Securing IBM Cloud Container Service against Spectre and Meltdown

By Ralph Bateman, IBM (Original post here)
What’s happening
We’re taking action to secure our IBM Cloud Container Service against the recent Spectre and Meltdown security vulnerabilities.
We’ve been working closely with our vendors and IBM Cloud Infrastructure teams concerning the security vulnerability announced on January 3, 2018. This vulnerability has the potential to allow those with malicious intent to gather sensitive data from computing devices. Intel believes these exploits do not have the potential to corrupt, modify, or delete data.
Click here to start your 1-year free trial of Cloud Container Service
What’s been done
The hypervisors have already been patched (see IBM Cloud Infrastructure Blog). Now, the kernel for all VMs that run Kubernetes worker nodes must be updated.
We have updated the cloud image that is used to create IBM Cloud Container Service
How do I mitigate the issue
Lite clusters will be patched beginning Monday 15th January by the
How to check my version
You can check the version of your workers using the “bx cs workers <my_clusterid>”
Your cluster should be on of the following versions:
- 1.5.6_1506
- 1.7.4_1506
- 1.8.6_1504