I am going to tell you about my personal experience, partly from CTF (Capture The Flag), and my considerations on K8s and containers in general.
Why you say? Because containers are so coool!
What is K8s? Wikipedia explains it like this:
Kubernetes (commonly stylized as k8s) is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation. It aims to provide a “platform for automating deployment, scaling, and operations of application containers across clusters of hosts”. It works with a range of container tools, including Docker. Many cloud services offer a Kubernetes-based platform or infrastructure as a service (PaaS or IaaS) on which Kubernetes can be deployed as a platform-providing service. Many vendors also provide their own branded Kubernetes distributions.
The hypothetical case (entirely fiction)
The Little Evil Srl company has detached itself from the very famous Bull S. Corp. and has commissioned their best and only systems engineer, such Eng. Sure Safe, to identify and create a robust and flexible solution to expose company portals to the rest of the world. Obviously everything at reduced cost “because budget”.
Eng. Safe has thought well of riding the crest of the wave and proposing a relevant, current and trendy solution.
He had read some articles on the blog “Smart-Us” and spent 2 whole hours studying the container / docker theme, until he found out how to implement Kubernetes.
And this might not be how I met your mother, but it is how a K8s cluster is proposed to management as a demo for the company portal: the structure consists of a pair of nodes plus the master, a development pod and one that serves an Open Source CMS. Each pod has only the bare minimum and specific service users have been created in order to segment the access as much as possible.
The proposal is well received, is quickly approved and Safe is Sure to be Safe.

#pwn2learn #kubernetes #hacking #containers

Kubernetes Takeover— Exit the Box!
1.50 GEEK