Protecting contents of Persistent Volumes

1/14/2019

Let's say that a pod is compromised and has kubectl installed. It's in the same namespace as a persistent volume containing sensitive data. This persistent volume is only meant to be mounted by a different pod in that namespace. The attacker could deploy a new pod that mounts that volume, and access the sensitive information from there.

What are the ways to limit mounting that volume to only the intended pods? More generally, how can access to that volume be protected?

-- Tyler Camp
kubernetes
persistent-volumes

0 Answers