Questions related to Kubernetes security: from deploying cluster securely to running secure workloads on it.
Questions tagged [kubernetes-security]
116 questions
0
votes
1 answer
kubernetes: Log in to dashboard as admin
I have deployed a k8s cluster to aws using kops.
The process created a ~./kube/config file with the following structure:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data:
name:
contexts:
-…
pkaramol
- 16,451
- 43
- 149
- 324
0
votes
1 answer
kubernetes: default AWS ECR permissions
According to the official kubernetes documentation, in order for your nodes to get access to AWS ECR, the following flag needs to be added to ~/.kube/config:
iam:
allowContainerRegistry: true
legacy: false
Then, after updating the cluster, the…
pkaramol
- 16,451
- 43
- 149
- 324
0
votes
2 answers
forbidden returned when mounting the default tokens in HA kubernetes cluster
I have a problem with mounting the default tokens in kubernetes it no longer works with me, I wanted to ask directly before creating an issue on Github, so my setup consists of basically a HA bare metal cluster with manually deployed etcd (which…
0
votes
1 answer
What are the Kubernetes API resources (within ResourceAttributes) and verbs?
I'm wanting to understand what authorisation requests are possible when implementing a custom webhook. The docs describe a SubjectAccessReview that references a SubjectAccessReviewSpec that references a ResourceAttributes object that references a…
John
- 10,837
- 17
- 78
- 141
0
votes
1 answer
Using Ansible to implement certs rotation functionality in Kubernetes Cluster
How to use Ansible for certs rotation on different layers in kubernetes cluster?
Before we used fleet and now migrating to kubernetes.
Ravim
- 1
- 3
0
votes
1 answer
How to use https to call the kubernetes api server
I have a two node kubernetes cluster on a linux server and I use the kubernetes api to pull stats about them using a http api through kubeproxy. However I haven't found any good documentation on how to use https. I am kinda new to setting up…
Rishi Kapadia
- 61
- 1
- 6
0
votes
1 answer
Kubernetes system:serviceaccount:default denied access
So does anyone know exactly what I need to put in my ServiceAccount yaml in order not to be denied access to my ServiceAccount when i try to list things via the REST API:
curl…
zach
- 11
- 1
0
votes
1 answer
Mounting client.crt, client.key, ca.crt with a service-account or otherwise?
Has anyone used service-accounts to mount ssl certificates to access the aws cluster from within a running job before? How do we do this? I created the job and this is the from the the output of the failing container which is causing the Pod to be…
phpnovice
- 11
- 7
0
votes
2 answers
Kubernetes. namespaces isolation
Previously, to restrict access between namespaces i used:
net.alpha.kubernetes.io/network-isolation: "on"
In version 1.6.1 does not work.
The currently proposed version:
net.beta.kubernetes.io/network-policy: |
{
"ingress": {
…
Иван Храмов
- 9
- 3
-2
votes
1 answer
how to use Istio API Key for authorisation to a service?
I found the following documentation on istio on how to create an API Key
https://istio.io/docs/reference/config/policy-and-telemetry/templates/apikey/
But i am unable to find any documentation or examples on how to use the thing to secure a…
Madu Alikor
- 2,544
- 4
- 21
- 36
-2
votes
1 answer
connect to shell terminal of other container in a pod
When I define multiple containers in a pod/pod template like one container running agent and another php-fpm, how can they access each other? I need the agent container to connect to php-fpm by shell and need to execute few steps interactively…
user1595858
- 3,700
- 15
- 66
- 109