the microsegment

segment all the things

Thoughts on the Attack matrix for Kubernetes

This is just a datacenter

Introduction In a recent blog post Yossi Weizman talks about the Attack matrix for Kubernetes and i had a couple of thoughts about it. As Yossi rightly says, Kubernetes is becoming a vital part in the compute stack of many companies. What i hear in my network and during sessions with IT security teams is that they face new challenges with Kubernetes-based orchestration platforms. The container platforms are also perceived like a black box for traditional networking and IT security folks, so it makes sense to understand the security risks that are inherent to those platforms first.

Kubernetes podcast on attacking k8s

The current Kubernetes Podcast gives a great view into how to attack kubernetes clusters. I have been talking about this all the time when i see OpenShift or kubernetes clusters that are trying to protect the container infrastructure with tools made for protecting pods, but hardly protect the container orchestration platform itself. Securing the container infrastructure is hard and not doing it may lead to things like cluster takeover or host escapes.