Risk8s Business

Kubernetes is a container orchestrator that has seen year-after-year exponential growth in adoption.

While many organizations have adopted Kubernetes because of its hyped ability to scale, extensibility, and multi-cloud support, many security teams have been left playing catch-up.

Guide Structure

The structure of this guide, which you can also quickly navigate by the navbar links on the left hand side, is the following:

Introduction

First we’ll give you an overview of Kubernetes, discuss what it means to secure a cluster, and talk about the end goal here.

We’ll list a number of solid tools to get you started, which will be used throughout this guide.

Understanding Your Environment

You need to understand your environment before you can secure it, so we start there. We’ll quickly dive in to ways that you can collect information, and which information is relevant in the big picture.

We want to see what your cluster looks like, how you’re deploying it (managed vs self-hosted), what’s running inside and nearby, and what services are at risk of being compromised throughout the cluster’s lifetime.

Understanding Your Risk

With all this information we will run through a simple risk analysis that helps us determine how likely an exploit would occur and determine how your cluster will hold up. Finally building an overall risk baseline for the environment.

We’ll examine:

• Access controls: who can deploy and how are workloads being deployed?

• Which services are exposed publicly or internally?

• Do we have visibility into the cluster, and is our cluster vulnerable due to configuration mistakes or networking-related vulnerabilities?

We’ll conclude by discussing common compromise scenarios: a pod being compromised, a developer compromising a cluster, and a developer being compromised by an attacker. And some stories of what I’ve seen in the real world during my consulting work, for good measure 😎

Wrapping Up

In the end, we’ll put it all together, and you will hopefully have enough information to get started reviewing your cluster environment to identify gaps, vulnerabilities, and just questionable areas that will need further inspection.

Once you have a risk assessment complete, it’ll be your job to continue onto the risk management phase and find out what mitigations will best fit in to address all the issues you found.

And of course, we conclude with a variety of further resources on Kubernetes threat modeling, additional tools, and some of our favorite conference talks.

About the Author

My name is Mark Manning and I’m currently a security architect at Snowflake. I’ve spent years as a security consultant for a global security consulting firm where I assessed, reviewed, attacked, and sometimes, helped fix problems on a wide range of Kubernetes projects (among other types of projects). I was excited for the opportunity to collaborate with tl;dr sec and write about a topic I’ve dealt with repeatedly over the last 4 years, Kubernetes risk.

I’ve worked with customers just getting started with Kubernetes, cloud providers deploying their own Kubernetes platforms, and large organizations that have invested much of their business into embracing the “digital transformation.”

Today I’m working with Snowflake by focusing some of my experiences and offensive skills towards helping solve some really interesting security challenges. Part of that is Risk Management of Kubernetes clusters at scale.

I’ve seen how things can go right, and wrong, in the real world, in a vast variety of companies. While I don’t have all the answers, I enjoy sharing what I do know with the public, and on Twitter or at hacker conferences.

My hope is that some of us will continue to work heavily on Kubernetes security so that even if we don’t fix everything, the rest of the infosec industry can level-up to meet the challenges of securing these modern platforms.