Slide 22
Slide 22 text
Kubernetes Cluster
Worker Node(s)
Kubernetes Pod(s)
Master Node(s)
Kubernetes Control Plane
Kubernetes Architecture
24
API Server Controller
Scheduler
etcd
Kubelet
Containers Applications
Attack Vector
Attack Vector Risk Mitigation
Access to node Compromise entire cluster SSH on secure ports, authn,
authz
Access to etcd Access secrets, labels and
resources, understand system
layout
Run a private network, within a
VPC, employ secure comms
channels
Access to K8s API
server
Compromise entire cluster TLS, use certificates, authn
Inject control plane
traffic
Replace authentic K8s modules TLS, rotate credentials,
patches, upgrades
Access Kubelet Apply malicious actions to
workloads
Closed to external networks
Container runtime Compromising workloads,
escalate privileges to host
Use hardened container
runtimes
Escape container to
host
Compromise entire cluster No root privileges, prevent
escalation
Intercept app traffic Compromise user data,
potentially escape container to
host if root is used
Limit ports, persisted data are
scanned for malware and
viruses, good app sec hygiene
Platform’s responsibilities Dev’s responsibilities Admin’s responsibilities
As a platform, OpenShift handles these for you
Source: OpenShift Security Guide