Denial of Service
Denial of Service (DoS) is all about making something unavailable. There are many types of DoS attack, but a well-known variation is overloading a system to the point it can no longer serve requests. In the Kubernetes world, a potential attack might be to overload the API server so that cluster operations grind to a halt (even essential system services have to communicate via the API server).
Let's take a look at some potential Kubernetes systems that might be targets of DoS attacks, and some ways to protect against and mitigate them.
Protecting Cluster Resources against DoS Attacks
It's a time-honored best practice to replicate essential control plane services on multiple nodes for high availability (HA). Kubernetes is no different, and you should run multiple master nodes in an HA configuration for your production environments. Doing this will prevent a single master from becoming a single point of failure. In relation to certain types of DoS...