Three Surprising Kubernetes Networking Features and How to Defend Against Them

Explore three surprising Kubernetes networking "features" and learn how to defend against them in this 33-minute conference talk by James Cleverley-Prance from ControlPlane. Delve into the complexities hidden beneath Kubernetes' networking model abstractions and challenge perceived trust boundaries. Discover how unchecked issues can expand a cluster's attack surface. Gain insights on the external attack surface of Kubernetes nodes, methods for enumerating externally available cluster information, and techniques for exploiting Linux networking to access internal pods and services. Learn about the potential misuse of CNI configurations and how it can compromise cluster security. Walk away with a deeper understanding of these attack vectors, effective mitigation strategies, and pragmatic defenses to protect your Kubernetes clusters from potential compromises.

Three Surprising K8s Networking “Features” and How to Defend Against Them - James Cleverley-Prance