book

Hacking Kubernetes

by Andrew Martin, Michael Hausenblas

October 2021

Intermediate to advanced

311 pages

7h 52m

English

O'Reilly Media, Inc.

Book available

Start your free trial

Related skills

Kubernetes

Associated roles

AI engineer
C# developer
C++ developer
Cloud native engineer

Cloud solutions architect
DevOps engineer
Go developer
Java developer
Python developer
Rust developer
Software developer
SRE

+8 more

About YouAbout UsHow To Use This BookConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
Setting the SceneStarting to Threat ModelThreat ActorsYour First Threat ModelAttack TreesExample Attack TreesPrior ArtConclusion
DefaultsThreat ModelAnatomy of the AttackRemote Code ExecutionNetwork Attack SurfaceKubernetes Workloads: Apps in a PodWhat’s a Pod?Understanding ContainersSharing Network and StorageWhat’s the Worst That Could Happen?Container BreakoutPod Configuration and ThreatsPod HeaderReverse UptimeLabelsManaged FieldsPod Namespace and OwnerEnvironment VariablesContainer ImagesPod ProbesCPU and Memory Limits and RequestsDNSPod securityContextPod Service AccountsScheduler and TolerationsPod Volume DefinitionsPod Network StatusUsing the securityContext CorrectlyEnhancing the securityContext with KubesecHardened securityContextInto the Eye of the StormConclusion
DefaultsThreat ModelContainers, Virtual Machines, and SandboxesHow Virtual Machines WorkBenefits of VirtualizationWhat’s Wrong with Containers?User Namespace VulnerabilitiesSandboxinggVisorFirecrackerKata Containersrust-vmmRisks of SandboxingKubernetes Runtime ClassConclusion
DefaultsThreat ModelThe Supply ChainSoftwareScanning for CVEsIngesting Open Source SoftwareWhich Producers Do We Trust?CNCF Security Technical Advisory GroupArchitecting Containerized Apps for ResilienceDetecting TrojansCaptain Hashjack Attacks a Supply ChainPost-Compromise PersistenceRisks to Your SystemsContainer Image Build Supply ChainsSoftware FactoriesBlessed Image FactoryBase ImagesThe State of Your Container Supply ChainsThird-Party Code RiskSoftware Bills of MaterialsHuman Identity and GPGSigning Builds and MetadataNotary v1sigstorein-toto and TUFGCP Binary AuthorizationGrafeasInfrastructure Supply ChainOperator PrivilegesAttacking Higher Up the Supply ChainTypes of Supply Chain AttackOpen Source IngestionApplication Vulnerability Throughout the SDLCDefending Against SUNBURSTConclusion
DefaultsIntra-Pod NetworkingInter-Pod TrafficPod-to-Worker Node TrafficCluster-External TrafficThe State of the ARPNo securityContextNo Workload IdentityNo Encryption on the WireThreat ModelTraffic Flow ControlThe SetupNetwork Policies to the Rescue!Service MeshesConceptOptions and UptakeCase Study: mTLS with LinkerdeBPFConceptOptions and UptakeCase Study: Attaching a Probe to a Go ProgramConclusion
DefaultsThreat ModelVolumes and DatastoresEverything Is a Stream of BytesWhat’s a Filesystem?Container Volumes and MountsOverlayFStmpfsVolume Mount Breaks Container IsolationThe /proc/self/exe CVESensitive Information at RestMounted SecretsAttacking Mounted SecretsStorage ConceptsContainer Storage InterfaceProjected VolumesAttacking VolumesThe Dangers of Host MountsOther Secrets and Exfiltraing from DatastoresConclusion
DefaultsThreat ModelNamespaced ResourcesNode PoolsNode TaintsSoft MultitenancyHard MultitenancyHostile TenantsSandboxing and PolicyPublic Cloud MultitenancyControl PlaneAPI Server and etcdScheduler and Controller ManagerData PlaneCluster Isolation ArchitectureCluster Support Services and Tooling EnvironmentsSecurity Monitoring and VisibilityConclusion
Types of PoliciesDefaultsNetwork TrafficLimiting Resource AllocationsResource QuotasRuntime PoliciesAccess Control PoliciesThreat ModelCommon ExpectationsBreakglass ScenarioAuditingAuthentication and AuthorizationHuman UsersWorkload IdentityRole-Based Access Control (RBAC)RBAC RecapA Simple RBAC ExampleAuthoring RBACAnalyzing and Visualizing RBACRBAC-Related AttacksGeneric Policy EnginesOpen Policy AgentKyvernoOther Policy OfferingsConclusion
DefaultsThreat ModelTraditional IDSeBPF-Based IDSKubernetes and Container Intrusion DetectionFalcoMachine Learning Approaches to IDSContainer ForensicsHoneypotsAuditingDetection EvasionSecurity Operations CentersConclusion

The Weakest LinkCloud ProvidersShared ResponsibilityAccount HygieneGrouping People and ResourcesOther ConsiderationsOn-Premises EnvironmentsCommon ConsiderationsThreat Model ExplosionHow SLOs Can Put Additional Pressure on YouSocial EngineeringPrivacy and Regulatory ConcernsConclusion
FilesystemtmpfsHost MountsHostile ContainersRuntime
GeneralReferencesBooksFurther Reading by ChapterIntroPodsSupply ChainsNetworkingPolicyNotable CVEs

Overview

Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack.

This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system.

Understand where your Kubernetes system is vulnerable with threat modelling techniques
Focus on pods, from configurations to attacks and defenses
Secure your cluster and workload traffic
Define and enforce policy with RBAC, OPA, and Kyverno
Dive deep into sandboxing and isolation techniques
Learn how to detect and mitigate supply chain attacks
Explore filesystems, volumes, and sensitive information at rest
Discover what can go wrong when running multitenant workloads in a cluster
Learn what you can do if someone breaks in despite you having controls in place