kubelet-exploit
kubelet-exploit copied to clipboard
Document kubelet authentication + authorization
Hi! As of Kubernetes 1.5 the kubelet has the ability to restrict its API using client certs or via an internal Kubernetes token. A full overview can be found here:
https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
This isn't on by default, but is a much better than SSH to avoid this exploit.
Maybe a link to this doc could be added to the "workarounds" section? (Happy to send the PR.)