How to secure .kube/config
, so that even if our computer containing that file is compromised, our cluster is still secure?
e.g. It's not as straightforward as running kubectl delete deployment
to delete our deployment (assuming we are the super admin in RBAC)
There are multiple ways of doing this, in case your machine gets compromised and you want to disable access to the cluster. Note that no solution will prevent a small window where a hacker can gain access and do some damage.
OIDC authentication (OpenID Connect). Mitigation -> Disable the OIDC user on the OIDC provider and enable a lifetime for the session in the OIDC provider.
Webhook authentication. Mitigation -> disable client certs on the webhook service and the token lifetime is controlled by --authentication-token-webhook-cache-ttl
which defaults to 2 minutes. In this case, the webhook service manages the tokens on your K8s cluster.
Authenticating Proxy. Mitigation -> disable users on the proxy.
Client Go credential plugins. Mitigation -> Disable user in the provider where the plugin is authenticating with. For example, the AWS IAM Authenticator uses this, so you would delete or disable the IAM user on AWS.