|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2019-08-09 16:12:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
A Kubernetes security assessment
The Kubernetes community has posted the
extensive results [PDF] of a security assessment performed earlier this
year. "Overall, Kubernetes is a large system with significant
operational complexity. The assessment team found configuration and
deployment of Kubernetes to be non-trivial, with certain components having
confusing default settings, missing operational controls, and implicitly
defined security controls. Also, the state of the Kubernetes codebase has
significant room for improvement. The codebase is large and complex, with
large sections of code containing minimal documentation and numerous
dependencies, including systems external to Kubernetes. There are many
cases of logic re-implementation within the codebase which could be
centralized into supporting libraries to reduce complexity, facilitate
easier patching, and reduce the burden of documentation across disparate
areas of the codebase."
The Kubernetes community has posted the
extensive results [PDF] of a security assessment performed earlier this
year. "Overall, Kubernetes is a large system with significant
operational complexity. The assessment team found configuration and
deployment of Kubernetes to be non-trivial, with certain components having
confusing default settings, missing operational controls, and implicitly
defined security controls. Also, the state of the Kubernetes codebase has
significant room for improvement. The codebase is large and complex, with
large sections of code containing minimal documentation and numerous
dependencies, including systems external to Kubernetes. There are many
cases of logic re-implementation within the codebase which could be
centralized into supporting libraries to reduce complexity, facilitate
easier patching, and reduce the burden of documentation across disparate
areas of the codebase."
