Kubernetes security

Written by Ruchir Tewari

Threat matrix for Kubernetes – https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/

RSA’20 The future of Kubernetes attacks – https://youtu.be/CH7S5rE3j8w

K8S is based on Controller pattern.

Resources capture the desired state.

Current state is kept centralized in etcd.

Controllers reconcile current state with desired state.

K8S has more a centralized control plane compared to Cloud Foundry.

Pod is a top level resource.

Kubernetes <- kubectl

EKS <-eksctl

spinnaker – itself runs on kubernetes as a set of pods which can be scaled up

Cheat sheet:

https://kubernetes.io/docs/reference/kubectl/cheatsheet/

Commands:

kubectl get nodes

kubectl get pods

Operators:

Is a kind of resource manager, for Custom resources.

https://medium.com/ingeniouslysimple/extending-kubernetes-with-operators-d99c4a02af72

https://blog.frankel.ch/your-own-kubernetes-controller/1/

https://pushbuildtestdeploy.com/when-do-kubernetes-operators-make-sense/

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s