HTTPS not authenticated in many communication channels #49

blperez01 · 2019-04-22T18:14:56Z

The Kubernetes system allows users to set up a PKI, but in many cases fails to use authenticated TLS between components, which negates any benefit to using a PKI.

For example, the following connections do not use authenticated HTTPS:

Apiserver -> Kubelet
Apiserver -> Pods (this doesn't even use HTTPS)
Apiserver -> etcd

This failure to authenticate components within the system is extremely dangerous and should be changed to use authenticated HTTPS by default. The lack of authentication for etcd alone has led to major vulnerabilities in a wide variety of applications.

blperez01 · 2019-04-22T18:33:58Z

TOA-K8S-034

blperez01 added the high a high priority issue label Apr 22, 2019

blperez01 closed this as completed Apr 22, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HTTPS not authenticated in many communication channels #49

HTTPS not authenticated in many communication channels #49

blperez01 commented Apr 22, 2019

blperez01 commented Apr 22, 2019

HTTPS not authenticated in many communication channels #49

HTTPS not authenticated in many communication channels #49

Comments

blperez01 commented Apr 22, 2019

blperez01 commented Apr 22, 2019