[CKS] Cluster Setup - Protect node metadata and GUI elements

CKS

[CKS] Cluster Setup - Protect node metadata and GUI elements

mov.M 2024. 1. 8. 17:09

Cluster Setup (10%)

- Use Network security policies to restrict cluster level access

- Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)

- Properly set up Ingress objects with security control

- Protect node metadata and endpoints

- Minimize use of, and access to, GUI elements

- Verify platform binaries before deploying

Kubernetes Node의 Default Ports and Protocols

※ 참고 : https://kubernetes.io/docs/reference/networking/ports-and-protocols/

Ports and Protocols

When running Kubernetes in an environment with strict network boundaries, such as on-premises datacenter with physical network firewalls or Virtual Networks in Public Cloud, it is useful to be aware of the ports and protocols used by Kubernetes components.

kubernetes.io

Control Plane

Worker Node(s)

Kubernetes GUIS

※ 참고 : https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

kubernetes에서는 클러스터 관리를 할 수 있는 GUI 형태의 Dashboard를 제공함. (Kubernetes Dashboard)

GUI툴의 보안설정을 통해(RBAC, Network Policy등) 클러스터 내부 정보가 노출되지 않도록 유의해야 함.