Further Reading

On this page: For those still interested in additional information about threat modelling, tools, and some other talks that help you learn about assessing the risk of Kubernetes.

Kubernetes Threat Modelling

• Kubernetes AttackTrees
• Threat Modeling Simulator
• ATT&CK Matrix Kubernetes
• CloudSec Docs on K8s Threat Modelling
• Kubernetes Best Practice Guide by Simon Pirschel

More Tools

• GKE-Auditor from Google
• Kube-Linter analyzes yaml files against best practices
• Checkov: Helm Chart Security Anayzer
• Headlamp from Kinvolk
• Octant from Vmware/Tanzu
• Lens K8s IDE/UI
• Starboard By Aquasec

Favorite Talks

• PKI the Wrong Way: Simple TLS Mistakes and Surprising Consequences - Tabitha Sable
• Vulnerabilities in Kubernetes, an interview with Maya (KubeCon 2019)
• Walls Within Walls: What if Your Attacker Knows Parkour? - Tim Allclair & Greg Castle
• Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes [A] - Greg Castle
• A Hacker’s Guide to Kubernetes and the Cloud - Rory McCune
• Who Protects What? Shared Security in GKE
• Effective RBAC by Jordan Ligat

Join over 6,000 tl;dr sec readers and get a cheatsheet of the most important take-aways and commands + a 54 page PDF & epub for offline reading.