Cluster Grey Zone: Risks in Managed Cluster Middleware

This talk investigates the 'grey zone' of managed cluster middleware in Kubernetes environments. While users are aware of their own workloads, automatically deployed components by cloud providers (like EKS, AKS, GKE) running on worker nodes introduce an often-overlooked threat surface. The speakers analyze the security posture of this Managed Cluster Middleware (MCM), demonstrating how attackers can exploit misconfigurations in components like Node Problem Detector and Fluent Bit to gain elevated privileges and exfiltrate sensitive data. They highlight the challenges in securing these components due to shared responsibility models and the limitations of traditional security tools.