Securing Kubernetes: The Paranoid Guide

The DevOps FAUNCast - A podcast by FAUN

Categories:

This episode is sponsored by The Chief I/O, an online publication where you can read and share stories about cloud native, DevOps, Kubernetes, AIOps, and many other topics. You can subscribe to The Chief I/O newsletter to receive our best stories and the latest cloud native news and trends twice a week. Visit thechief.io/newsletter. It's a sunny May afternoon in a Barcelona KubeCon. Liz Rice is on the stage discussing penetration testing in Kubernetes. She says that one of the reasons why you might want to do penetration testing is stories such as this. In 2018, Tesla left their Kubernetes Dashboard open to the internet. The Dashboard has cluster-admin privileges. They were hacked, and the end result was their system was used to run cryptocurrency mining malware. "The hackers had infiltrated Tesla's Kubernetes console, which was not password-protected," RedLock researchers wrote. "Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment, which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry." It was a big headline and one that prompted the larger Kubernetes industry to focus more on security. But why? How did one of the biggest tech companies in Silicon Valley got hacked? Is it simply a human issue? Or is there more to Security in Kubernetes? I'm your host Kassandra Russel, and today we are going to talk about Security in Kubernetes. We will examine the differences between securing a traditional environment and a container-based environment. Next, we will discuss industry standards and emerging thought patterns around security. And finally, we will go through some of the best security practices and general security advice for production workloads in Kubernetes. Before diving into all of this, we’ve been busy during the last weeks working on a new project. If you like this podcast, you will certainly like the new project, it’s a surprise, we are going to talk more about it in the future. In the meantime, you can subscribe to the podcast announcement list, we will announce it soon. Back to the subject at hand, remember the two generals' problem from one of our previous episodes? It's a classic thought experiment exposing an unsolvable problem and demonstrating the design challenges of distributed systems and the pitfall of reaching consensus over a lossy network. If you are interested in knowing more about this, we recommend you listen to our 5th episode “The Ubiquity of Kubernetes”. --- Support this podcast: https://podcasters.spotify.com/pod/show/thedevopsfauncast/support