{"id":310,"date":"2025-01-31T17:28:06","date_gmt":"2025-02-01T02:28:06","guid":{"rendered":"https:\/\/siekmann.cloud\/?p=310"},"modified":"2025-01-31T17:28:07","modified_gmt":"2025-02-01T02:28:07","slug":"episode-19-k8-security-node-security-issue-rancher-launches-rockoon-yellowbrick-saves-with-repatriation","status":"publish","type":"post","link":"https:\/\/siekmann.cloud\/?p=310","title":{"rendered":"Episode 19 &#8211; K8 Security node security issue &#8211; Rancher launches Rockoon- Yellowbrick saves with repatriation"},"content":{"rendered":"<div class=\"powerpress_player\" id=\"powerpress_player_567\"><audio class=\"wp-audio-shortcode\" id=\"audio-310-1\" preload=\"none\" style=\"width: 100%;\" controls=\"controls\"><source type=\"audio\/mpeg\" src=\"https:\/\/siekmann.cloud\/wp-content\/uploads\/2025\/01\/019-Episode-19-K8-Security-node-security-issue-Rancher-launches-Rockoon-Yellowbrick-saves-with-repatriation.mp3?_=1\" \/><a href=\"https:\/\/siekmann.cloud\/wp-content\/uploads\/2025\/01\/019-Episode-19-K8-Security-node-security-issue-Rancher-launches-Rockoon-Yellowbrick-saves-with-repatriation.mp3\">https:\/\/siekmann.cloud\/wp-content\/uploads\/2025\/01\/019-Episode-19-K8-Security-node-security-issue-Rancher-launches-Rockoon-Yellowbrick-saves-with-repatriation.mp3<\/a><\/audio><\/div><p class=\"powerpress_links powerpress_links_mp3\" style=\"margin-bottom: 1px !important;\">Podcast: <a href=\"https:\/\/siekmann.cloud\/wp-content\/uploads\/2025\/01\/019-Episode-19-K8-Security-node-security-issue-Rancher-launches-Rockoon-Yellowbrick-saves-with-repatriation.mp3\" class=\"powerpress_link_pinw\" target=\"_blank\" title=\"Play in new window\" onclick=\"return powerpress_pinw('https:\/\/siekmann.cloud\/?powerpress_pinw=310-podcast');\" rel=\"nofollow\">Play in new window<\/a> | <a href=\"https:\/\/siekmann.cloud\/wp-content\/uploads\/2025\/01\/019-Episode-19-K8-Security-node-security-issue-Rancher-launches-Rockoon-Yellowbrick-saves-with-repatriation.mp3\" class=\"powerpress_link_d\" title=\"Download\" rel=\"nofollow\" download=\"019-Episode-19-K8-Security-node-security-issue-Rancher-launches-Rockoon-Yellowbrick-saves-with-repatriation.mp3\">Download<\/a> | <a href=\"#\" class=\"powerpress_link_e\" title=\"Embed\" onclick=\"return powerpress_show_embed('310-podcast');\" rel=\"nofollow\">Embed<\/a><\/p><p class=\"powerpress_embed_box\" id=\"powerpress_embed_310-podcast\" style=\"display: none;\"><input id=\"powerpress_embed_310-podcast_t\" type=\"text\" value=\"&lt;div class=&quot;powerpress_player&quot; id=&quot;powerpress_player_568&quot;&gt;&lt;audio class=&quot;wp-audio-shortcode&quot; id=&quot;audio-310-2&quot; preload=&quot;none&quot; style=&quot;width: 100%;&quot; controls=&quot;controls&quot;&gt;&lt;source type=&quot;audio\/mpeg&quot; src=&quot;https:\/\/siekmann.cloud\/wp-content\/uploads\/2025\/01\/019-Episode-19-K8-Security-node-security-issue-Rancher-launches-Rockoon-Yellowbrick-saves-with-repatriation.mp3?_=2&quot; \/&gt;&lt;a href=&quot;https:\/\/siekmann.cloud\/wp-content\/uploads\/2025\/01\/019-Episode-19-K8-Security-node-security-issue-Rancher-launches-Rockoon-Yellowbrick-saves-with-repatriation.mp3&quot;&gt;https:\/\/siekmann.cloud\/wp-content\/uploads\/2025\/01\/019-Episode-19-K8-Security-node-security-issue-Rancher-launches-Rockoon-Yellowbrick-saves-with-repatriation.mp3&lt;\/a&gt;&lt;\/audio&gt;&lt;\/div&gt;\" onclick=\"javascript: this.select();\" onfocus=\"javascript: this.select();\" style=\"width: 70%;\" readOnly><\/p>\n<ol class=\"wp-block-list\">\n<li>Security issue in Windows K8 nodes<\/li>\n\n\n\n<li>Rancher launches Rockoon, a Kubernetes controller for OpenStack.<\/li>\n\n\n\n<li>Yellowbrick takes a page out of 37signals cloud repatriation manual<\/li>\n\n\n\n<li>A podcast recommendation<\/li>\n<\/ol>\n\n\n\n<p><a href=\"https:\/\/github.com\/kubernetes\/kubernetes\/issues\/129654\">CVE-2024-9042: Command Injection affecting Windows nodes via nodes\/*\/logs\/query API \u00b7 Issue #129654<\/a><br><a href=\"https:\/\/www.akamai.com\/blog\/security-research\/2024-january-kubernetes-log-query-rce-windows\">Exploit Me, Baby, One More Time: Command Injection in Kubernetes Log Query | Akamai<\/a><br><a href=\"https:\/\/www.businesswire.com\/news\/home\/20250128753886\/en\/Mirantis-Launches-Open-Source-Software-that-Streamlines-OpenStack-Management-on-Kubernetes\">Mirantis Rockoon<\/a> and the <a href=\"https:\/\/github.com\/mirantis\/rockoon\">Github repository<\/a><br><a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/google-sre-prodcast\/id1615778073\">Google SRE podcast<\/a><\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Security issue in Windows K8 nodes<\/h1>\n\n\n\n<p>This one is important, so let\u2019s get it out of the way right away. There\u2019s a security issue with Kubernetes versions that allows takeover of all Windows nodes in a cluster.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Mirantis launches Rockoon<\/h1>\n\n\n\n<p>You probably knew that a Rockoon is a rocket attached to a balloon, right?! Well, I didn\u2019t. According to Wikipedia a rockoon \u201cis a sounding rocket that, rather than being lit immediately while still on the ground, is first carried into the upper atmosphere by a gas-filled balloon, then separated from the balloon and ignited. This allows the rocket to achieve a higher altitude, as the rocket does not have to move under power through the lower and thicker layers of the atmosphere.\u201d<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Yellowbrick saves tons of money with Cloud repatriation<\/h1>\n\n\n\n<p>Here\u2019s another company saving money by moving off the hyperscalers &#8211; Yellowbrick is a Postgres look-alike database in the cloud and was previously hosted on three cloud providers, costing around $6 million. How they were able to cut cost in half my moving to a K8-based on-premises solution is described in <a href=\"https:\/\/www.neilcarson.me\/kubernetes-halved-cloud-spend\/\">an informative blog post <\/a>by their CEO.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">A podcast recommendation<\/h1>\n\n\n\n<p>Here\u2019s my recommendation for this episode and it\u2019s somewhat tied with the previous topic &#8211; the Google SRE Prodcast. It is Google&#8217;s podcast about Site Reliability Engineering and production software. What I like most about it is that they bring the receipts.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE-2024-9042: Command Injection affecting Windows nodes via nodes\/*\/logs\/query API \u00b7 Issue #129654Exploit Me, Baby, One More Time: Command Injection in Kubernetes Log Query | AkamaiMirantis Rockoon and the Github repositoryGoogle SRE podcast Security issue in Windows K8 nodes This one is important, so let\u2019s get it out of the way right away. There\u2019s a security issue with Kubernetes versions that allows takeover of all Windows nodes in a cluster. Mirantis launches Rockoon You probably knew that a Rockoon is a rocket attached to a balloon, right?! Well, I didn\u2019t. According to Wikipedia a rockoon \u201cis a sounding rocket that, rather than being lit immediately while still on the ground, is first carried into the upper atmosphere by a gas-filled balloon, then separated from the balloon and ignited. This allows the rocket to achieve a higher altitude, as the rocket does not have to move under power through the lower and&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/siekmann.cloud\/?p=310\">Continue Reading<span class=\"screen-reader-text\">Episode 19 &#8211; K8 Security node security issue &#8211; Rancher launches Rockoon- Yellowbrick saves with repatriation<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[49,40,50,36,48,51,44,47],"class_list":["post-310","post","type-post","status-publish","format-standard","hentry","category-podcast","tag-drbd","tag-ec2","tag-ec3","tag-k8","tag-linbit","tag-openstack","tag-portland","tag-yellowbrick","entry"],"_links":{"self":[{"href":"https:\/\/siekmann.cloud\/index.php?rest_route=\/wp\/v2\/posts\/310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/siekmann.cloud\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/siekmann.cloud\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/siekmann.cloud\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/siekmann.cloud\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=310"}],"version-history":[{"count":1,"href":"https:\/\/siekmann.cloud\/index.php?rest_route=\/wp\/v2\/posts\/310\/revisions"}],"predecessor-version":[{"id":311,"href":"https:\/\/siekmann.cloud\/index.php?rest_route=\/wp\/v2\/posts\/310\/revisions\/311"}],"wp:attachment":[{"href":"https:\/\/siekmann.cloud\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/siekmann.cloud\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/siekmann.cloud\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}