Kubernetes has quickly become the open-source standard solution for deployment, scaling and management of container applications. It offers a high degree of flexibility and versatility. But what leads to a large and powerful documentation, this can be overwhelming for one or the other, when trying to find the relevant sections for his installation. Which is why Kubernetes has a steep learning curve. After the planning of the cluster follows the installation which also has its pitfalls. For this reason, there are deployment tools such as Kubespray that make this work easier. This story is about the automatic deployment of a Kubernetes cluster, using Kubespray on an OpenStack Cloud (Open Telekom Cloud).
The vulnerability under the tag: CVE-2018-1002105 causes a critical security gap within the following Kubernetes versions
Kubernetes v1.0.x-1.9.x
Kubernetes v1.10.0-1.10.10 (fixed in v1.10.11)
Kubernetes v1.11.0-1.11.4 (fixed in v1.11.5)
Kubernetes v1.12.0-1.12.2
Our PaaS service Cloud Container Engine (CCE) was also affected. The platform has been patched on last Saturday (15.12.2018). Details can be found below and how clusters can be checked by yourself.
The following guide will help you to install a 2-node Kubernetes cluster with Kubespray and providing Kata Container support. The cluster will consist of one master server which will be built on ECS (Elastic Cloud Server) and one node which will be built on BMS (Bare Metal Server). BMS is being used due to a current limitation of ECS on OTC, the ECS does not support nested virtualization which would be required for Kata runtime.
Open Telekom Cloud (OTC) Release 3.1 provides a completely new "Elastic LoadBalancer Version 2" (ELBv2) which includes a lot of new features (see comparison table) and provides better performance. It was activated for the public OTC production environment (eu-de) in early September 2018.
Photo by Albin Berlin from Pexels
