This is a good thing and is the reason why lots of customers decide to go for EKS.ĮKS comes in three flavours: self-managed workers, managed node groups, and EKS Fargate. This means you don’t need to worry about securing the control plane and components like the master nodes, etcd database, etc. This task varies a lot according to the AWS service you’re using: for example, a self-managed service like EC2 requires you to perform security configuration at the operating system layer whereas a fully managed services like S3 removes this type of tasks but still leaves you the responsibility to configure and manage your data and permissions.ĮKS is a managed service and AWS is taking care of several core components of Kubernetes. On the other hand, customers (you!) are responsible for security in the cloud: this means updating and patching the operating system in EC2, configuring security groups, etc. In a nutshell, AWS is responsible for security of the cloud: this means protecting the infrastructure that runs all the services offered in AWS (regions and availability zones, hardware, networking, storage, etc.). The AWS Shared Responsibility Model is a core concept in AWS. If you want to move straight into the practical part and start using kube-bench, feel free to jump to that section.īefore diving into kube-bench, it is worth reviewing the AWS Shared Responsibility Model and how it applies to EKS. In this blog post I’m going to show you one of these security tools called kube-bench, how to run security scans in your EKS cluster, and how to assess results. However, there are still lots of other Kubernetes components that you need to configure and secure when using EKS.īut despair not, there are tools that can help you assessing the security of your Kubernetes cluster and automatically flag vulnerabilities. It’s true that AWS takes away the pain of managing and securing core Kubernetes components like the control plane and master nodes. How secure is your EKS cluster? You may think: “ I’m using a Kubernetes cluster managed by AWS, it must be secure, right?”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |