Explore Kubernetes cluster security from an attacker's perspective in this 35-minute conference talk by Zebin Zhou from Tencent. Gain insights into real-world attack scenarios on K8s clusters, including container escape techniques, bypassing Pod Security Policies, and lateral movement strategies. Learn how to build secure, multi-tenant, large-scale Kubernetes clusters and implement effective defense mechanisms. Discover Tencent's experience in securing multi-tenant Kubernetes environments, with practical examples of security risks and their solutions. Cover topics such as K8s security features, privileged container exploitation, node-to-cluster admin escalation, API gateway protection, and the limitations of PodSecurity Policies. Enhance your understanding of Kubernetes security to better protect containers and data in your clusters.
Security Practices for Kubernetes Cluster Administrators - Redteam Views
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
About Me
K8s Security Features
From the Office Network
Try Privileged Container
m... Node to Cluster Admin
Defend?
From the Production Network
Real World Case 2
Protect API Gateway Admin
PodSecurity Policy Is Not a Secret Security Policy
IPTABLES Still Work
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Deploy containers by using Azure Kubernetes Service (AKS)
-
Kubernetes Privilege Escalation - Container Escape Equals Cluster Admin
-
Attacking Cloud Native Kubernetes With CDK
-
Continuous Kubernetes Security - Best Practices and Risk Mitigation
-
Security Attacks in Kubernetes Cluster Due to Security Best Practices Violation
-
One Large Cluster or Lots of Small Ones - Pros, Cons and When to Apply Each Approach
