The Kubernetes Goat designed to be intentionally vulnerable cluster environment to learn and practice Kubernetes security.
Refer to https://madhuakula.com/kubernetes-goat for the guide.
Just click and Play in browser for free using Katacoda Playground - Try now
Setting up Kubernetes Goat
- Before we setup the Kubernetes Goat, ensure that you have created and admin access to the Kubernetes cluster
kubectl version --short
- Setup the helm version 2 in path as
helm2. Refer to helm releases for more information about setup
- Then finally setup Kubernetes Goat by running the following command
git clone https://github.com/madhuakula/kubernetes-goat.git cd kubernetes-goat bash setup-kubernetes-goat.sh
- To export the ports/services locally to start learning, run the following command
- Sensitive keys in code bases
- DIND(docker-in-docker) exploitation
- SSRF in K8S world
- Container escape to access host system
- Docker CIS Benchmarks analysis
- Kubernetes CIS Benchmarks analysis
- Attacking private registry
- NodePort exposed services
- Helm v2 tiller to PwN the cluster
- Analysing crypto miner container
- Kubernetes Namespaces bypass
- Gaining environment information
- DoS the memory/cpu resources
- Hacker Container preview
- Featured in the official Kubernetes Podcast at https://kubernetespodcast.com/episode/109-kubermatic
- Featured in tl;dr sec https://tldrsec.com/blog/tldr-sec-039
- Featured in CloudSecList https://cloudseclist.com/issues/issue-42
Kubernetes Goat creates intentionally vulnerable resources into your cluster. DO NOT deploy Kubernetes Goat in a production environment or alongside any sensitive cluster resources.
Kubernetes Goat comes with absolutely no warranties whatsoever. By using Kubernetes Goat, you take full responsibility for any and all outcomes that result.
Thanks goes to these wonderful people