From the course: Kubernetes Network and Cluster Hardening by Pearson
Join today to access over 25,200 courses taught by industry experts.
Node metadata protection - Kubernetes Tutorial
From the course: Kubernetes Network and Cluster Hardening by Pearson
Node metadata protection
Being able to protect the metadata that Kubernetes has is essential to being able to protect the cluster itself. Now there's been a lot of examples in the news of situations where metadata has been compromised or access to certain systems have been compromised based on the fact that they've just been left open. And understand that reconnaissance and information gathering is one of the first things that that an attacker is gonna try to do, and metadata is an amazing place to be able to find that information. So everything from what the Kubelet API can provide, everything going to that port 10.250, which we talked about before, there are ways to be able to send commands to it just like you were pretending to be the API server. So if you don't have that properly locked down, you can issue a lot of commands to it that could potentially get you either insights into what's stored within it, or even be able to get access to the details of what pods are running and other different components…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.