Every Kubernetes cluster is potentially vulnerable to CVE-2020-8554. Utilizing Policy Controller, or OPA Gatekeeper on GKE, this vulnerability can be effectively mitigated at scale. Using admission controllers like Policy Controller is a fundamental design element for any secure kubernetes deployment.
In November, the Kubernetes project disclosed a vulnerability which every Kuberenetes administrator or adopter should be aware of. The vulnerability, known as CVE-2020-8554, stems from default permissions allowing users to create objects that could act as a “Man in the Middle” and therefore potentially intercept sensitive data. If you are using a Google Cloud managed solution like Anthos or Kubernetes Engine (GKE), you can easily and effectively mitigate this vulnerability. In this blog, we’ll show you how.
First let’s talk about the vulnerability.
Who is vulnerable: CVE-2020-8554 affects all multi-tenant Kubernetes clusters. Multi-tenancy is defined in a Kubernetes cluster as a single cluster with multiple users who require isolation from each other.
What can happen: This vulnerability by itself does not give an attacker permissions to create a Kubernetes Service. However, an attacker who has obtained permissions to create a Kubernetes Service of type LoadBalancer or ClusterIP might be able to intercept network traffic originating from other Pods in the cluster.
To address this vulnerability Policy Controller or Open Policy Agent Gatekeeper (OPA) can be used to implement constraints to mitigate this issue. The rest of this blog shows you the power of the Policy Controller component of Anthos Config Management (ACM) to do this.
Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.
Mismanagement of multi-cloud expense costs an arm and leg to business and its management has become a major pain point. Here we break down some crucial tips to take some of the management challenges off your plate and help you optimize your cloud spend.
Fortunesoft is a renowned Hybrid app development company. We have a record of developing 100+ Hybrid mobile apps with modern technologies. From 10+ years, our expert hybrid app developers are building the most resourceful range of smart applications to help enterprises achieve maximum ROI on their investment and increase sales opportunities. We design, develop and deploy dynamic and user friendly hybrid applications which include both IOS and Android applications for startups and enterprises of all sizes.
This article explains how you can leverage Kubernetes to reduce multi cloud complexities and improve stability, scalability, and velocity.
This conference is your free opportunity to develop skills with the leading open source tools and technologies on IBM Cloud and Red Hat OpenShift to build smart and secure cloud native applications.