You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the solution you'd like
At the moment when you spin up a default instance of the quick start, it sets-up an instance of etcd to be used by Calico.
The configuration of etcd in use, allows for unauthenticated access from a remote host, which would allow anyone on the pod network or who could otherwise access the VPC, to read or change the data held in that datastore.
repo. steps
replace 172.31.43.124 with the master node IP address for your cluster
kubectl run -it test --image=raesene/alpine-containertools /bin/ash export ETCDCTL_API=3 etcdctl --endpoints=172.31.43.124:6666 get / --prefix
recommendation
If possible, ensure that all communications to etcd require a valid client certificate.
Environment:
Kubernetes version: 1.13.2
OS ): Ubuntu 18.04.1
The text was updated successfully, but these errors were encountered:
Describe the solution you'd like
At the moment when you spin up a default instance of the quick start, it sets-up an instance of etcd to be used by Calico.
The configuration of etcd in use, allows for unauthenticated access from a remote host, which would allow anyone on the pod network or who could otherwise access the VPC, to read or change the data held in that datastore.
repo. steps
replace 172.31.43.124 with the master node IP address for your cluster
kubectl run -it test --image=raesene/alpine-containertools /bin/ashexport ETCDCTL_API=3etcdctl --endpoints=172.31.43.124:6666 get / --prefixrecommendation
If possible, ensure that all communications to etcd require a valid client certificate.
Environment:
The text was updated successfully, but these errors were encountered: