K
Q

Kubernetes kubelet security issue

7/5/2018

We are using EKS that is integrated with Vault using kubernetes as 'auth-backend' for Vault. One of the security flaw we see is that, if someone has access to kubelet certs, they can impersonate kubelet and hence can acquire secret for a service account that a pod has been mapped to (service account which already has Vault creds access as per the Vault Role defined) and authenticate itself with Vault and get the DB credentials from Vault. Is there a way to mitigate this.Basically how can we mitigate the risk of someone impersonating kubelet.

-- Rajarajan Pudupatti Sundari Je
amazon-eks
hashicorp-vault
kubernetes
kubernetes-security

Similar Questions

Automated deployment of a dockerized application on a single machine
ElasticSearch 6.3.0 on Kubernetes
run flask app kubernetes
Getting ERROR: (gcloud.compute.instances.list) while trying to setup kubernetes for the first time
How to set the private ip address of AWS NLB when create Kubenetes service?
how to fix 404 not found when accessing URL routes while deploying an app using nginx?
Report Tekton pipeline status to GitLab regardless if pipeline failed or succeeded (using gitlab-set-status Task)
deploy angular and sprint boot app in azure kubernetes using docker and azure container registry
Setting GCP credentials for container when running K8s in Google cloud

0 Answers