Say it ain’t so, etcd is on the public Internets? And its leaking like a sieve.
- simplicity. Its just easy to use and deploy etcd
- Insecure by design and default. To make it simple, no security model was originally used, if you can access the port, you can read the world
- orchestration platforms using etcd to move config around, including the link between container A and container B (e.g. mysql-client and mysql-server).
You can’t ‘yada yada yada’ cloud security. You need a real firewall, particularly when you are playing with ‘this only works on a dedicated network that is isolated even from the rest of your own application stack’ stuff like etcd. Seriously, you can’t even just be ‘outside bad, inside good’, you need to think about lateral traversal. if one machine of yours is compromised, and it can walk around in etcd (maybe it changes that password? just reads it? Its bad regardless). And its probably hard to retool everything.