K
Q

Is it possible to restrict metadata access in containers on Google Container Engine?

4/4/2017

I'm interested in running untrusted code in containers. Unfortunately, it seems that the containers get access to the metadata endpoint (metadata.google.internal) which gives them some internal information about the cluster. Containers also seem to get a token that gives them access to some google cloud services on my account (is that through the metadata endpoint?).

Is there a way to fix that? Are there other resources that need to be restricted for running untrusted code to be safe on GKE?

-- Roger Jacobson
google-kubernetes-engine

Similar Questions

How do you manage kubernetes deployment yaml file with continuous delivery?
Kubernetes Replication Controller name is not RFC1035 compliant
Kubernetes Docker OS parameters vs Host OS parameters
Multiple environments (Staging, QA, production, etc) with Kubernetes

0 Answers