The New Stack Context: Operators Can Be a Security Hazard
A few years back, Kubernetes was in full development and many of its basic concepts were still evolving, so security was not a huge priority. But as K8s deployments have moved into production, more attention is being focused in securing Kubernetes and its workloads. Gadi Naor has been following Kubernetes security from the start. Alcide, the company Naor founded and now serves as CTO, offers an end-to-end Kubernetes security platform.
For this week’s episode of The New Stack Context podcast, we speak with Naor about a variety of Kubernetes security-related topics. Last week, Naor hosted a Kubernetes security webinar for the Cloud Native Computing Foundation, which in addition to offering many helpful hints, discussed in detail the spate of recent vulnerabilities found in Kubernetes. And for The New Stack, he wrote about the problem of configuration drift in Kubernetes, and why it can’t be solved simply through continuous integration tools.
One of the most surprising parts of the conversation was when Naor had explained his worries about operators, a framework increasingly used to manage complex applications on Kubernetes:
If someone is basically building an operator to deploy a single instance of an application, that’s a wrong use for an operator. You would be way better using Helm charts or customized resources and push stuff to a cluster. Operators run normally as extremely privileged components, from an audit perspective, which means they become a weak link inside your cluster. I try to scan it in [continuous integration] but it means nothing to all the tools because it’s very vendor-specific, irresponsibly-vendor specific. You end up running with something that actually weakens your Kubernetes security posture. So at the end of the day, it makes a lot of sense to create an operator [for Prometheus] because it automates a lot of the wiring of your monitoring systems. And it does that very elegantly. But you have security vendors, which I will not name, that use the operator to deploy a single instance, and is abusing this notion [of an operator].
Other topics discussed include:
- The growing time it takes to disclose new vulnerabilities.
- Vulnerabilities in the control plane versus those on the node.
- Vulnerability management in self-managed Kubernetes vs. managed Kubernetes.
- Why Kubernetes Operators are a security risk.
- Configuration drift in Kubernetes.
- The importance of continuous delivery for Kubernetes security.
- Why a managed platform may catch a security error that most roll-your-own distributions would miss.
- The motivation for starting Alcide.
Then, later in the show, we take a look at some of The New Stack‘s top posts from the week:
- New Kubernetes EBook! Learn the Latest in Kubernetes Deployments and Trends
- How AI Observability Cuts Down Kubernetes Complexity
- Google’s Management of Istio Raises Questions in the Cloud Native Community
- Alex Williams’ Op-Ed: Kubernetes May Be Google’s Last Great Open Project
- This Week in Programming: Clearing up any Confusion around Kubernetes Operators.
At this time, The New Stack does not allow comments directly on this website. We invite all readers who wish to discuss a story to visit us on Twitter or Facebook. We also welcome your news tips and feedback via email: firstname.lastname@example.org.