How to implement DevSecOps in a Kubernetes cluster environment-Github Actions and Azure DevOps

Fig.1: Kubernetes Cluster Components
Fig. 2: Kubernetes Vulnerability trend diagram from cvedetails.com
  1. To always upgrade/patch to the new version without using unsafe defaults
  2. Protect access with proper ACL’s and log all the events
  3. Implement standard security protection around encryption keys
  4. Harden configurations with CIS benchmarks
Fig. 3: Minikube setup
Fig. 4: Installed version of minikube
Fig. 5: Setting up Kubernetes cluster
Fig. 6: Configuring Kubectl and Kubernetes cluster
Fig. 7: Deploy and Expose nginx
Fig. 8: Running my-dep(nginx) application
Fig. 9: Kubernetes-goat Setup
Fig. 10: Running Kube-bench and Kubescape
Fig. 11: Successful run of the pipeline
Fig. 12: Sample Kubescape Results
Fig. 13: Sample Kubescape dashboard
Fig.14: Sample Kube-Bench Results
Fig. 15: Integration of Kube-bench and Kubescape in Azure DevOps pipeline

Summary:

We saw why security is important in kubernetes environment and integrated tools to identify the potential vulnerabilities in a CI/CD pipeline itself. The tools used were Kube-bench and Kubescape with Github Actions and Azure DevOps as the CI/CD platform. As we all know, identifying the genuine issues is really important since we cannot blindly make the recommended changes as it is since that can hamper the functioning of the application. The tools can be any security tools which suits your requirement the best and the above implementation just gives a flavor of how it looks like if we do have kubernetes security tools in a CI/CD pipeline.

  1. https://www.cvedetails.com/version/567213/Kubernetes-Kubernetes--.html
  2. https://www.cisecurity.org/benchmark/kubernetes
  3. https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands
  4. https://kubernetes.io/docs/tutorials/kubernetes-basics/create-cluster/cluster-interactive/
  5. https://github.com/SecureMyCode221/KubeSecurity.git
  6. https://github.com/armosec/kubescape
  7. https://github.com/aquasecurity/kube-bench
  8. https://github.com/SecureMyCode221/KubeSecurity/blob/main/azure-pipeline.yml
  9. https://www.linuxtechi.com/how-to-install-minikube-on-ubuntu/
  10. https://mkaschke.medium.com/part-1-introduction-to-kubernetes-12c1ea0f328a
  11. https://www.learnitguide.net/2018/08/what-is-kubernetes-learn-kubernetes.html
  12. https://medium.com/devops-mojo/kubernetes-architecture-overview-introduction-to-k8s-architecture-and-understanding-k8s-cluster-components-90e11eb34ccd

Happy Learning !!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sneha Sathyan

Sneha Sathyan

Security professional, being in love with application and cloud security, automation and DevSecOps!!