Tweezering Kubernetes Resources: Operating on Operators

The presentation discusses the importance of securing Kubernetes operators and suggests using a pipeline and static analyzer to detect vulnerabilities.

• Operators are automated runbooks that can pose security risks if not properly secured
• Bad Robot is a tool that can scan operator manifests for vulnerabilities
• Developers should be explicit about the permissions and resources an operator can access
• Restricting an operator to specific namespaces and resources can improve security
• A pipeline and static analyzer can help detect vulnerabilities in operators

The presenter demonstrates the use of Bad Robot to scan operator manifests and identify security risks.

Operators have become prevalent for the automation of repeatable cluster operations, replacing engineers in the Kubernetes configuration process. Although removing human error from the equation solves repeatability issues, Operators are often highly privileged with namespace or cluster-wide access to change resources. A compromised operator allows an attacker to deploy custom workloads very discreetly, and a rogue resource could go completely undetected. This talk asks and shows “what’s the worst that could happen?” to Operators by: - showing you how to threat model core Operator functionality - demonstrating how an Operator-based attacker can modify resources and gain persistence - how to securely appraise and test third-party Operators before trusting them - what to look out for during a code review or security related events.Click here to view captioning/translation in the MeetingPlay platform!