everythingpossible - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is Docker's Kubernetes implementation good for security?

Docker's Kubernetes implementation provides enterprises with container orchestration options. Expert Rob Shapland discusses what this move means for cloud security.

Docker recently released the second version of its Enterprise Edition, which introduces a suite of updates to its corporate-focused product. Most notably, the product now includes support for Kubernetes, the container orchestration tool originally developed by Google that offers greater control over large deployments of containers.

This marks a change in approach as the previous Enterprise Edition only supported Swarm, Docker's proprietary orchestration tool. By adding in support for Kubernetes and allowing it to be used interchangeably with Swarm, Docker embraced the different approaches to container orchestration from which organizations can choose, enabling greater flexibility for its customers.

Once container technology has been deployed in an organization, it can quickly become difficult to manage the number of different containers. Kubernetes is designed to ease this process by deploying containers in clusters with master nodes and worker nodes. The downside is that this requires a significant level of expertise to understand; knowledge that organizations may find expensive to acquire.

Containers are not only useful tools for fitting a large number of applications onto servers and enabling legacy applications to coexist with modern applications; they also offer security benefits.

The key factor in Docker's Kubernetes implementation is that it simplifies this process, allowing organizations to quickly and easily implement multiple nodes. This simplification is attractive to organizations and is similar to the model used by Amazon and Microsoft to sell their cloud services --Make the service simple and attractive and customers will come.

Containers are not only useful tools for fitting a large number of applications onto servers and enabling legacy applications to coexist with modern applications; they also offer security benefits. Docker's Kubernetes implementation offers encrypted image caching, which encrypts the registries of Docker containers. Encryption can be enabled between nodes and between containers.

Kubernetes, as with most modern tools, provides a web-based administration interface. If the organization is not careful in how this is deployed, it can be left accessible to anyone in the world without a password. This is a common misconfiguration in cloud environments and is very easy for criminals to exploit by simply searching the entire internet for the signature associated with a public-facing Kubernetes portal.

Security considerations for Docker's Kubernetes

RedLock, a Menlo Park, Calif., cloud cybersecurity company, recently reported that it discovered that Tesla, Aviva and Gemalto exposed their Kubernetes interfaces in this way. Hackers can conduct a variety of attacks with this access, but in the case of these companies, it was used to access cloud environments to execute cryptojacking attacks -- using the computing power of the organizations' cloud instances to mine cryptocurrency while forcing them to pay for the computing costs of doing so.

Overall, Docker's Kubernetes implementation in Enterprise Edition is a positive move that paves the way for even more future integration. It is a laudable move too, as most software companies are averse to supporting rival software, especially when Docker has its own Swarm orchestration tool. Kubernetes is the more popular tool, and by integrating it directly, Docker has ensured it will not polarize the container user base.

This was last published in June 2018

Dig Deeper on Legacy Application Modernization for the Cloud

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What do you think about Kubernetes in Docker? How will your organization make use of it?
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close