Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎05-19-2022 09:46 PM
‎05-19-2022 09:46 PM

Kubernetes exposed to the internet

HI All

 

Well we have been talking about it, and now the reality has been realised.

 

Back to the Shared Responsibility Model from the cloud provider; who responsibility when we know those who do not read the documentation i.e. the client - you must not should place a gateway in front of all public access to your stack.  A load balancer is not sufficient, a Web Application Firewall is a good idea, but remember there are many high end ports left open by default by Cloud Providers, which can provide direct insights from the internet directly.   So read, read again, and check with the cloud provider and other sources to validate that you are protected or not.

 

https://www.darkreading.com/application-security/more-than-eight-in-10-kubernetes-api-servers-expose...

 

Regards

 

Caute_Cautim

Reply
1 Reply
AppDefects
Community Champion
‎05-21-2022 10:34 AM
‎05-21-2022 10:34 AM

This is a serious call for action. Review your K8S clusters for ingress control now!

Reply
0 Kudos