IT Security in Kubernetes, Magnus Wulf

Magnus Wulf

Abstract

Kubernetes (k8s) lends itself naturally to the ever growing field of Cloud Computing. It is easy to set up and is highly configurable. As such it is also vulnerable to common security pitfalls. To ensure that operating clusters do not introduce additional risk to an organization, a list of criteria and and test cases to ensure system security would be desirable. Kubernetes features quite a few novel ways of implementing hardware requirements, but this also adds risk in form of complexity. For instance, having a centralized management layer allows a better overview over cluster resources, but comes at the cost of a single point of failure, at least security wise. Similarly, since Kubernetes runs all workloads in containers, common risk patterns that apply to containers also apply to Kubernetes. So when evaluating the security risks a cluster is exposed to, all layers need to be considered, from the cloud the cluster is being run on, over the OS the nodes run on, all the way down to the containers themselves. There are multiple documents that attempt to make the transition to secured Kubernetes architecture easier, such as the CIS Benchmark and the Federal Office for Information Security (BSI) IT-Grundschutz-Compendium. These take the form of general advice and instructions, but do not allow untrained personnel to verify the state of a cluster from a security perspective. There are tools that allow automated testing both externally and from within the cluster, for example kube-hunter. They struggle however, with covering the full spectrum of potential vulnerabilities. This thesis was written in collaboration with umlaut solutions GmbH, who provide consulting to a wide range of industries, with the current focus of the cybersecurity team being on embedded and automotive security. This paper, along with the appended list of test cases, aims to provide documentation that will allow users to both understand potential vulnerabilities and identify deviations from best practices. This allows a penetration tester to more efficiently find and document vulnerabilities and issues found in a given Kubernetes cluster.