cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Kubernetes exposed to the internet

HI All

 

Well we have been talking about it, and now the reality has been realised.

 

Back to the Shared Responsibility Model from the cloud provider; who responsibility when we know those who do not read the documentation i.e. the client - you must not should place a gateway in front of all public access to your stack.  A load balancer is not sufficient, a Web Application Firewall is a good idea, but remember there are many high end ports left open by default by Cloud Providers, which can provide direct insights from the internet directly.   So read, read again, and check with the cloud provider and other sources to validate that you are protected or not.

 

https://www.darkreading.com/application-security/more-than-eight-in-10-kubernetes-api-servers-expose...

 

Regards

 

Caute_Cautim

1 Reply
AppDefects
Community Champion

This is a serious call for action. Review your K8S clusters for ingress control now!