From the course: Kubernetes Network and Cluster Hardening by Pearson
Join today to access over 25,200 courses taught by industry experts.
Test Kubelet and node metadata security - Kubernetes Tutorial
From the course: Kubernetes Network and Cluster Hardening by Pearson
Test Kubelet and node metadata security
Testing the kubelet and node metadata security requires that you really look at a couple of different files. One is the kubelet-config.yaml. Now, we spent a little time going through this, but there are some key areas that we have to make sure are set appropriately. Authentication anonymous enabled equals to false. We talked about that in the previous one. This is going to disable that anonymous access to the kubelet API. Then you have the authentication webhook enabled equals true. This is going to allow you to be able to set up the ability for the API server to enforce role-based access control. And then you have the authorization mode webhook. That is what is going to then turn that over to the kubelet, or turn that over to the API server so that the kubelet can get authorization for each connection. Then you have the protect kernel defaults equals true. Now, this one is going to allow the kubelet to be able to enforce the configurations for kernel defaults. And this is an extra…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.