Attacking and Defending Kubernetes
Authors
Tripathi, Ankit Amrendra
Issue Date
2024
Degree
MSc in Cybersecurity
Publisher
Dublin Business School
Rights holder
Rights
Abstract
The growing adoption of containers and their orchestration in on-premises and cloud systems highlights the urgent security problems (Hill, 2023). Among these options, Kubernetes is the most advanced for implementing containerised workloads when used in conjunction with Docker. This article summarises painstaking process, showing how to set up and configure a local Kubernetes infrastructure using an Ubuntu OS virtual machine. The inclusion of many penetration testing tools, like Burp Suite and Zmap, together with essential open-source scanners like Trivy and Kubescape, strengthens this ecosystem even further. These tools help to highlight security flaws in the Docker container and Kubernetes ecosystem. Two key planes are used by Kubernetes to function: the control plane, which manages the cluster state, and the data plane, which carries out essential tasks. In order to specify the desired cluster state, its structure mostly depends on a variety of elements. In this article, targeted attacks on a Kubernetes cluster (Akula, n.d.) was conducted, which categorise into four main areas: (a) Attacks against the core Kubernetes engine and its components; (b) Kubernetes network layer exploits; (c) Container breaches, which include malicious code injections and vulnerabilities in containers; and (d) Using Infrastructure as Code (IaC) vulnerabilities. Simultaneously, research uses open-source scanners like Trivy, Kubescape, and others to thoroughly examine Docker as well as container images. This all-inclusive method makes it easier to compare security results produced by various scanning programmes. Additionally, analysis explores known attack vectors, such as the OWASP Top 10, ensuring that results are consistentwith the MITRE methodology for methodical issue classification. Together with these investigative steps, a comprehensive set of countermeasures and defences that are suited to each layer that is vulnerable to these threats was provided. Using the knowledge obtained from thorough investigation, this all-encompassing approach aims to strengthen the security architecture of Kubernetes settings.