Three Surprising Kubernetes Networking Features and How to Defend Against Them
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore three surprising Kubernetes networking "features" and learn how to defend against them in this 33-minute conference talk by James Cleverley-Prance from ControlPlane. Delve into the complexities hidden beneath Kubernetes' networking model abstractions and challenge perceived trust boundaries. Discover how unchecked issues can expand a cluster's attack surface. Gain insights on the external attack surface of Kubernetes nodes, methods for enumerating externally available cluster information, and techniques for exploiting Linux networking to access internal pods and services. Learn about the potential misuse of CNI configurations and how it can compromise cluster security. Walk away with a deeper understanding of these attack vectors, effective mitigation strategies, and pragmatic defenses to protect your Kubernetes clusters from potential compromises.
Syllabus
Three Surprising K8s Networking “Features” and How to Defend Against Them - James Cleverley-Prance
Taught by
CNCF [Cloud Native Computing Foundation]