Comment by erulabs
3 days ago
Awesome project! We need more eBPF projects, and congrats on launching.
Assuming I hijack a production pod, can I not just make an http call to myself with the `kloak:...` secret and get back the real secret? Is there a way to validate destination?
Yes, we have host and ip filtering in place that can be used to ensure the secret is sent only for the destination we expect.
It's not perfect though, see Host Filtering | https://getkloak.io/docs/guides/host-filtering.html