Is Kubernetes Ingress secure enough to avoid adding a DMZ in front of Kubernetes to expose Pods and Services ? What would happen if someone "hacked" into a Pod ?
Thanks.
This is a pretty open-ended question. In Google Cloud, I think an Ingress is usually a Google Cloud Load Balancer. Presumably, a cloud load balancer would be very secure compared to a DMZ you manage. A k8s Ingress would also be typically limited to HTTP traffic, so a "hack" through an ingress would likely need to leverage an application layer vulnerability. It depends a lot on your specific setup.
In terms of Pod security, something getting execution access in a Pod would be bad. Docker is not meaningfully secure or meaningfully sandboxed. Again, this depends on your setup, but as a clear analogy: a k8s Pod is not recommended for running untrusted code.
This is an opinion question so I'll answer with an option.
It's very secure if you follow standard security practices for your cluster. But nothing is 100% secure. So adding a DMZ would help reduce your attack vectors.
In terms of protecting your Ingress from outside, you can limit your access for your external load balancer just to HTTPS, and most people do that but note that HTTPS and your application itself can also have vulnerabilities.
As for your pods and workloads, you can increase security (at some performance cost) using things like a well-crafted seccomp profile and or adding the right capabilities in your pod security context. You can also add more security with AppArmor or SELinux, but lots of people don't since it can get very complicated.
There are also other alternatives to Docker in order to more easily sandbox your pods (still early in their lifecycle as of this writing): Kata Containers, Nabla Containers and gVisor.