TL;DR: a PoC demonstrating Spectre , the nasty CPU bug, running on Kubernetes. If you haven’t been living under a rock, you have heard about , two really nasty hardware bugs, affecting many if not all modern (desktop and server) CPUs. Meltdown and Spectre So, when reading up on those two fellas I was asking myself: how do they impact a cluster and/or apps running on it? Given there’s an , what would be easier to put it into a like so: Kubernetes example C source code available for Spectre container And then run it in Kubernetes, for example, using: $ kubectl run spectre \--image=quay.io/mhausenblas/spectre:0.1 \--restart=Never Turns out that works. Checking the logs with: $ kubectl logs spectre That’s it! Well, 2018 certainly started, erm, very interesting. We’ll have a lot of work in front of us—I’ve seen first being worked on—and for now the best we can do is not to pull random images from untrusted registries and run in our clusters, but I suppose you knew this already and (hopefully) don’t do it anyway. issues Some thoughts an a disclaimer: this PoC is a low-hanging fruit, it’s using a way too big image (heck, 500MB!), it doesn’t prove any general attack, just that the known exploit can be packaged as a container and run in a Kubernetes cluster. Also, I’m not speaking on behalf of my employer or in any official , I was just interested in how hard is it to carry out this exercise in a containerized environment. capacity

Spectre-on-Kubernetes, a proof of concept

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

7 ways to do containers on AWS

105 Stories To Learn About K8s

10 Best Practices for Using Kubernetes Network Policies

1 Stories To Learn About Weekly Sponsor

3 Free Ways to Learn Kubernetes and Red Hat OpenShift

21 Resources and Tutorials to Learn Kubernetes

7 ways to do containers on AWS

105 Stories To Learn About K8s

10 Best Practices for Using Kubernetes Network Policies

1 Stories To Learn About Weekly Sponsor

3 Free Ways to Learn Kubernetes and Red Hat OpenShift

21 Resources and Tutorials to Learn Kubernetes

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps