K
Q

Protecting contents of Persistent Volumes

1/14/2019

Let's say that a pod is compromised and has kubectl installed. It's in the same namespace as a persistent volume containing sensitive data. This persistent volume is only meant to be mounted by a different pod in that namespace. The attacker could deploy a new pod that mounts that volume, and access the sensitive information from there.

What are the ways to limit mounting that volume to only the intended pods? More generally, how can access to that volume be protected?

-- Tyler Camp
kubernetes
persistent-volumes

Similar Questions

kubernetes efk: what does fluentd's 'filter' filter?
What is the use case of setting memory request less than limit in . K8s
How to divide after grouping two different metrics in Prometheus?
do i need kubernertes-cadvisor up to monitor kubernetes

0 Answers