Hacking a Kubernetes Cluster: A Practical Example!

In this video, we are going to get an overview of the Kubernetes attack surface through a fun demo of hacking into a Kubernetes cluster. Full Certified Kubernetes Application Developer (CKAD) Course: https://kode.wiki/CKAD_YT There are multiple areas that were vulnerable to attack and that’s what we will go over in this lecture. To begin with the Cloud itself. The infrastructure that hosted the Kubernetes cluster was not properly secured and enabled access to ports on the cluster from anywhere. If network firewalls were in place, we could have prevented remote access from the attacker's system. This is the first C in Cloud-native security. It refers to the security of the entire infrastructure hosting the servers. This could be a private or a public cloud, a data center hosting physical machines, a co-located environment. We discuss more this in the last section of the course where we talk about how to detect all phases of attack regardless of where it occurs and how it spreads. The next is Cluster security. The attacker was easily able to gain access through the docker daemon exposed publicly, as well as the Kubernetes dashboard that was exposed publicly without proper authentication or authorization mechanisms. This could have been prevented if security best practices were followed in securing the docker daemon, the Kubernetes API as well as any GUI we used to manage the cluster such as the Kubernetes Dashboard. We look into these in much more detail in the first section of the course where we talk about Cluster setup and hardening. We will see how to secure the docker daemon and the Kubernetes dashboard as well as other best practices to be followed such as using network policies and ingress. Next comes the container. The hacker was able to run any container of her choice with no restrictions on what repository it is from or what tag it had. The attacker was able to run a container in privileged mode, which should have been prevented. The attacker was also able to install whatever application she wanted on it without any restriction. These could have been prevented if restrictions were put in place to only run images from a secure internal repository and if running containers in the privileged mode were disallowed. And through sandboxing, containers were isolated better. We discuss these in the Minimize Microservices Vulnerabilities section as well as the Supply chain security sections of the course. And finally Code. Code refers to the application code itself. Hard coding applications with database credentials or passing critical information through environment variables, exposing applications with TLS are bad coding practices. This is mostly out of scope for this course, however, we do cover some areas such as securing critical information with secrets and vaults, enabling metals encryption to secure pod to pod communication, etc. To learn more about Security in Cloud-native computing and Kubernetes, check out our course on certified Kubernetes security specialists. We go in-depth in each of these areas and understand common vulnerabilities and security concerns in an environment and how to protect our systems from an attack. The course is fully hands-on with lab activities that will help you validate and remember what you learned in the videos. This will also help you prepare and pass the Certified Kubernetes Security Specialist exam. So join our community of students at cks.kodekloud.com #HackingaKubernetesCluster #kodekloud