Platform9 Packages Kubernetes Tools for On-Prem Environments

Platform9 packaged together a trio of open source Kubernetes tools in a push to ease the deployment and operation of Kubernetes clusters in air-gapped, on-premises environments.

The tools include its etcdadm command-line interface (CLI), nodeadm CLI node administration tool, and cctl cluster lifecycle management tool. Those tools are now part of the Klusterkit package, though they can be used separately or together.

Arun Sriraman, technical lead manager for Kubernetes at Plaform9, explained in a statement that Klusterkit can work with frameworks like Cluster API and kubeadm to help enterprises use Kubernetes to run their legacy applications. In addition to support for on-premises deployments, Klusterkit allows for the recovery of a failed cluster control plane from an etcd snapshot.

The on-premises support ties to a growing desire by organizations to simplify the management of their data resources across clouds and in house. This angle has been targeted by a number of platforms, including Google’s recent Anthos launch.

Tools in the Kit

Platform9 late last year moved its etcdadm support tool into the open source community via GitHub in an effort to generate momentum behind automating the configuration, deployment, and management of etcd clusters used by Kubernetes to store control plane information. Those tasks were previously either part of more broadly-focused efforts put on the shoulders of a Kubernetes user, or cobbled together by developers.

Etcd is the primary software-defined storage (SDS) location for Kubernetes and needs to be established before Kubernetes can be run on a system. Sriraman explained in a video that etcd is the “backbone for Kubernetes storage.” The Cloud Native Computing Foundation (CNCF) late last year adopted etcd as an incubation project.

https://www.sdxcentral.com

VMware Fixes Security Flaws in vCloud Director, Hypervisor Software

VMware late last week released patches for two security flaws, which ranged from important to critical in terms of severity. The fixes resolved vulnerabilities within its vCloud Director platform and within its hypervisor software: ESXi, Workstation, and Fusion.

The first advisory was directed at a remote session hijack vulnerability found within the vCloud Director platform for service providers, which is VMware’s cloud service delivery platform. The vulnerability was found within the tenant and provider portals and allowed attackers to access the portals through impersonation of someone logged into a session.

This vulnerability was ranked as a “critical” security flaw. It was discovered by four faculty members at Dakota State University.

Hypervisor Flaw

VMware, in its second advisory, addressed a number of security issues within its hypervisor software, including three critical issues and one important issue.

ESXi is VMware’s bare metal hypervisor software; Workstation its hypervisor that runs on x64 versions of Windows and Linux operating systems; and Fusion is its software hypervisor for Macintosh computers.

The first critical flaw affected all three hypervisors and gave malicious actors access to virtual machines (VMs) when a virtual USB controller was present, allowing a hacker to execute code on the host.

The second critical flaw, affecting Workstation and Fusion, was an out-of-bounds vulnerability in their e1000 virtual network adapter. This flaw also allowed the attacker to execute code.

The third, an important fix, also affected Workstation and Fusion with an out-of-bounds vulnerability in both the e1000 and e1000e virtual network adapter. While the flaw could allow code execution from the bad actor, it could also result in denial of service to the actor.

The fourth, and final, critical flaw affected only the Fusion hypervisor. This vulnerability was a result of unauthenticated APIs that could be accessed through a web socket. Bad actors could exploit this by tricking the host user execute functions and perform unauthorized functions on the guest machine where VMware Tools is installed.

https://www.sdxcentral.com