With New Kubernetes Plugin, Role-Based Access Control Has Never Been Easier
By Haim Helman, CTO/Co-Founder of Octarine
If you are using Kubernetes (K8s), you’re going to want to think about how to minimize its attack surface. To help you achieve least privileged access permissions, we've developed an open-source tool, Kubectl-RBAC. This tool makes it quick and easy to establish and maintain role-based access control (RBAC) for your K8s clusters.
More and more enterprises are taking advantage of containers to architect and package their applications to increase agility and accelerate speed of deployment. 451 Research predicts the overall market for containers will reach $2.7 billion in 2020. According to Forrester, organizations expect the number of containerized applications in their environment to rise by 80% over the next two years. These containerized applications are often broken up into microservices, which are modular, independent functions that can be accessed and used to perform specific tasks for any number of applications.
As you can imagine, while improving flexibility and scalability, all these containers can also add operational complexities. This is where Kubernetes comes in. Generally revered as one of the fastest growing open source projects in history, Kubernetes is designed to automate the deployment, scaling and management of containerized applications. It groups containers into logical units, also known as clusters, and offers tools that make these groups easier to manage and orchestrate.
If you are using or thinking about using Kubernetes (K8s), you’re going to want to think about how to minimize its attack surface. We’ve seen containers and Kubernetes, itself, being exploited by attackers. For example, an attacker used an administrative console that wasn’t password protected to gain admin privileges for a Tesla K8s cluster – once in, they had access to everything, including credentials to a cloud environment that allowed them to launch a pretty sophisticated cryptojacking operation.
So, what can you do to protect yourself? A good start is to follow the principles of least privilege when setting up your Kubernetes cluster to make sure users and services only have the access they should. To help you achieve least privileged access permissions, we’ve developed an open-source tool, Kubectl-RBAC. This tool makes it quick and easy to establish and maintain role-based access control (RBAC) for your K8s clusters.