Open in app

Sign up

Sign in

Write

Sign up

Sign in

System Weakness

System Weakness is a publication that specialises in publishing upcoming writers in cybersecurity and ethical hacking space. Our security experts write to make the cyber universe more secure, one vulnerability at a time.

Follow publication

Kubernetes for Pentesters: Essential Terms Explained Part 1

--

Photo by Growtika on Unsplash

An open-source platform called Kubernetes automates the administration, scalability, and deployment of containerized applications. It is a scalable, portable, and extendable platform that can be set up locally or in the cloud. Kubernetes is growing more significant as the use of containerized applications spreads. According to a recent survey by the Cloud Native Computing Foundation, 84% of businesses are currently utilizing or intend to adopt Kubernetes.

In order to stay up with the rapidly changing online environment, pentesters need to be familiar with Kubernetes’ underlying functionalities. This part solely discusses Kubernetes-related terms; if you’re interested in learning more, check out the extensive section.

I will release a comprehensive tutorial on pentesting Kubernetes and cloud pentesting. Stay tuned for more!

Cluster:

A group of physical or virtual machines (referred to as “nodes”) that collaborate to run containerized apps is referred to as a “Kubernetes cluster.” It is made up of worker nodes and a control plane.

Control Plane:

The cluster’s management and coordination are the responsibilities of the control plane. The controller manager handles cluster-level operations, the scheduler allocates Pods to nodes, the API server exposes the Kubernetes API, and etcd serves as a distributed key-value store for cluster data.

  • API Server: The core control plane element that exposes the Kubernetes API is known as the API Server. It manages API request authentication, permission, and validation and serves as the hub for cluster administration.
  • Scheduler: The Scheduler is in charge of allocating Pods to worker nodes in accordance with resource needs, node availability, and other restrictions. It guarantees the best workload allocation throughout the cluster.
  • Controller Manager: The Controller Manager oversees a number of controllers that deal with various cluster tasks, including managing service endpoints, maintaining desirable Pod replicas, and handling node-related events.
  • etcd: The control plane uses etcd, a distributed key-value store, to store and retrieve cluster status data. For storing configuration data, secrets, and other crucial cluster information, it offers a trustworthy and highly accessible data storage.

Worker Nodes:

Worker nodes are the computers that operate and deliver containers. They are in charge of running container runtimes like Docker or containerd and hosting the pods. Every worker node interacts with the control plane and runs the kubelet, an agent that manages pods.

  • Kubelet: Every worker node in the Kubernetes cluster has a kubelet agent running on it. It is in charge of overseeing the condition of the Pods on its node. In order to receive instructions on which Pods to run, the kubelet communicates with the control plane. It also makes sure that the designated containers are operating and in good condition on the node. To launch, stop, and monitor containers inside the Pod, it communicates with the container runtime (such as Docker or containerd).
  • Container Runtime: The software used by a Kubernetes cluster to manage and operate containers is known as the container runtime. It offers the fundamental framework required to build and run containers, keeping them separate from the host system and other containers. Docker, containerd, and CRI-O are a few examples of popular container runtimes in Kubernetes.

Pods:

In Kubernetes, a pod is the smallest deployable unit. It represents one or more containers with close coupling and resource sharing. Pods are operated on worker nodes and are scheduled and managed by the control plane.

Deployments:

The lifecycle of Pods can be managed declaratively via deployments. They enable rolling updates and rollbacks and make sure a certain number of replica Pods are active.

Services:

Services give Pods access to networking and load balancing. They can either be exposed internally within the cluster or externally and offer a reliable network endpoint for accessing a group of Pods.

Replication Controllers/Replica Sets:

The required number of replica Pods is maintained by replication controllers (deprecated) and replica sets. They keep an eye on the pods and automatically add or remove replicas to keep the count at the correct level.

Namespaces:

Namespaces give a cluster’s resources a logical method to be divided up. They offer resource isolation and access control while allowing distinct teams or projects to manage their workloads independently.

StatefulSets:

StatefulSets are used to manage stateful applications, ensuring that each Pod is created in a specific order and that its persistent storage is maintained. They are employed by programs like databases that demand dependable network connectivity and persistent data.

ConfigMaps and Secrets:

ConfigMaps keep track of configuration information, whereas Secrets keep track of private data. Both are available to applications as mounted files, environment variables, and command-line arguments.

Persistent Volumes (PV) and Persistent Volume Claims (PVC):

PVCs are demands for storage made by Pods, whereas PVs are storage volumes in the cluster. PVCs attach to PVs and give Pods permanent storage.

Ingress:

Ingress provides external HTTP and HTTPS routes to cluster-administered Services, enabling external traffic to connect to the proper Services.

HPA (Horizontal Pod Autoscaler):

Based on CPU usage or configurable metrics, HPA automatically scales the number of pods. It guarantees the most effective resource distribution and application performance.

Secret Management:

To safely store, maintain, and distribute secrets across the cluster, secret management solutions are utilized, ensuring the confidentiality of sensitive data.

Monitoring and logging:

Kubernetes offers a number of logging and monitoring options that assist in gathering and analyzing logs and metrics from cluster components and applications, ensuring observability and troubleshooting capabilities.

Helm:

Helm is a Kubernetes package manager that makes it easier to deploy and manage applications by offering a framework for creating templates and version control for Kubernetes resources.

Custom Resource Definitions (CRDs):

To specify unique resource categories and their behavior, CRDs extend the Kubernetes API. They provide customization and extensibility of Kubernetes functionality by letting users develop and manage their own resources and controllers.

Signing out,
- Toothless

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Sign up for free

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Try for $5/month
Kubernetes
Pentest

--

--

System Weakness
System Weakness
Follow

Published in System Weakness

6.8K Followers
Last published 16 hours ago

System Weakness is a publication that specialises in publishing upcoming writers in cybersecurity and ethical hacking space. Our security experts write to make the cyber universe more secure, one vulnerability at a time.

Follow
Safwan Luban
Safwan Luban
Follow

Written by Safwan Luban

191 Followers
4 Following

Ethical hacker, Independent Security Researcher

Follow

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech