetes 1.12, told eWEEK. “Things like the TLS Bootstrap where you’re having to set up certificates and certificate authorities, signing requests and all of that, that’s really tricky to get, right. So, it makes sense that it took some time.”

      Kubernetes is a container orchestration platform technology that is developed under the auspices of the multi-stakeholder CNCF, which itself is a project from the Linux Foundation. Kubernetes 1.12 is the third major release of the open-source project in 2018, following the 1.11 milestone on June 27 and 1.10 on March 26.

      With TLS Bootstrapping, a Kubernetes node (Kubelet) can request and obtain a Transport Layer Security (TLS) certificate to join a TLS-secured cluster. Pepper explained that any feature that comes to Kubernetes needs to go through a maturation process to make sure it’s ready and stable for production deployments.

      In Kubernetes, ideas that come up through the community are first implemented as alpha features. Alpha phase features go through a graduation process to become beta, at which point the APIs for the features are expected to be stable, according to Pepper. The stable, or generally available (GA), stage for a feature is only achieved when the capability is robust, validated and known to be good.

      Kubernetes 1.12 Features

      Among the other stable features that have landed in Kubernetes 1.12 is support for Microsoft Azure Virtual Machine Set (VMSS) and cluster-autoscaler capabilities. VMSS enables users to create Kubernetes pods that can scale based on policy or on demand.

      Kubernetes was first developed with support for Linux and has since added support for Microsoft’s Azure and Windows platforms.

      Beta Features

      Kubernetes 1.12 also includes multiple notable features that have achieved the beta level of stability. One is Taint Node by Condition. Pepper explained that a “Taint” is a toleration for scheduling. He said that Kubernetes started out scheduling a few basic capabilities including CPU and memory availability.

      “The taints feature is something that really starts to build out a framework where you can have effectively arbitrary scheduling considerations happen without having to write a custom scheduler,” he said. “So as an operator of a cluster, you declare that you have certain features and constraints within the cluster, and then the pod users are able to declare which of those they can tolerate or not.”

      Topology Aware Dynamic Profiling is another feature that has now reached the beta status. Pepper explained that the new Dynamic Profiling beta feature is different from the ConfigMap dynamic configuration features that landed in the Kubernetes 1.11 release. Topology Aware Dynamic Profiling is storage-specific and is part of a broader push within Kubernetes for enabling differentiated types of enterprise storage capabilities, he said.

      Alpha Features

      Along with beta features, Kubernetes 1.12 introduces multiple alpha features, including the new RuntimeClass resource, which Pepper said had particular interest to him as an employee of VMware and also because of prior jobs he’s had.

      “I used to work at Intel in the department build what became Kata containers and was originally called Clear Containers,” he said. “So I’ve been really interested in this idea of, of what it means to provide differentiated sandboxing and levels of security around the container, a pod or whatever a workload is.”

      The Kata containers effort is led by a project operated by the OpenStack Foundation to help enable containers to run in an isolated and secured manner. Pepper explained that the RuntimeClass in Kubernetes 1.12 is a Custom Resource Definition (CRD), which enables administrators to define and retrieve new extensions to the Kubernetes API.

      “RuntimeClass is particularly interesting for what it enables from a differentiated security perspective,” Pepper said. “Initially, sure it will just be some pod sandboxing, putting probably a VM [virtual machine] under some pods, but I think it has the potential to do a lot more than that and it’s going to be really interesting to see over the coming year how it progresses.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×