Understanding the Kubernetes Attack Surface

and boom…

Your cluster is as secure as the system running it 🔥

Private topology ⛅

Firewall ports 🔥

  • Check if you can define a listen IP/interface to bind the service to, if possible 127.0.0.1/lo
  • If selectively binding to an IP/interface is not possible, then firewall the port

Bastion host ☁️

Kubernetes Security Scan with kube-bench 🔥

API settings

Authorization mode & anonymous auth 💥

Insecure Port 💥

Disable Profiling ☁️

AdmissionController

--

--

--

Cloud Security, Automation, DevOps, AWS, Azure, GCP

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Wireshark for Beginners

Ocean Protocol AMA

GOGO/USDT Will be Available on CoinTiger at 18:00 on Feb 5, 2021. 0.4 ETH to Give Away!

What Is Zero Trust Architecture?

How NSE5_FMG-6.2 Dumps helped me to ace my Fortinet certification within a short time

NFT component

CoinTiger X CRP is officially launched by CoinTiger!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jon Goldman

Jon Goldman

Cloud Security, Automation, DevOps, AWS, Azure, GCP

More from Medium

CVE-2022–0185: Impact On Kubernetes Workloads

Primeros pasos con OpenShift

Kubernetes Ingress and Services troubleshooting

Using Kubernetes sidecar containers