or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Syncing
xxxxxxxxxx-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe30 分鐘打下 K8s - YSc
歡迎來到 Kubernetes Summit'20 共筆
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →共筆入口:https://hackmd.io/@k8ssummit/20
手機版請點選上方 按鈕展開議程列表。
基礎上的問題
配置
網路管理
金鑰管理
權限管理
應用上的問題
pod 上面的應用
設定檔檢查
映像檔安全
服務運行時的資安
攻擊案例:偷走kube-env -》大內網延伸的問題
http://169.254.169.254/,把kube-env偷走有安全漏洞的pod滲透進去,透過該漏洞打到 metadata
打 metadata
有了 kubecfg 就可以控制所有 resource
k8s最需要被保護的是ETCD,他是k8s的大腦
防禦
reference
11 ways not to get hacked(by google)
tags:
k8ssummit20k8s