Hacking a Kubernetes Cluster!

In this video we are going to get an overview of the Kubernetes attack surface through a fun demo of hacking into a Kubernetes cluster.

There are multiple areas that were vulnerable to attack and that’s what we will go over in this lecture. To begin with the Cloud itself. The infrastructure that hosted the Kubernetes cluster was not properly secured and enabled access to ports on the cluster from anywhere. If network firewalls were in place, we could have prevented remote access from the attackers system. This is the first C in Cloud native security. It refers to the security of the entire infrastructure hosting the servers. This could be a private or a public cloud, a datacenter hosting physical machines, a co-located environment. We discuss more about this in the last section of the course where we talk about how to detect all phases of attack regardless where it occurs and how it spreads.

The next is Cluster security. The attacker was easily able to gain access through the docker daemon exposed publicly, as well as the Kubernetes dashboard that was exposed publicly without proper authentication or authorization mechanisms. This could have been prevented if security best practices were followed in securing the docker daemon, the Kubernetes API as well as any GUI we used to manage the cluster such as the Kubernetes Dashboard. We look into these in much more detail in the first section of the course where we talk about Cluster setup and hardening. We will see how to secure the docker daemon and the Kubernetes dashboard as well as other best practices to be followed such as using network policies and ingress.

Next comes container. The hacker was able to run any container of her choice with no restrictions on what repository it is from or what tag it had. The attacker was able to run a container in privileged mode, which should have been prevented. The attacker was also able to install whatever application she wanted on it without any restriction. These could have been prevented if restrictions where put in place to only run images from a secure internal repository, and if running containers in privileged mode was disallowed. And through sandboxing containers were isolated better. We discuss these in the Minimize Microservices Vulnerabilities section as well as the Supply chain security sections of the course.

And finally Code. Code refers to the application code itself. Hard coding applications with database credentials or passing critical information through environment variables, exposing applications with TLS are bad coding practices. This is mostly out of scope for this course, however we do cover some areas such as securing critical information with secrets and vaults, enabling mTLS encryption to secure pod to pod communication etc.

To learn more about Security in Cloud native computing and Kubernetes, checkout our course on certified Kubernetes security specialist. We go in depth in each of these areas and understand about common vulnerabilities and security concerns in an environment and how to protect our systems from an attack. The course is fully hands-on with lab activities that will help you validate and remember what you learned in the videos. This will also help you prepare and pass the Certified Kubernetes Security Specialist exam.

So join our community of students at cks.kodekloud.com