»Down the sinkhole with Kubernetes«
2019-11-08, 12:00–12:25, Blue Day

Dive into a typical Kubernetes cluster by messing with the popular sidecar containers and supporting infrastructure.

With Kubernetes becoming a de-facto container orchestration platform, it's only a matter of time before it becomes a major target. While there are some widely publicized kubernetes vulnerabilities, this talk is not about them. Instead of taking kubernetes head on, learn how to do a recon on the k8s clusters and the common sets of sidecar containers. Then dive deep through the attack surface exposed by popular service meshes and API gateways, down to Helm and Tiller, into static pods and daemon sets, deeper to nodes and the control planes, and off to the docker registries, containers and images.