kubelet-exploit icon indicating copy to clipboard operation
kubelet-exploit copied to clipboard

Published 20 hours ago verified publisher icon kayrus

Document kubelet authentication + authorization

Open ericchiang opened this issue 7 years ago • 3 comments

Hi! As of Kubernetes 1.5 the kubelet has the ability to restrict its API using client certs or via an internal Kubernetes token. A full overview can be found here:

https://kubernetes.io/docs/admin/kubelet-authentication-authorization/

This isn't on by default, but is a much better than SSH to avoid this exploit.

Maybe a link to this doc could be added to the "workarounds" section? (Happy to send the PR.)

ericchiang avatar Mar 02 '17 18:03 ericchiang