Kubernetes and Security -- An Overview from RedHat and Intel

Feb 2019 darkblue_b - B Hamlin - OSGeo dot org

This all-day seminar, presented at no cost to OpenSource contributors and others, featured RedHat senior speakers on a variety of topics related to Kubernetes and security, both current and roadmap.

The event was presented to an audience of about 100 professionals from a wide variety of backgrounds, commercial, government and FOSS. Primary committers on many projects were also in attendance, mostly from RedHat.

The morning started out with the news that "security is a hard problem, and is not solved" .. there is a massive expansion of products and participants, and that most every C-Level executive in technology is identifying security as a key-concern in recent surveys. Of course, what is not stated on-stage is the relentless news articles on data-breaches of every kind, and a general worry about increasingly sophisticated attack vectors, up-to and including "AI" driven activity. Couple this with very popular and cost-effective "cloud" computing services, and the idea that security is important is self-evident.

In the past two years, the Kubernetes system [0], originally from Google engineering and implemented in Golang, has moved to the forefront of container-driven workflows in industry. RedHat and others had been involved with Kubernetes, and also other container systems, but K8s as it is called for short, has momentum and with it, engineering resources. It is safe to say that it is a hard problem to accomplish well, and there is little to be gained by re-inventing these kinds of plumbing-level compute mechanisms.

Overview of Current Systems - Creating Containers

Three parts to a container system workflow:

• source code that will execute in the container
• the build environment that prepares source code to run
• built containers ready to be copied and executed

Source code systems are converging on the git workflow, where each commit is a signed difference to a source code base, organized by branches, with notable commits marked with tags. The git workflow, pioneered by the Linux kernel developers and Linus Torvalds, has gained immense industry adoption when combined with a web-GUI like github, or similar projects like gitea. A feature of the git workflow is that there is an audit trail, for practical purposes resistant to forgery or modification after commits.

Secondly, the build system that creates the container code is more and more a formal system itself. It is not entirely solved, but practical methods of identifying and obtaining standard FOSS build environments is the industry direction. Specific build environments include: Java, C++/C, node.js, php, Rust and Golang.

Third, a completed container may be signed and available in a repository. Early versions of Docker had only one, hard-wired source of containers, but more recently container registries have become part of the Docker project. Due to converging industry efforts, Docker and K8s enjoy a special relationship, now and going forward in the forseeable future.

Industry or others may choose to run one or more of these processes behind firewalls privately. From a security perspective, role-based editing and access to content, and an internal audit-trail give greater control of the process.

Outside of the firewall, an ecosystem can develop "trusted" sources of components and containers, with varying degrees of formality. The Debian project is an example of a well-established trust source. Other dot-orgs can choose their participation level in the trust chain, with an associated responsibility to monitor the operations and results. In the field attacks, particularly in Windows system but also Linux and others, have shown that inserting attack code into a frequently downloaded, high-profile project is an effective attack vector.

Scale

A feature of modern network infrastructure is the ability to scale on demand. Cloud systems

[0] ​https://en.wikipedia.org/wiki/Kubernetes

presentations are available here: ​https://www.brighttalk.com/summit/4516-security-symposium/

event site: ​https://www.redhat.com/en/events/security-symposium-sanjose#