The vulnerability under the tag: CVE-2018-1002105 causes a critical security gap within the following Kubernetes versions
Kubernetes v1.0.x-1.9.x
Kubernetes v1.10.0-1.10.10 (fixed in v1.10.11)
Kubernetes v1.11.0-1.11.4 (fixed in v1.11.5)
Kubernetes v1.12.0-1.12.2
Our PaaS service Cloud Container Engine (CCE) was also affected. The platform has been patched on last Saturday (15.12.2018). Details can be found below and how clusters can be checked by yourself.
The following guide will help you to install a 2-node Kubernetes cluster with Kubespray and providing Kata Container support. The cluster will consist of one master server which will be built on ECS (Elastic Cloud Server) and one node which will be built on BMS (Bare Metal Server). BMS is being used due to a current limitation of ECS on OTC, the ECS does not support nested virtualization which would be required for Kata runtime.
Open Telekom Cloud (OTC) Release 3.1 provides a completely new "Elastic LoadBalancer Version 2" (ELBv2) which includes a lot of new features (see comparison table) and provides better performance. It was activated for the public OTC production environment (eu-de) in early September 2018.