Komrade: an Open-Source Security Chaos Engineering (SCE) Tool for K8s


Authors:   Aaron Rinehart, Matas Kulkovas


The presentation discusses the complexity of modern computing systems and the need for proactive measures to prevent outages and incidents. It introduces the concept of chaos engineering and the open-source tool Curviz for Kubernetes security testing.
  • Modern computing systems have evolved beyond human ability to mentally model their behavior, leading to increased outages and incidents.
  • Software complexity only increases and cannot be decreased, making it challenging for operators to manage.
  • Chaos engineering is a proactive approach to fixing issues and navigating inherent complexity.
  • Curviz is an open-source tool for Kubernetes security testing, targeting low-hanging fruit such as CIS benchmarks and network configurations.
  • Experiments can be run to test configurations and validate changes before they cause issues in production.
The speaker shares an anecdote from their time as Chief Security Architect at United Health Group, where a minute of downtime during the busiest time of year cost over a million dollars. They emphasize the importance of proactively verifying systems to prevent such costly incidents.


Security Chaos Engineering (SCE) is an emerging discipline that serves as a foundation for proactively discovering system weaknesses before they become an opportunity for a malicious actor. The goal of SCE experiments is to move security toward continuous recalibration and increased confidence by deriving a more realistic understanding of how well security practices perform under expected conditions. This new technique of instrumentation proactively injects security turbulent conditions or faults into systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain. During this session, the speakers will dive into SCE as a discipline as well as showcase a demo of 'komrade', the 1st Open-Source Tool for running SCE experiments on Kubernetes.Click here to view captioning/translation in the MeetingPlay platform!


Post a comment