I’m writing a thesis about the security of orchestration services like Docker Swarm and have a question about the protocol used for controll and traffic related to swarm services.
According to the documentation:
[…] An overlay network called ingress, which handles control and data traffic related to swarm services. When you create a swarm service and do not connect it to a user-defined overlay network, it connects to the ingress network by default.
But that is for the network-layer… I want to know what protocols are used for exchanging this traffic.
According to Diogo Mónica the security is modeled to withstand:
As a result, it becomes easier to secure clusters against even the most sophisticated attacker models: attackers that control the underlying communication networks or even compromised cluster nodes.
But what if an attacker also controls a certificate in addition to the underlying communications network? Is there a way to man-in-the-middle the control traffic related to swarm services, and by that being able to inject a malicious node into the cluster?
Thank you for your time!