I'm curious about the security implications of running Kubernetes on cloud services like EKS or AKS. If you've set up a cluster recently, have you noticed any suspicious probes occurring shortly after creating it or exposing your API or Ingress? If so, what were the first things that got hit, and what hardening measures did you find effective in the first hour? I'm talking about steps like CIDR allowlisting, using private endpoints, and implementing policies with tools like Gatekeeper or Kyverno.
4 Answers
For EKS, I recommend using security groups to control incoming traffic. Make sure your load balancer is configured to only allow traffic to the Ingress controller. Also, consider making your cluster endpoint private and using only private subnets for your nodes.
It's a bit confusing to link Kubernetes security concerns directly to network operators. You shouldn't run Kubernetes in a completely open environment. Instead, make sure to set up your cluster firewalled from the get-go. Properly configuring your access points is vital—no one should expose the Kubernetes API unnecessarily.
Exposing the API server is definitely a major security risk. Always prioritize hardening that point before anything else.
The real issue is understanding why your Kubernetes API is exposed to the public internet in the first place. Security should focus on restricting that access from day one.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures