Denial of service
Attackers may attempt to perform a denial of service attack, which makes the service unavailable to the legitimate users. In container clusters, this include attempts to block the availability of the containers themselves, the underlying nodes, or the API server.
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| MS-M9011 | Restrict Container Runtime using LSM | Restrict execution of unwanted processes in containers. |
| MS-M9002 | Restrict access to the API server using IP firewall | Restrict access to the API server from known IP addresses. |
| MS-M9029 | Set requests and limits for containers | Limit compute resources for containers. |