TL;DR: I’m working on a Kubernetes project that could be useful for security teams and auditors, feedback is welcome!
I've built an RBAC policy analyzer for popular Kubernetes open-source projects (the code will soon be in a shareable state on GitHub), it inspects the API groups, resources, and verbs accessible by service account identities in a cluster. With that I put together an static website using hugo to visualize the findings, track policy changes, and document potential abuse scenarios, etc.
Why is RBAC important? RBAC is the final layer of defense in Kubernetes security. If workloads are compromised and an identity is stolen, a misconfigured or overly permissive RBAC policy (common with Operators) can enable attackers to move laterally within your cluster, potentially leading to a complete Kubernetes cluster takeover.
If this sounds interesting, please check out the site (no Ads or SPAM in there I promise) and let me know what I’m missing, what you like, dislike, or any other constructive feedback you may have.
I've built an RBAC policy analyzer for popular Kubernetes open-source projects (the code will soon be in a shareable state on GitHub), it inspects the API groups, resources, and verbs accessible by service account identities in a cluster. With that I put together an static website using hugo to visualize the findings, track policy changes, and document potential abuse scenarios, etc.
Why is RBAC important? RBAC is the final layer of defense in Kubernetes security. If workloads are compromised and an identity is stolen, a misconfigured or overly permissive RBAC policy (common with Operators) can enable attackers to move laterally within your cluster, potentially leading to a complete Kubernetes cluster takeover.
If this sounds interesting, please check out the site (no Ads or SPAM in there I promise) and let me know what I’m missing, what you like, dislike, or any other constructive feedback you may have.