Docker swarm and security

didriksa · February 13, 2018, 9:06am

Hello!

I’m writing a thesis about the security of orchestration services like Docker Swarm and have a question about the protocol used for controll and traffic related to swarm services.

According to the documentation:

[…] An overlay network called ingress, which handles control and data traffic related to swarm services. When you create a swarm service and do not connect it to a user-defined overlay network, it connects to the ingress network by default.

But that is for the network-layer… I want to know what protocols are used for exchanging this traffic.

According to Diogo Mónica the security is modeled to withstand:

As a result, it becomes easier to secure clusters against even the most sophisticated attacker models: attackers that control the underlying communication networks or even compromised cluster nodes.

But what if an attacker also controls a certificate in addition to the underlying communications network? Is there a way to man-in-the-middle the control traffic related to swarm services, and by that being able to inject a malicious node into the cluster?

Thank you for your time!

Topic		Replies	Views
Docker swarm in a public nic General	0	589	June 16, 2018
Mesh networking security General	9	4390	July 11, 2016
Docker Swarm and network traffic General	0	579	September 21, 2017
How should I run a secure swarm in production? Swarm	1	520	July 9, 2024
Communication between two different docker instance in docker swarm..? Swarm	4	4836	November 15, 2017

Docker swarm and security

Related topics