Max Kelsen Wraps Up KubeCon: Day Four
Final takeaways and highlights from KubeCon’s bi-annual conference, held virtually for the very first time — part four of a four part series.
The final day of KubeCon has come and gone and we have been really blown away by the quality of presentations by all industry thought leaders involved. We would like to thank everyone who took their time to disseminate their knowledge at this year’s conference. Going virtual proved to be an extremely flexible format that enhanced the communication available between the attendees and speakers — a priceless experience!
Some final takeaways and thoughts from the Max Kelsen team who attended this year’s virtual conference.
Going Beyond CI/CD With Prow
Open source software is the foundation of a huge number of systems and products built every single day. Ensuring the contribution process to these codebases is smooth and intuitive encourages a larger number of people to give back to the software they use everyday — driving continuous improvement. The better the underlying libraries and tools are, the better the final products that are build on top will be.
The presentation by Leo Di Donato from Sysdig, titled ‘Going Beyond CI/CD With Prow’ was particularly interesting to Max Kelsen Machine Learning Engineer, Matthew Rose, as he reminisced of the first time he had ever personally contributed to an open source project. Matt remembers it as being a great experience — as soon as he opened up his pull requests, he was immediately greeted by four comments from GitHub bots that were set up by the maintainers. They helpfully detailed the next steps and gave him great visibility into how the processes would move along. Seeing the seamless process of automated tests being run on his code, and receiving automated tags that changed from ‘needs testing’ to ‘approved’, then finally to ‘LGTM’ being assigned to his PR was extremely impressive. This presentation gave Matt an even greater insight into the systems/tools used to enable this contribution workflow — an eye-opener indeed.
Advanced Persistence Threats — The Future of Kubernetes Attacks
Our final stand-out presentation was the presentation by Ian Coldwater from Salesforce, and Brad Geesaman from Darkbit titled, ‘Advanced Persistence Threats — The Future of Kubernetes Attacks’. This talk was nominated by our Cloud Engineer, Esmael Tahmasebi, as his highlight of the day. He found it extremely interesting when they talked about how Kubernetes clusters can be vulnerable if they are misconfigured, even when on the cloud.
The ecosystem and architecture of Kubernetes has grown significantly throughout time and the complexity of the system has also grown alongside it. Kubernetes versions are released every three months, however, the supporter is usually not released until another nine months after that. This leaves most users a few releases behind, allowing attackers plentiful time and opportunities to devise ways to compromise already released versions.
During this presentation, Brad and Ian interestingly showcased a few ways to attack a Kubernetes platform such as validating webhooks, shadow API server attackers, using K3S as C2, and the Kubelet Exploit. If you are interested to learn more about these methods, we highly recommend watching the recording once it is out on YouTube or connect with one of our Max Kelsen team for an open discussion — learning should be shared!
And that is the final piece for our virtual KubeCon blog series. We really appreciate the organisers’ effort and time into transforming this event into a virtual format, meaning our team were able to attend remotely. The variety of talks and vast range of topics were powerful thought pieces that Max Kelsen will be avidly weaving into our processes to continue to stay diligent and innovative. Keep updated with our news and events through our LinkedIn and website to find out more about industry trends, movements and upcoming technology. We hope to see everyone at the next KubeCon — whether virtually or in person!