This lab demonstrates some of the security concerns of a default GKE cluster configuration and the corresponding hardening measures to prevent multiple paths of pod escape and cluster privilege escalation
Overview
Syllabus
- GSP496
- Overview
- Setup and requirements
- Task 1. Create a simple GKE cluster
- Task 2. Run a Google Cloud-SDK pod
- Task 3. Deploy a pod that mounts the host filesystem
- Task 4. Explore and compromise the underlying host
- Task 5. Deploy a second node pool
- Task 6. Run a Google Cloud-SDK pod
- Task 7. Deploy PodSecurityPolicy objects
- Task 8. Deploy a blocked pod that mounts the host filesystem
- Congratulations!