Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2020

New Vulnerability Exposes Kubernetes to Man-in-the-Middle Attacks: How to Mitigate CVE-2020-8554

A few weeks ago a solution engineer discovered a critical flaw in Kubernetes architecture and design, and announced that a “security issue was discovered with Kubernetes affecting multi-tenant clusters. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster.” If a hostile user can create a ClusterIP service and set the spec.externalIP field, they can intercept traffic to that IP.

Enabling Secure Kubernetes Multi-Tenancy with Calico Enterprise

When you have different teams interacting with a Kubernetes cluster you need to think about the security, privacy, and observability challenges associated with multi-tenancy: How to provide each team with access to the specific resources they need, in a way that allows the team to be agile, without risking impacting other teams? In this session, we’ll explore the Kubernetes multi tenancy concepts and design patterns needed for successful enablement of multi-tenancy within your Kubernetes clusters using key capabilities of Calico Enterprise.

Securing Kubernetes using Egress Access Controls

A majority of existing workloads are non-Kubernetes, and for the platform teams involved, this creates challenges because the cluster will need to be securely connected to those resources. Calico Enterprise includes several features that enable fine-grained access controls between your microservices and databases, cloud services, APIs, and other applications that may be protected behind a firewall. There are different approaches to managing Kubernetes egress access, depending on your needs and where you want the control point to be

Deploying Calico in Your On-prem Kubernetes Cluster: Networking and Security Considerations

If you are deploying Kubernetes on-premises in your datacenter, this is a talk and demo you won’t want to miss. Networking and security might not be the first things that come to mind, but without some understanding of the networking and security decisions you’ll need to make, and the right options for your environment, you’re likely to get stuck or make the wrong assumptions. These may limit your ability to scale or integrate with the rest of the datacenter network.