Cover image for Hacking Kubernetes

Hacking Kubernetes

Release Date: 2021/10/01
ISBN: 9781492081722
Topic:
0%
9
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Running cloud native workloads on Kubernetes can be challenging: keeping them secure is even more so. Kubernetes' complexity offers malicious in-house users and external attackers alike a large assortment of attack vectors. Hacking Kubernetes reviews defaults and threat models and shows how to protect against attacks.



Securing your workloads is both essential and urgent, so this invaluable hands-on guide is available to you in this early release edition before it's available to the general public. It covers topics critical for cloud native security, detailing how to:



  • Run Kubernetes securely, on both a strategic and an operational level
  • Exploit Kubernetes default configurations and defend against these kinds of attacks
  • Review Kubernetes clusters for security weaknesses
  • Securely run arbitrary and untrusted code
  • Harden the Kubernetes setup to defend against any and all possible threats
    •

    Table of Contents

    1. Preface
      1. About you
      2. About us
      3. How To Use This Book
      4. Conventions Used in This Book
      5. Using Code Examples
      6. O’Reilly Online Learning
      7. How to Contact Us
      8. Acknowledgements
    2. 1. Introduction
      1. Setting the scene
      2. Starting to threat model
      3. Threat actors
      4. The first threat model
      5. Attack trees
      6. Example threat model
      7. Example attack trees
      8. Prior Art
      9. Conclusion
    3. 2. Pod-level Resources
      1. Anatomy of the attack
      2. Remote code execution
      3. Network attack aurface
      4. Kubernetes workloads: apps in a pod
      5. What’s a pod?
      6. Understanding containers
      7. Sharing network and storage
      8. What’s the worst that could happen?
      9. Container breakout
      10. Pod configuration and threats
      11. Pod header
      12. Reverse uptime
      13. Labels
      14. Managed fields
      15. Pod namespace and owner
      16. Environment variables
      17. Container images
      18. Pod probes
      19. CPU and memory limits and requests
      20. DNS
      21. Pod security context
      22. Pod service accounts
      23. Scheduler and tolerations
      24. Pod volume definitions
      25. Pod network status
      26. Using the security context correctly
      27. Enhancing the securityContext with Kubesec
      28. Hardened securityContext
      29. Into the eye of the storm
      30. Conclusion
    4. 3. Container Runtime Isolation
      1. Threat model
      2. Containers, virtual machines and sandboxes
      3. How virtual machines work
      4. Benefits of virtualization
      5. What’s wrong with containers?
      6. User namespace vulnerabilities
      7. Sandboxes: mixing containers and virtual machines
      8. gVisor vs Firecracker vs Kata
      9. gVisor
      10. Firecracker
      11. Kata containers
      12. rust-vmm
      13. Risks of sandboxing
      14. Kubernetes runtime class
      15. Conclusion
    5. 4. Applications & Supply Chain
      1. Threat model
      2. The supply chain
      3. Software
      4. Scanning for CVEs
      5. Ingesting Open Source Software
      6. Which producers do we trust?
      7. Architecting containerized apps for resilience
      8. Attacking higher up the supply chain
      9. Application vulnerability throughout the SDLC
      10. Third-party code risk
      11. Detecting Trojans
      12. Types of supply chain attack
      13. Open Source Ingestion
      14. Operator Privileges
      15. The Captain attacks a supply chain
      16. Post-compromise persistence
      17. Risks to your systems
      18. Container Image Build Supply Chains
      19. Software Factories
      20. Blessed image factory
      21. The state of your container supply chains
      22. Software Bills of Materials (SBOMs)
      23. Human identity and GPG
      24. Signing builds and metadata
      25. Notary v1
      26. sigstore
      27. in-toto and The Update Framework (TUF)
      28. GCP binary authorisation
      29. Grafeas
      30. Infrastructure supply chain
      31. Defending against SUNBURST
      32. Conclusion
    6. 5. Networking
      1. Defaults
      2. Intra-pod networking
      3. Inter-pod traffic
      4. Pod-to-worker node traffic
      5. Cluster-external traffic
      6. The state of the ARP
      7. No security context
      8. No workload identity
      9. No encryption on the wire
      10. Threat model
      11. Traffic flow control
      12. The setup
      13. Network policies to the rescue!
      14. Service Meshes
      15. Concept
      16. Options and uptake
      17. Case study: mTLS with Linkerd
      18. eBPF
      19. Concept
      20. Options and uptake
      21. Case study: attaching a probe to a Go programm
      22. Conclusion
    3.19.31.73