Explore the security model of Kubernetes and learn how to detect and combat security vulnerabilities using simple scripting techniques in this 43-minute conference talk. Dive into the hidden security features of Kubernetes, from Linux namespaces used in containers to network configurations that can make or break cluster security. Examine container escape vulnerabilities documented in the CVE database and discover how to check clusters for weaknesses using straightforward scripts. Witness a practical demonstration of analyzing Istio, the "trust nothing" distributed firewall solution, and uncover an exploitable attack. Gain insights into how Istio addressed the reported bug and learn about future improvements in version 1.2 that will close the exploit using the Container Network Interface (CNI). Enhance your understanding of container and Kubernetes security to better protect your infrastructure.
Overview
Syllabus
Hacking Containers and Kubernetes
Taught by
media.ccc.de