Protecting your Kubernetes deployments with Policy Controller

Protecting your Kubernetes deployments with Policy Controller

Every Kubernetes cluster is potentially vulnerable to CVE-2020-8554. Utilizing Policy Controller, or OPA Gatekeeper on GKE, this vulnerability can be effectively mitigated at scale. Using admission controllers like Policy Controller is a fundamental design element for any secure kubernetes deployment.

In November, the Kubernetes project disclosed a vulnerability which every Kuberenetes administrator or adopter should be aware of. The vulnerability, known as CVE-2020-8554, stems from default permissions allowing users to create objects that could act as a “Man in the Middle” and therefore potentially intercept sensitive data. If you are using a Google Cloud managed solution like Anthos or Kubernetes Engine (GKE), you can easily and effectively mitigate this vulnerability. In this blog, we’ll show you how. 

First let’s talk about the vulnerability. 

Who is vulnerable: CVE-2020-8554 affects all multi-tenant Kubernetes clusters. Multi-tenancy is defined in a Kubernetes cluster as a single cluster with multiple users who require isolation from each other.

What can happen: This vulnerability by itself does not give an attacker permissions to create a Kubernetes Service. However, an attacker who has obtained permissions to create a Kubernetes Service of type LoadBalancer or ClusterIP might be able to intercept network traffic originating from other Pods in the cluster.

To address this vulnerability Policy Controller or Open Policy Agent Gatekeeper (OPA) can be used to implement constraints to mitigate this issue. The rest of this blog shows you the power of the Policy Controller component of Anthos Config Management (ACM) to do this.

containers & kubernetes exploring container security application modernization hybrid & multi-cloud application development

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

50+ Useful Kubernetes Tools for 2020 - Part 2

Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.

Multi-cloud Spending: 8 Tips To Lower Cost

Mismanagement of multi-cloud expense costs an arm and leg to business and its management has become a major pain point. Here we break down some crucial tips to take some of the management challenges off your plate and help you optimize your cloud spend.

Top Hybrid App Development Company | San Francisco Nashville US Bangalore

Fortunesoft is a renowned Hybrid app development company. We have a record of developing 100+ Hybrid mobile apps with modern technologies. From 10+ years, our expert hybrid app developers are building the most resourceful range of smart applications to help enterprises achieve maximum ROI on their investment and increase sales opportunities. We design, develop and deploy dynamic and user friendly hybrid applications which include both IOS and Android applications for startups and enterprises of all sizes.

Kubernetes in the Cloud: Strategies for Effective Multi Cloud Implementations

This article explains how you can leverage Kubernetes to reduce multi cloud complexities and improve stability, scalability, and velocity.

Free cloud native security conference hosted by IBM Developer

This conference is your free opportunity to develop skills with the leading open source tools and technologies on IBM Cloud and Red Hat OpenShift to build smart and secure cloud native applications.