Hands-on with Kubernetes Goat - Introduction and Setup

Riyaz Walikar
Feature image


Kubernetes Goat is an intentionally vulnerable Kubernetes cluster environment with multiple scenarios that can be used to learn and practice Kubernetes security. It’s released under MIT on GitHub by Madhu Akula.

It has over 10 different scenarios covering weaknesses ranging from container escapes to SSRF exploitation to gain access to files. All of the scenarios are driven by misconfigurations and do not cover any issues arising from the usage of old and vulnerable software.


Kubernetes Goat can be installed on any K8S cluster, standalone or cloud managed. Basic requirements include

  1. A functional Kubernetes cluster to which you have administrative RBAC/object creation access
  2. Kubectl to manage the installation and troubleshooting when required
  3. Linux host as the deployment scripts are bash scripts
  4. Helm package manager, which can be installed by following the documentation

Note: As Kubernetes Goat is an intentionally vulnerable tool, it is highly recommended to set up a new cluster to try this out. If the cluster is set up on unmanaged nodes on AWS, Google Cloud or Azure, make sure the nodes are set up in isolated accounts, projects or resource groups respectively. Additionally, do not expose the cluster to the Internet or assign privileged credentials/service accounts.

Steps to install

  1. Confirm you have access to the cluster via kubectl. You can run the following command to confirm access

    kubectl version
  2. Clone the Kubernetes Goat repository and run the setup script provided in the repo. The following commands perform these actions

    git clone https://github.com/madhuakula/kubernetes-goat.git
    cd kubernetes-goat
    bash setup-kubernetes-goat.sh
  3. Ensure the pods created using the script are up and running in the cluster. At least 1 pod of each scenario should be running as there may be pods that are undergoing restarts or may have other statuses

    kubectl get pods

    kubectl get pods

  4. Once it is confirmed that the pods are in running state, run the following command to set up acces to the scenarios through multiple kubectl proxy connections

    bash access-kubernetes-goat.sh
  5. Then navigate to to access the dashboard from which you can access the different scenarios in the playground.

    kubernetes goat dashboard

← Back to Academy