Over the course of this series, we will move past high-level theoretical risks and dissect the actual mechanics of exploitation and defence within a cluster. We’ll analyse common misconfigurations, privilege escalation paths, container breakouts, and API server vectors that attackers leverage to compromise cloud-native environments.
Before we can break a system, we must understand its architecture and state.
Today, modern software is increasingly built and deployed with a tool known as containers. Containers are lightweight and portable packages that bundle an application with everything it needs to run such as itscode, libraries, configuration, execution environment, etc. The primary idea behind a container is that it should operate as its own miniature an application to ensure that no matter where the application is run (suchas on a developer’s laptop, test server, or production environment in the cloud), the application should run in the exact manner. The idea of this technology is to avoid the “it works on my computer” problem where on some machines the application will run without issue while on others it will fail to run due to missing components such as missing libraries, code, configuration files, etc.
However, as applications grow in complexity, organisations often find themselves running hundreds or even thousands of these containers simultaneously. Managing them manually becomes quickly impractical. To resolve this issue, the tool Kubernetes was created.
Kubernetes is an open-source platform designed to automate the deployment, management, and scaling of containerised applications. It was originally developed by Google and released in 2014.However, the project was donated to the Linux Foundation and today the Linux Foundation’s subsidiary Cloud Native Computing Foundation (CNCF) manages the technology.
Kubernetes has become the industry standard for running containers as scale. In essence, Kubernetes can be thought of as aself-managing corporate network environment for containers. Similar to how a corporate network connects computers, printers, and servers to allow them to communicate with each other while keeping the entire environment smoothly, Kubernetes connects containers and manages both how they interact with each other. Crucially, containers in a Kubernetes environment rarely work in isolation as a standard setup may have a container handling the web application, another handling the database, another handling load balancing, and another processing background tasks, all of which needs to communicate reliably with each other. Kubernetes provides the underlying logical infrastructure to make such communication possible, while also handling the operational work of keeping every container healthy, available, and running where they should be.
Kubernetes manages its configuration using YAML files. YAML files are human-readable text files that describe the desired state of an application and its environment. For example, a YAML file may instruct Kubernetes to always keep three copies of a web server running, or to only allow certain services to communicate with each other.
Key Features:
- Automatic Scheduling and Scaling: Kubernetes automatically decides where to run each container based on available resources, it can scale the number of running containers up or down in response to demand. During a traffic spike, it can spin up additional instances of its application without any manual intervention.
- Self-Healing: If a container crashes or becomes unresponsive, Kubernetes will automatically restart, replace, or reschedule the container.
- Load Balancing: Kubernetes distributes incoming network traffic evenly across running containers, preventing a single instance from becoming a bottleneck.
- Rolling Updates and Rollbacks: When deploying a new version of an application, Kubernetes can gradually replace old containers with new ones, ensuring the application remains available throughout an update. If something goes wrong, it can automatically roll back to the previous version.
Stay tuned for Part 2, where we will focus more on the different components associated with Kubernetes and understand the Kubernetes architecture before we dive right into the security misconfigurations and vulnerabilities associated with Kubernetes.
