I was going through the documentation for creating backups for GKE cluster. My cluster version in 1.21.14-gke.700 and in the docs it is written
Caution: Backup for GKE requires full privileges to read and write every object in the cluster. The Backup for GKE agent that runs in GKE cluster versions prior to 1.24 runs as a workload in the GKE user cluster. Users or workloads with root access to the underlying node on which the Backup for GKE pod is scheduled, such as through pod hostpath mounts or SSH, can gain these root-in-cluster privileges. To avoid this potential node to cluster escalation, we highly recommend that you run Backup for GKE in GKE clusters running version 1.24.4-gke.800 or higher, where the agent runs on an inaccessible host in the GKE control plane.
Can anyone help me to explain the meaning of node to cluster escalation term in detail. Also, what's the harm of running backups for GKE cluster prior to 1.24.
CodePudding user response:
If you use the GKE backup on GKE versions before 1.24. The backup agent runs as a privileged workloads on your cluster nodes. A privileged pod is a container that has root access on the node. that what we mean by "node to cluster escalation".
After 1.24 the agent runs in a dedicated namespace with a dedicated Service Account which has limited access.