Securing Kubernetes Clusters: identifying and exploiting vulnerabilities.

It is true that Kubernetes has become the natural choice for running containerized workloads. The level of automation, flexibility, and its declarative configuration model simplifies/removes a large operational overhead.

It is also true that the rapid pace of Kubernetes adoption, the level of configuration flexibility allowed, the amount of available tooling choices, and the complexity behind microservices architectures have created a new set of security issues and cognitive load for teams, making containers and Kubernetes an ideal target for attackers.

There are many vulnerabilities that can be intentionally exploited to gain unauthorized access, disrupt services, or cause data breaches. Similarly, there are many misconfigurations that can cause issues such as increased costs and inefficient resource utilization.

Recent research has highlighted the prevalence of vulnerabilities in Kubernetes clusters:

• According to a survey conducted by RedHat in 2022, 93% of respondents reported experiencing "at least one security incident in their Kubernetes environments over the last 12 months", with 53% being attributed to misconfiguration and 38% being the result of vulnerability exploitation.

  
  

• A 2023 report, also from RedHat, points out that 67% of respondents reported delayed or slowed down deployment due to Kubernetes security concerns, 37% suffered revenue or customer loss due to a container/Kubernetes security incident, and 90% had at least one security incident in the last 12 months.

  
  

To make this topic more interesting, we can mention some very common examples of vulnerabilities found in Kubernetes clusters, which often go unnoticed due to lack of knowledge or lack of tools that correctly identify them:

Pod Resource Requests and Limits

Kubernetes was designed to allocate resources based on requests and limits defined by users. If these definitions are incorrect, the allocation of resources needed to run containers efficiently will be heavily compromised. If the defined requests and limits are too high, Kubernetes may allocate more resources than necessary, leading to inefficient use and increased costs. On the other hand, if they are too low, it may allocate insufficient resources, leading to performance issues, downtime, and even data loss. 

Therefore, it is essential to define them correctly to ensure that containers have access to the resources needed to function efficiently and avoid the previously mentioned problems.

Incorrect Security Configurations

Unauthorized access, privilege escalation, denial of service, data loss, and compliance violations are just some of the possible consequences of incorrect security configurations.

An overly permissive security context on a container can provide attackers with elevated privileges within the container or even on the host node, allowing them to access sensitive resources without authorization. This can also leave containers vulnerable to DoS attacks, where the attacker can exhaust container or host node resources.

Compliance violations, such as those of HIPAA or GDPR, can also occur due to incorrect security configurations, resulting in legal and financial penalties.

To ensure the integrity, confidentiality, and availability of data and resources, it is crucial to properly configure security contexts for containers and pods in Kubernetes.

Untagged Docker Image

A tag provides a unique identity to a Docker image. If you do not specify a tag (or a digest), Kubernetes will assume you are referring to the :latest tag. This can cause confusion when trying to track which version of the image is running and rolling back correctly.
To resolve this issue, it is necessary to associate the tag or the digest of all images referenced in the resources. Regular scanning can identify and fix this issue, reducing the risk of vulnerabilities and ensuring the integrity and security of the infrastructure environment as a whole.

Probes Definition

Probes are used to check the health of a container. They allow Kubernetes to automatically detect and recover from failures. Defining probes on a resource can help ensure that the cluster is functioning efficiently and effectively.

Without a liveness probe, if the web server process inside the container fails, it will not be restarted automatically. This can lead to increased service downtime, as the site will remain unavailable until someone intervenes manually.

Without a readiness probe, the container running the web server may still be included in the load balancer's available instances pool. This can lead to requests being sent to the container, which may not be able to handle them properly, resulting in errors or timeouts. For example, the web server may need to connect to a database or some external service before being able to respond to incoming requests.

Furthermore, not having both probes defined can make it difficult to diagnose and troubleshoot service issues, as there will be no automatic mechanism to identify when the container is not functioning properly. This can lead to delays in identifying and fixing problems, causing more downtime and impacting service availability.

Check Getup's article on the subject: https://www.getup.io/blog/seliga-06-probes/ 

The potential damage that these and other vulnerabilities and misconfigurations can cause can be significant.

To avoid these problems, it is important to periodically scan all clusters to identify potential risks and remediate them as quickly as possible, and also to implement best practices for Kubernetes cluster security, such as restricting access to sensitive resources, using secure network policies, and updating the environment regularly.

Zora can help you run these periodic checks, in a simple and automatic way. It allows periodic scanning of all your K8s clusters, through connected plugins like Popeye and Marvin (an official Undistro plugin), which reports updated checks with the latest vulnerabilities disclosed by major frameworks (Kubernetes POD Security Standards, Mitre Att&ck, NSA & CISA Kubernetes Hardening Guidance). Visit our open source projects page to learn more.

In conclusion, Kubernetes is an essential tool for managing containerized workloads, but it also represents a significant risk to infrastructure security. 

By identifying and remediating vulnerabilities, organizations can reduce the risk of security incidents and data breaches, and protect their critical infrastructure and data.