Like for many other security folks, Kubernetes (K8s) with its ever-growing wide adoption was a new concept for me to wrap my head around. As a matter of fact, my journey into Security after a career change has been full of these experiences. However, K8s and its complexity have been specially a challenge for me in the early days of my CloudSec engineering. I figured while I was at it, I’d dive deep and do my MSc Information Security dissertation on K8s Security as much as I could address. I have done an analysis on current K8s attack surface, the importance of establishing a secure baseline for its configuration and utilising open-source tools for this purpose.
I personally feel there is a strong connection between early adopters of K8s and a passion for open-source tooling on application development. Similarly, a lot of us security people who care about cost-effectiveness, build necessary skills to implement tools customised for our environments and try to avoid tool fatigue driven by sales pitches, love a bit of open-source tools. When I started working on securing K8s, this was another reason why I first turned to open-source security tools.
Inspired by my dissertation subject, in a series of blogs, I will be sharing the knowledge I have gained, the why, what and how on K8s Security in the hope that it will help other security professionals. I will cover the basics of K8s in this part and the resources I have used to learn K8s to set the scene.
How K8s came about
As the world of development has moved more towards better and better utilisation of hardware resources with more and more isolation and distributed at best, container-based application development has proved to provide additional benefits as apposed to what VM-based development had previously.
image credit: kubernetes.io
By 2022, more than 75% of global organizations will be running containerised applications in production, up from less than 30% today (Gartner).
What is K8s?
Official documentation defines K8s as a portable and expensible open-source system for managing containerized workloads and services which facilitates automation, imperative and declarative configuration. A lot is packed in this definition, and I will try to break this down to digestible chunks.
- K8s is an orchestrator for containers.
- Essentially, K8s groups containers, which make up an application, into logical units for easy management and discovery.
Image credit: Developedia
Technically, containers run in pods, which are the atomic object type within a Kubernetes cluster. Here’s how they relate:
- Pod: A pod defines the logical unit of the application; it can contain one or more containers and each pod is deployed onto a node.
- Node: This is the virtual machine serving as the worker in the cluster; pods run on the nodes.
- Cluster: This consists of worker nodes and is managed by the control plane.
Rather than explaining all these in detail, I will provide a list of resources I myself used in the beginning of my journey.
Where can I learn more?
- Official Kubernetes website
- This article explains Kubernetes Architecture in an amazing way with an analogy
- For more in-depth learning, try below resources. I especially found Youtube videos by Nana very useful, both for people starting out and ones who would like to deep dive.
- Katacoda is great to get your hands dirty and start exploring without a learning structure.
- Another hands-on lab for more learning.
- There are some Udemy courses to try out, as well, especially for building and deploying containerised applications with K8s, Docker and Helm
Coming up soon… Secure K8s Configuration standards and CIS benchmark for K8s.
