tldr - powered by Generative AI

• Threat modeling is important to identify and address security risks in a system before it goes into production.
• The Microsoft threat matrix for Kubernetes is a useful resource for identifying tactics and entry points an attacker could use and the mitigations to prevent them.
• The presentation demonstrates six exploit scenarios, including leveraging a compromised container, exploiting RBAC misconfigurations, and hijacking the entire cluster.
• For each scenario, the impact of the attack is discussed, and controls and mitigation strategies are presented.
• The presentation concludes with a summary of the lessons learned.

tldr - powered by Generative AI

• RBAC is a collection of users, resources, and operations that are combined to give access to the resources needed
• Fine-grained configuration is necessary to limit access to service accounts and humans
• Least privilege access is important to ensure that only necessary access is granted
• Audit logs can be used to craft better RBAC policies
• Escalate, impersonate, and bind verbs are dangerous and should be monitored
• Persistent volumes can be used to break out of the container context and access the underlying host

tldr - powered by Generative AI

• Virtual Argo CD instances provide one-click installation, zero configuration, and flexibility in managing multiple instances and Kubernetes versions.
• Codefresh uses a centralized setup that is cost-effective, allows for security isolation, and enables testing of new versions without affecting other customers.
• Monitoring is done using Prometheus and Grafana stacks, as well as a proprietary exporter.
• A demo is provided to show how virtual Argo CD instances are provisioned and deprovisioned.

tldr - powered by Generative AI

• Scaling Prometheus can be challenging due to issues with data aggregation and network failures
• Existing solutions such as Federation, remote read, and Thanos require manual maintenance and expertise
• A managed service that leverages Prometheus as a node agent can mitigate scaling issues and separate state and query concerns
• The service forwards metrics data to a remote back end and leverages Kubernetes resource and Daemon set to achieve the setup
• Google's Monarch provides the capacity needed to offer a prom ql compatible API and long-term retention of metrics

tldr - powered by Generative AI

• Adobe's internal developer platform standardizes best practices and consolidates engineering efforts across various internal developer teams while providing a flexible CI/CD experience
• GitOps is an architectural paradigm that deploys defined state to a live state on a running system
• Argo CD is an example of GitOps tooling that supports tracking of Kubernetes manifests in Git and supports their deployment and synchronization to a namespace on a cluster
• Argo Workflows is a workflow engine that can run CI/CD pipelines on a Kubernetes cluster
• Multi-tenancy is achieved through the isolation of each component of developer CI/CD workflows and the restriction of application deployment with Argo CD AppProjects and RBAC

tldr - powered by Generative AI

• Kubernetes is an operating system that turns servers or cloud data centers into one big computer
• RBAC is the authorization part of the API that lets teams share and block off parts of the computer to run the system
• RBAC is composed of RBAC basics, identity details, common misunderstandings, RBAC's limitations, auditing, and useful patterns for real-world implementations
• RBAC's subjects are users and groups, and apps
• The presentation includes a performance art piece and live demos to illustrate the points discussed

tldr - powered by Generative AI

• Flux has focused on security hardening and undergone internal audits to address vulnerabilities in its multi-tenancy model and improve secrets management and decryption.
• Flux can be easily kept up to date through its self-upgrading feature and integration with renovatebot.
• Flux works with open PGP to restrict access to sensitive data and prevent unauthorized modifications.
• Flux execution is predictable and can be extended through building new Kubernetes controllers using the GitHub toolkit.
• Flux has been adopted by various platforms and organizations, including the U.S. Department of Defense and Deutsche Telekom.
• Flux has a security RFC process in place to ensure that any changes that affect its security posture undergo thorough review and approval.

tldr - powered by Generative AI

• Overview of Kubernetes architecture and components
• Using K8s Threat Matrix and MITRE ATT&CK for Containers to demonstrate attack phases
• Best practices for securing Kubernetes clusters
• Anecdote about a vulnerable Drupal web application used for modeling attacks