|
|
||
|---|---|---|
| .. | ||
| readme.md | ||
Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google, and is now maintained by the Cloud Native Computing Foundation.
API addresses that you should know (External network visibility)
- cAdvisor
curl -k https://<IP Address>:4194
- Insecure API server
curl -k https://<IP Address>:8080
- Secure API Server
curl -k https://<IP Address>:(8|6)443/swaggerapi
curl -k https://<IP Address>:(8|6)443/healthz
curl -k https://<IP Address>:(8|6)443/api/v1
- etcd API
curl -k https://<IP address>:2379
curl -k https://<IP address>:2379/version
- Kubelet API
curl -k https://<IP address>:10250
curl -k https://<IP address>:10250/metrics
curl -k https://<IP address>:10250/pods
- kubelet (Read only)
curl -k https://<IP Address>:10255
Tools for detecting misconfigurations in Kubernetes:
-
kubeaudit. kubeaudit is a command line tool to audit Kubernetes clusters for various different security concerns: run the container as a non-root user, use a read only root filesystem, drop scary capabilities, don't add new ones, don't run privileged, ...
-
kubesec.io. Security risk analysis for Kubernetes resources.
-
kube-bench. kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.
-
katacoda. Learn Kubernetes using interactive broser-based scenarios.