Introduction
Kubernetes clusters can quickly become complicated in terms of setup and management based on the requirements of your workloads. More often than not, security misconfigurations can wreak havoc if exploited by attackers or simply cause a compliance failure.
kubeaudit, an open source tool created by the folks at Shopify, can be used to perform a security audit of Kubernetes clusters to find common low hanging fruits that are often exploited by attackers.
Installation
kubeaudit is available as a Go package from https://github.com/Shopify/kubeaudit. Multiple installation options are available from the GitHub repository. We will show 3 of the more common ways of running kubeaudit in this article.
Using a release binary
-
From https://github.com/Shopify/kubeaudit/releases, under
Assets, download the binary for your target operating system. For our example, since we are using an Ubuntu 20.04 machine, we will download thekubeaudit_version_linux_amd64.tar.gzrelease. -
Run
tar -xzvf kubeaudit_0.21.0_linux_amd64.tar.gzto unpack the binary and run./kubeaudit versionto confirm it runs.
Using go get
You need to have Go installed on your system. To install Go on Ubuntu, you can use
sudo apt update
sudo apt install golang-goTo install kubeaudit using Go
-
From a terminal run
go get -v github.com/Shopify/kubeaudit -
Run
kubeaudit versionto confirm the program is setup properly.kubeaudit version
Using docker
The published docker version of kubeaudit was built for the arm platform. To run kubeaudit using docker, we will need to build it for the amd64 platform.
-
Download the source from the releases page at https://github.com/Shopify/kubeaudit/releases
-
Unzip the source using
unzip filename.zipand then switch to the unzipped directory -
Run the following command to build an
amd64build ofkubeauditdocker build --platform linux/amd64 --tag amd64kubeaudit . -
You can run the docker image using the following
docker run --name kubeaudit --platform linux/amd64 --rm --privileged amd64kubeaudit:latest version
Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.
Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.