Continental Innovates with Rancher and Kubernetes
Rancher recommends two potential solutions for a new Kubernetes security issue affecting multitenant clusters. The threat is: If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster.
Many of Helm’s security best practices apply directly to how you manage your Kubernetes applications. Discover how you can use Helm and Helm Charts to create reproducible security in your Kubernetes deployments.
Join Rancher Co-Founders Shannon Williams and Darren Shepherd for a detailed walkthrough of our latest releasethe open-source Kubernetes management platform, Rancher 2.4.
IThis masterclass will help you understand and navigate the security challenges of adopting containers and Kubernetes. Join today.
Join this online meetup as we discuss the current state of security challenges in an Enterprise Kubernetes Strategy and the security-related features in Rancher.
Security is one of the most talked-about topics for Kubernetes users. Google “Kubernetes security” and you’ll find a huge number of articles, blogs and more. The reason is simple: you need to align your container and Kubernetes security with your organization’s existing security profile.
Kubernetes has some strong security best practices for your cluster—authentication and authorization, encryption in secrets and objects in the etcd database—to name a few. However, you need to be aware of other risks, such as privilege escalation and secrets obtained.
In this Kubernetes master class, you'll learn simple ways of adding automation to your vault operation to help reduce operator toil and to allow developers to add new applications via a GitOps flow. Register for the Class Here.
In this Kubernetes Master Class, we will discuss in depth the approach Rancher uses for multi-cluster multi-tenant setups.
This is the third of a series of three articles focusing on Kubernetes security: the outside attack, the inside attack, and dealing with resource consumption or noisy neighbors.
The release of k3s has been met with enthusiasm by the Kubernetes community. Find out why k3s has become so popular so quickly and what teams are already doing with k3s one week after its launch.
This is the first of a series of three articles focusing on Kubernetes security: the outside attack, the inside attack, and dealing with resource consumption or noisy neighbors.
Today we announced releases v2.1.6 and v2.0.11 to address two security vulnerabilities recently discovered in Rancher. The first vulnerability allows users in the Default project of a cluster to escalate privileges to that of a cluster admin through a service account. The second vulnerability allows members to have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. You can view the official CVEs here CVE-2018-20321 and here CVE-2019-6287.
This article analyzes the recent CNCF article, '9 Kubernetes Security Best Practices Everyone Must Follow' and discusses how Rancher, RKE, and RancherOS satisfy these by default. I also discuss the Rancher Hardening Guide, which covers 101 more security changes that will secure your Kubernetes clusters.
This blog describes how Rancher and its managed kubernetes clusters can be affected by the recent announcement detailing the vulnerabilities of the proxying external IPs and dashboard.
In our introduction to container security, we discuss the issues surrounding this new technology and what you can do to address them. Read more at Rancher.
We would like to quickly explain and address the recent metasploit module, which was created to exploit Rancher servers and Docker hosts. This is not a security issue because it only works in the following two scenarios:
1. Your Rancher server does not have authentication enabled While Rancher does not require you to enable authentication, you should always enable it if you are deploying Rancher in an untrusted environment (e.
Container security was initially a big obstacle to many organizations in adopting Docker. However, that has changed over the past year, as many open source projects, startups, cloud vendors, and even Docker itself have stepped up to the challenge by creating new solutions for hardening Docker environments. Today, there is a wide range of security tools that cater to every aspect of the container lifecycle. Docker security tools fall into these categories:
Cyber security is no longer a luxury. If you need a reminder of that, just take a look at the seemingly endless number of stories appearing in the news lately about things like malware and security breaches. If you manage a Docker environment, and you want to help make sure your organization or users are not mentioned in the news stories that accompany the next big breach, you should know the tools available to you for helping to secure the Docker stack, and put them to work.
Fei Huang is Co-Founder and CEO of NeuVector. Managing containers requires a broad scope from application development, test, and system OS preparation, and as a result, securing containers can be a broad topic with many separate areas. Taking a layered security approach works just as well for containers as it does for any IT infrastructure. There are many precautions that should be taken before running containers in production.* These include:
Since Docker launched in 2013, it has brought a level of excitement and innovation to software development that’s contagious. It has rallied support from every corner—enterprises to startups, developers to IT folk, plus the open source community, ISVs, the biggest public cloud vendors, and every tool across the software stack. Since the launch of Docker, many major milestones have served to advance the container revolution. Let’s look at some of them.
As a relatively new technology, Docker containers may seem like a risk when it comes to security -- and it’s true that, in some ways, Docker creates new security challenges. But if implemented in a secure way, containers can actually help to make your entire environment more secure overall than it would be if you stuck with legacy infrastructure technologies. This article builds on existing container security resources, like Security for your Container, to explain how a secured containerized environment can harden your entire infrastructure against attack.
[Rancher is a complete container management solution, and to be a complete platform, we’ve placed careful consideration into how we handle networking between containers on our platform. So today, we’re posting a quick example to illustrate how networking in Rancher works. While Rancher can be deployed on a single node, or scaled to thousands of nodes, in this walkthrough, we’ll use just a handful of hosts and containers.]
Setting up and Launching a Containerized Application [Our first task is to set up our infrastructure, and for this exercise, we’ll use AWS.