When assessing the security of any system, one of the first points to be considered is the “threat model” you'll be thinking about. Different groups of attackers have different capabilities and motivations, so when you're thinking about what controls are needed, it's important to think about what they have access to.

One of the most basic common threat models is that of the external attacker. Attackers in this category are typically looking at remotely available starting points, such as listening network services, and have no existing access to the system that they're attempting to compromise.

So when we're thinking about securing Kubernetes systems, it makes sense to first look at the attack surface available to these external attackers, before moving on to consider more advanced threat models. Kubernetes clusters can have a number of listening network ports, and several of these are susceptible to attack, if incorrectly configured.

This chapter will look at each of the main ports used by Kubernetes clusters in turn from an attacker's perspective, showing what kinds of attacks are possible via that service. Understanding the attacker's approach is an important element of security, as the techniques can be used by defenders to test the systems they've built and also to improve security detection and response techniques.

The Kubernetes Network Footprint

To assess the network attack surface of a Kubernetes cluster, we can use a port scanner ...