Over 900K Kubernetes clusters are misconfigured! Is yours a target? • Graham Cluley
Many thanks to the great team at Teleport, who have sponsored my writing for the past week.
Kubernetes is an amazing platform for managing containers at scale. However, a recent study found that over 900,000 Kubernetes clusters are vulnerable to attack because they are misconfigured! This means that your Kubernetes cluster could be a target for malicious hackers if it is not properly secured. In this article, we will discuss how to secure your Kubernetes cluster and protect it from attack.
The scan from cyble found over 900K Kubernetes clusters exposed to the internet, with over 800 returning an `200 OK` Response code when queried. This means that an anonymous user can potentially get full access to the pods and the Kubernetes Dashboard.
Having a public Kubernetes API server endpoint isn’t necessarily a bad thing. With the correct authentication, it’s OK to keep it public. But as Kubernetes vulnerabilities are found, it’s a good idea to limit the API server endpoint access to only those that need it.
For people self hosts, you can limit IP addresses using software-based firewalls and if using a hosted Kubernetes service, many offer the ability to make the API either Public, Limited per CIDR or Private. Private only lets access via a VPC and completely disables public internet access to the API Server. If using AWS, EKS information on securing the public endpoint is available here.
Providing secure access at scale?
One problem with the above proposal is it’s either limited to static CIDR blocks (what happens if I work from home or go to the office?) — or I need a method of using a bastion or jump host to get into the VPC. This is where an OSS tool such as Teleport can provide the solution. Teleport is an identity-based access plane that can be deployed in a public subnet to provide a secure gateway to one or many Kubernetes clusters.
Decommission unused auth methods and unused tokens
Perform periodic review of unused auth methods and auth tokens and remove or disable them. Administrators often use certain tools to help ease setup with the Kubernetes cluster and later switch to other methods for managing clusters. It is important in this case that…
