Kubernetes security

This repo is a collection of kubernetes security stuff and research.

The research was conducted during Summ3r 0f h4ck traineeship.

Overview

Security notes

In-depth research about security of kubernetes features and misconfigurations. Source for all documents below
Security hardening and best practices

A "must do"/best practices list of things to make attacker's life hard
Security flags checklist

A checklist of flags to quickly test if your cluster has security features enabled.
Attacker's guide

A guide for attacker: what to do if he gets to pod/cluster.

Also, 5E0B some attacks included
Vulnerabilities

Page with sources for security announces and previous vulnerabilities

k8numerator

Script for enumerating services in kubernetes cluster. Common services dictionary provided.

Name		Name	Last commit message	Last commit date
Latest commit History 63 Commits
attacks/helm		attacks/helm
demo		demo
imgs		imgs
k8numerate		k8numerate
ATTACKER.md		ATTACKER.md
FLAGS.md		FLAGS.md
HARDENING.md		HARDENING.md
NOTES.md		NOTES.md
README.md		README.md
VULN.md		VULN.md