我应该在Kubernetes面前添加DMZ吗?
[英]Should I add a DMZ in front of Kubernetes?
问题描述
Is Kubernetes Ingress secure enough to avoid adding a DMZ in front of Kubernetes to expose Pods and Services ? 
Kubernetes Ingress是否足够安全,以避免在Kubernetes面前添加DMZ以暴露Pods和服务? What would happen if someone "hacked" into a Pod ? 如果有人“入侵”Pod,会发生什么?
Thanks. 谢谢。
2 个解决方案
解决方案1
1 2018-10-12 15:29:20
This is an opinion question so I'll answer with an option. 这是一个意见问题,所以我会回答一个选项。
It's very secure if you follow standard security practices for your cluster. 如果您遵循群集的标准安全实践 ,则非常安全。 But nothing is 100% secure. 但没有什么是100%安全的。 So adding a DMZ would help reduce your attack vectors. 因此添加DMZ有助于减少攻击媒介。
In terms of protecting your Ingress from outside, you can limit your access for your external load balancer just to HTTPS, and most people do that but note that HTTPS and your application itself can also have vulnerabilities. 就保护Ingress免受外部攻击而言,您可以将外部负载均衡器的访问权限限制为HTTPS,大多数人都这样做,但请注意HTTPS和您的应用程序本身也可能存在漏洞。
As for your pods and workloads, you can increase security (at some performance cost) using things like a well-crafted seccomp profile and or adding the right capabilities in your pod security context. 对于您的pod和工作负载,您可以使用精心设计的seccomp配置文件和/或在pod安全上下文中添加正确的功能来提高安全性(以一些性能成本)。 You can also add more security with AppArmor or SELinux , but lots of people don't since it can get very complicated. 您还可以使用AppArmor或SELinux添加更多安全性,但很多人不会,因为它会变得非常复杂。
There are also other alternatives to Docker in order to more easily sandbox your pods (still early in their lifecycle as of this writing): Kata Containers , Nabla Containers and gVisor . Docker还有其他替代方案,以便更容易地对您的pod进行沙盒化(在撰写本文时仍处于生命周期的早期阶段): Kata Containers , Nabla Containers和gVisor 。
解决方案2
0 2018-10-12 15:10:31
This is a pretty open-ended question. 这是一个非常开放的问题。 In Google Cloud, I think an Ingress is usually a Google Cloud Load Balancer. 在Google Cloud中,我认为Ingress通常是Google云负载均衡器。 Presumably, a cloud load balancer would be very secure compared to a DMZ you manage. 据推测,与您管理的DMZ相比,云负载均衡器非常安全。 A k8s Ingress would also be typically limited to HTTP traffic, so a "hack" through an ingress would likely need to leverage an application layer vulnerability. k8s Ingress通常也会限制为HTTP流量,因此通过入口“hack”可能需要利用应用层漏洞。 It depends a lot on your specific setup. 这在很大程度上取决于您的具体设置。
In terms of Pod security, something getting execution access in a Pod would be bad. 在Pod安全性方面,在Pod中获得执行访问权限会很糟糕。 Docker is not meaningfully secure or meaningfully sandboxed. Docker没有任何有意义的安全或有意义的沙盒。 Again, this depends on your setup, but as a clear analogy: a k8s Pod is not recommended for running untrusted code. 同样,这取决于您的设置,但作为一个明确的类比:不建议使用k8s Pod来运行不受信任的代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.