Using Kubelet Client to Attack the Kubernetes Cluster


In this blog post, we are going to look at the Kubernetes agent, kubelet (see Figure 1), which is responsible for the creation of the containers inside the nodes and show how it can be exploited remotely to attack the cluster. We will review different misconfigurations of kubelet that have been deployed with default settings as part of a Kubernetes installation and how these misconfigurations could eventually open avenues to the Kubernetes cluster as well as several effective mitigation steps.

Read more…