Loading…
In-person
19-22 March
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Thursday, March 21 • 11:55 - 12:30
Stop Leaking Kubernetes Service Information via DNS! - John Belamaric, Google & Yong Tang, Ivanti

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.


Most Kubernetes distributions implement role-based access control (RBAC) to keep nosy users from poking around in other people’s applications. Well, maybe for more serious reasons than that, since a fundamental principle of security is keeping information “need to know”. What cluster administrators may not realize is that even when visibility is tightly restricted by RBAC in the Kubernetes API, it is completely unrestricted in DNS! By default, the Kubernetes DNS specification exposes all services to all clients via DNS. In this talk, you will learn how to use CoreDNS to fix that…and why you may not want to!

Speakers
avatar for Yong Tang

Yong Tang

Senior Director of Engineering, Ivanti
Yong Tang is Senior Director of Engineering at Ivanti. He is a core maintainer of CoreDNS and contributes to many container, cloud-native, and machine learning projects for the open source community. In addition to CoreDNS, he is a maintainer of Docker/Moby. He is also a maintainer... Read More →
avatar for John Belamaric

John Belamaric

Sr Staff Software Engineer, Google
John is a Sr Staff SWE, and a co-chair of Kubernetes SIG Architecture, leading efforts on production readiness, conformance, and software architecture. He is co-founder of Nephio, an LF project for K8s-based automation of large scale telco edge deployments, and a maintainer of CoreDNS... Read More →



Thursday March 21, 2024 11:55 - 12:30 CET
Pavilion 7 | Level 7.1 | Room D
  Security
  • Content Experience Level Beginner
  • Presentation Slides Attached Yes