Not a realistic production scenario. Webservers/Load Balancers are usually on a different server and network than the Kubernetes cluster. The cluster itself has no direct internet connectivity and only ports exposed to the world are the HTTP(S) ports of the load balancers
From 2021 Kubernetes (v1.20+) removes the default dependency on docker in favour of containerd. This "attack" may work on a badly configured Kubernetes version prior to that and also on a poorly configured docker swarm cluster.
yes, i agree. I will give you a case scenario where this could happen: Cheapskate companies that would like to save Cloud costs. Instead of paying for full Kubernetes managed service they just use EC2 instances with terraform cloud. An Engineer is told to make things work. So there he goes and uses terraform to create an EC2 instance with docker engine installed. He wants to use a terraform docker provider and boom you must expose the docker engine port so that terraform creates the docker containers. Everyone is happy = low cost, manager can boast, the engineer can move on to do lots more things... This is a real life scenario and yes the docker engine was exposed to the internet :-)
This is the epitome of one jumps into kubernetes too quickly without regards to any best practices (pain points: exposed docker port + conn string as env var) whatsoever...
Hi Mumshad brother, is it possible to be a DevOps engineer for a non tech person? I am an an anthropologist, had career break for children now I got interested in cloud. I am a certified cloud practitioners and courntly I am doing cybersecurity program. I am interested about cloud security though I am new in this field. How long need to I have to work in cloud then I can try for the cloud security? I am a mother of two teenage kids and fourty plass cloud savvy.
Certainly, transitioning into a DevOps or cloud security role is achievable, even without a traditional tech background. With your Cloud Practitioner certification, explore advanced cloud certifications and gain hands-on experience. Learn automation tools and DevOps practices. Leverage your unique background in anthropology for soft skills. Focus on cloud security by building on your existing cloud knowledge and pursuing security certifications.
Full Certified Kubernetes Application Developer (CKAD) Course: kode.wiki/CKAD_YT
Not a realistic production scenario. Webservers/Load Balancers are usually on a different server and network than the Kubernetes cluster. The cluster itself has no direct internet connectivity and only ports exposed to the world are the HTTP(S) ports of the load balancers
you will be surprised to know that some companies actually have scenarios like this one...
if only
Great clip with crisp coverage on security
Glad you enjoyed it! Please subscribe to our channel and keep supporting😊
Wonderful, great hands on presentation
Many thanks! Please subscribe and encourage us to create more such quality content.
From 2021 Kubernetes (v1.20+) removes the default dependency on docker in favour of containerd. This "attack" may work on a badly configured Kubernetes version prior to that and also on a poorly configured docker swarm cluster.
That election story surely was scary!!!
Great video, Mumshad!
Always love your videos!
Glad you liked it! Please subscribe and encourage us to create more such quality content.
What!?? Never knew I wasn’t subscribed 😭
By the way, all my DevOps friends and wannabes are tired of me talking about kodekloud
Thank you a fantastic video and demonstration
Glad it was helpful!
I subscribed within the first few seconds of hearing the quality stuff ,lol
Excellent and eye opener....👌👌👌
Glad you liked it! Thanks:)
Having the docker port exposed is simply the most stupid thing I think someone can do on a cluster. Why they did this?
Because they are dog lovers. LoL
No one did it.. it's made up scenario that teaches theater security
@@kubectlgetpo watch again at 0:40 :-)
@CipherNL yeah crap scenario all around
yes, i agree. I will give you a case scenario where this could happen:
Cheapskate companies that would like to save Cloud costs. Instead of paying for full Kubernetes managed service they just use EC2 instances with terraform cloud. An Engineer is told to make things work. So there he goes and uses terraform to create an EC2 instance with docker engine installed. He wants to use a terraform docker provider and boom you must expose the docker engine port so that terraform creates the docker containers.
Everyone is happy = low cost, manager can boast, the engineer can move on to do lots more things...
This is a real life scenario and yes the docker engine was exposed to the internet :-)
can you please share the material you used for the demo? maybe a git repo?
amazing explanation :) great use-case
I can understand ssh port being open by mistake.... but I can't wrap around why docker port is opened?
Do people really run their docker hosts with no authentication and their kubernetes dashboards exposed to the internet?
No. :-D
What is this tools for port scanning? And where I can get it ?
This is the epitome of one jumps into kubernetes too quickly without regards to any best practices (pain points: exposed docker port + conn string as env var) whatsoever...
And sadly, the majority of people still do this...
Yes, that's true.
How did you put an icon in ZSH?
You can use powerlevel10k for custom ZSH
Hi Mumshad brother, is it possible to be a DevOps engineer for a non tech person? I am an an anthropologist, had career break for children now I got interested in cloud. I am a certified cloud practitioners and courntly I am doing cybersecurity program. I am interested about cloud security though I am new in this field. How long need to I have to work in cloud then I can try for the cloud security? I am a mother of two teenage kids and fourty plass cloud savvy.
Certainly, transitioning into a DevOps or cloud security role is achievable, even without a traditional tech background. With your Cloud Practitioner certification, explore advanced cloud certifications and gain hands-on experience. Learn automation tools and DevOps practices. Leverage your unique background in anthropology for soft skills. Focus on cloud security by building on your existing cloud knowledge and pursuing security certifications.
Very good demo for people who don't know about hacking
100% !
Thank you so much : ) We are glad to be a part of your learning journey
great content
Welcome! Please subscribe to our channel and help us create more such videos. Thanks 😊
Marvellous
Thanks👍
Please subscribe and encourage us to provide more such quality content.
Nice
Thanks! Please subscribe to our channel and keep supporting😊
Awesome 👍😎
Thanks! Please subscribe to the channel and help us do more such creative educational videos.
@@KodeKloud already a subscriber sir, cheers!
By default docker running only as Unix service
Someone know how can i put a logo in my zsh terminal, like that?
Nice... :)
where can we get the dirty-cow.sh
cue fargo theme
😳
Thanks for watching our video. Cheers!
:D
Awesome 👌
Great content
Thanks:)
Awesome 👍
Thanks for your love and support!