GitOps and Kubernetes by Billy Yuen & Jesse Suen & Alex Matyushentsev & Todd Ekenstam

Author:Billy Yuen & Jesse Suen & Alex Matyushentsev & Todd Ekenstam [Billy Yuen]
Language: eng
Format: epub
ISBN: 9781617297274
Publisher: Manning Publications
Published: 2021-04-18T18:30:00+00:00

Figure 6.5 Travis runs the CI job that validates deployment manifests. The validation fails due to detected vulnerabilities.

The kubeaudit detected that the Pod security context is missing the runAsNonRoot property that prevents running a container with root user as part of the Pod. This is a valid security concern. To fix the security issue, change the Pod manifest as represented in the following code listing.

Listing 6.3 Sample app deployment (http://mng.bz/zxXa)

apiVersion: apps/v1 kind: Deployment metadata: name: sample-app spec: replicas: 1 revisionHistoryLimit: 3 selector: matchLabels: app: sample-app template: metadata: labels: app: sample-app spec: containers: - image: gitopsbook/sample-app:v0.1 name: sample-app command: - /app/sample-app ports: - containerPort: 8080 + securityContext: + runAsNonRoot: true

Commit changes and update the pull request by pushing the change1 branch:

git commit -am 'Update deployment' git push upstream change1

The pull request should pass verification!

Exercise 6.5

Learn which additional audits are provided by the kubeaudit application. Try using the kubeaudit autofix -f deployment.yaml command.

Protecting commit author identity

At this point, our repository is securely hosted on GitHub. We control which GitHub accounts can make changes in the repository, enforce the code review process for every change, and even run static analysis for every pull request. This is great but still not enough. As often happens, a social engineering attack can bypass all these security gates.

What would you do if your boss sent you a pull request and asked you to merge it immediately? Under pressure, an engineer might decide to take a quick look at the pull request and approve it without careful testing. Since our repository is hosted on GitHub, we know which user authored the commit. It is impossible to make a commit on behalf of someone else, right?

Unfortunately, this is not true. Git was not designed with strong identity guarantees. As we mentioned before, Git is a completely developer-oriented tool. Every bit of a commit is under the engineers’ control, including information about the commit author. So an intruder can easily create a commit and put your boss’s name into the commit metadata. Let’s do a simple exercise to demonstrate this vulnerability.

Open a console, and create a new commit on the master branch using this command:

echo '# hacked' >> ./deployment.yaml git commit --author='Joe Beda <[email protected]>' -am 'evil commit' git push upstream master

Open the commit history of your repository on GitHub, and check the most recent commit information. Look, Joe Beda9 just updated our Pod manifest!

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.