As an AWS Advanced Technology Partner with AWS Containers Competency, Tigera is thrilled to announce that Calico and Calico Enterprise are both now available as AWS Quick Starts. If you’re unfamiliar with the concept, an AWS Quick Start is a ready-to-use accelerator that fast-tracks deployments of key cloud workloads for AWS customers.
Calico and Kubernetes go hand-in-hand. Kubernetes is the de facto standard for deploying and managing container-based applications at scale, both on-premises and in the cloud. Calico continues to be the most popular open-source networking and network security solution for Kubernetes. Despite the cataclysmic events that occurred in 2020, the Calico community, supported by the team at Tigera, remained focused and achieved several major successes. We are excited to share these highlights.
A few weeks ago a solution engineer discovered a critical flaw in Kubernetes architecture and design, and announced that a “security issue was discovered with Kubernetes affecting multi-tenant clusters. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster.” If a hostile user can create a ClusterIP service and set the spec.externalIP field, they can intercept traffic to that IP.
The Domain Name System (DNS) is a naming system for computers, services, or other resources connected to the Internet or a private network. DNS translates domain names to the numerical IP addresses needed for locating and identifying computer services and devices. For decades It’s been an essential component of the Internet. It’s an essential part of Kubernetes as well, and is used to determine how workloads connect to Kubernetes services as well as resources outside the cluster.