Kubernetes RBAC

Kubernetes RBAC - Aqua https://www.aquasec.com/tag/kubernetes-rbac/ Cloud Native Security, Container Security & Serverless Security Mon, 29 Jul 2024 14:24:18 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 Kubernetes History: How It Conquered Cloud Native Orchestration https://www.aquasec.com/blog/kubernetes-history-how-it-conquered-cloud-native-orchestration/ Thu, 25 Jul 2024 04:13:34 +0000 https://www.aquasec.com/?p=21211

Kubernetes History: How It Conquered Cloud Native Orchestration

Did you know that Kubernetes originally had no built-in features for managing user permissions, or that support for storing data persistently didn’t appear until Kubernetes was four years old? If not, you might enjoy a dive into the history of Kubernetes on the tenth anniversary of the open source container orchestration system. This article highlights …]]> First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters https://www.aquasec.com/blog/leveraging-kubernetes-rbac-to-backdoor-clusters/ Fri, 21 Apr 2023 09:59:09 +0000 https://www.aquasec.com/?p=14426

First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

We have recently discovered the first-ever evidence that attackers are exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) in the wild to create backdoors. The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack. Our research suggests that this campaign is actively targeting at least 60 clusters in the …]]> Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing https://www.aquasec.com/blog/kubernetes-rbac-privilige-escalation/ Wed, 06 Apr 2022 09:30:00 +0000 https://www.aquasec.com/?p=14889

Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Following on from our previous post on the risks of privilege escalation in Kubernetes via the node/proxy resource, we’re going to take a look at how users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster. In addition to …]]> Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC https://www.aquasec.com/blog/privilege-escalation-kubernetes-rbac/ Thu, 03 Mar 2022 11:30:00 +0000 https://www.aquasec.com/?p=14960

Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC

One of the side effects of Kubernetes’ rich API and extensive functionality is that sometimes there are security implications to granting users permissions. Security architects should be aware of these side effects when designing platforms that use Kubernetes. In recent research with Iain Smart of NCC Group, we looked at how granting rights to node/proxy …]]> RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins https://www.aquasec.com/blog/kubernetes-verbs/ Mon, 31 Jan 2022 15:30:00 +0000 https://www.aquasec.com/?p=14985

RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins

Kubernetes’ role-based access control (RBAC) system is a cornerstone of cluster security. Most clusters use RBAC to determine which users have access to specific operations, and its core elements are well covered in the Kubernetes documentation. However, there are some less well-known features that could be relevant when creating or using tools designed to ensure …]]>