Kubernetes security

This repo is a collection of kubernetes security stuff and research.

Overview

• Security notes

  In-depth research about security of kubernetes features and misconfigurations. Source for all documents below

• Security hardening and best practices

  A "must do"/best practices list of things to make attacker's life hard

• Security flags checklist

  A checklist of flags to quickly test if your cluster has security features enabled.

• Attacker's guide

  A guide for attacker: what to do if he gets to pod/cluster.

  Also, some attacks included

• Vulnerabilities

  Page with sources for security announces and previous vulnerabilities

Tools

• k8numerator

  Script for enumerating services in kubernetes cluster. Common services dictionary provided.

Slides

• Midterm
• Final

References

• Kubernetes security audit

  Tracking issue

• Attacking Kubernetes