Restrict access to etcd
Info
ID: MS-M9024
MITRE mitigation: M1035
Access to etcd should be limited to the Kubernetes control plane only. Depending on your configuration, you should attempt to use etcd over TLS. This mitigation is relevant only to non-managed Kubernetes environment, as access to etcd in cloud managed clusters is already restricted.
Techniques Addressed by Mitigation
| ID | Name | Use |
|---|---|---|
| MS-TA9025 | List Kubernetes secrets | Restrict access to etcd. |