Reputation: 37668
How to improve Kubernetes security especially inter-Pods?
TL;DR Kubernetes allows all containers to access all other containers on the entire cluster, this seems to greatly increase the security risks. How to mitigate?
Unlike Docker, where one would usually only allow network connection between containers that need to communicate (via --link), each Pod on Kubernetes can access all other Pods on that cluster.
That means that for a standard Nginx + PHP/Python + MySQL/PostgreSQL, running on Kubernetes, a compromised Nginx would be able to access the database.
People used to run all those on a single machine, but that machine would have serious periodic updates (more than containers), and SELinux/AppArmor for serious people.
One can mitigate a bit the risks by having each project (if you have various independent websites for example) run each on their own cluster, but that seems wasteful.
The current Kubernetes security seems to be very incomplete. Is there already a way to have a decent security for production?
Upvotes: 3
Views: 1617
Answers (2)
Reputation: 8238
As @tim-hockin says, we do plan to have a way to partition the network.
But, IMO, for systems with more moving parts, (which is where Kubernetes should really shine), I think it will be better to focus on application security.
Taking your three-layer example, the PHP pod should be authorized to talk to the database, but the Nginx pod should not. So, if someone figures out a way to execute an arbitrary command in the Nginx pod, they might be able to send a request to the database Pod, but it should be rejected as not authorized.
I prefer the application-security approach because:
- I don't think the
--linksapproach will scale well to 10s of different microservices or more. It will be too hard to manage all the links. - I think as the number of devs in your org grows, you will need fine grained app-level security anyhow.
In terms of being like docker compose, it looks like docker compose currently only works on single machines, according to this page: https://github.com/docker/compose/blob/master/SWARM.md
Upvotes: 1
Reputation: 3662
In the not-too-distant future we will introduce controls for network policy in Kubernetes. As of today that is not integrated, but several vendors (e.g. Weave, Calico) have policy engines that can work with Kubernetes.
Upvotes: 1
Related Questions
- Kubernetes in-cluster-communication security
- Cover for unhealthy pods
- Kubernetes security vulnerabilities
- Securing kubernetes inter-service -- how is this done?
- How to secure kubectl access?
- Kubernetes best practices in pods
- Kubernetes Securing services
- Kubernetes over internet
- kubernetes: intra-cluster isolation of applications
- Secure Kubernetes API