New Evergreen Release of Kubernetes 1.9.4 on DC/OS
Mesosphere DC/OS customers benefit from rapid Kubernetes releases.
The DC/OS package for Kubernetes 1.9.4, which fixed a critical security vulnerability found in Kubernetes itself, is now generally available.
As stated in the Github issue, the vulnerability affects most versions of Kubernetes after 1.3. DC/OS announced the general availability of open source Kubernetes version 1.9.3 on DC/OS 1.11 last week. The Kubernetes team at Mesosphere had the new package and documentation ready for customers the day of its release. This release also fixed an issue with the DC/OS SDK that affected the Kubernetes service.
The Kubernetes security vulnerability compromised clusters that allowed untrusted users access to the pod specification and would be more likely to affect shared clusters more than clusters that are used by a single team within an organization.
This security vulnerability was quickly patched by the active and large Kubernetes community and highlights another important reason for having a constant awareness of newly discovered security vulnerabilities, a painless upgrade path, and the option to have the newest version soon after a Kubernetes release.
DC/OS 1.11 includes enhanced security for Kubernetes that enforces secure configuration settings for authentication, authorization and secure networking. DC/OS 1.11 can be configured to secure application and data services traffic using SSL/TLS.
The documentation on Kubernetes 1.9.4 on DC/OS 1.11 is available on Mesosphere's site. The Mesosphere team will release Kubernetes 1.9.5 as it becomes available in the coming week to addresses other issues found in Kubernetes.
Getting Started with DC/OS 1.11 and Kubernetes 1.9.4, Batteries Included
Push-Button Kubernetes for Existing Customers
Once existing customers have updated to DC/OS 1.11, they should use the Kubernetes 1.9.4 package. For more information see official documentation.
Quickstart for New Open Source DC/OS Users
For those that are new to DC/OS, there is now a Quickstart (including Terraform templates for AWS, Microsoft Azure, and Google Cloud) to get you up and running quickly.