Coder Social home page Coder Social logo

cloud-shell-setup's Introduction

KubeCon NA 2019 CTF Guide

Viewing this Guide

Visit https://securekubernetes.com

KubeCon Schedule Link

Attacking and Defending Kubernetes Clusters: A Guided Tour

Offline Viewing

To take this guide with you:

  • Install git and a recent build of Docker.
  • "Fork" this repo.
  • "Clone" this repo.
  • Run make dockerbuild to build the container.
  • Run make serve to launch the guide in docker.
  • Visit localhost:8080 to browse the guide offline.

About the Author(s)

  • @tabbysable has been a hacker and cross-platform sysadmin since the turn of the century. She can often be found teaching network offense and defense to sysadmins, system administration to security folks, bicycling, and asking questions that start with "I wonder what happens if we..."
  • @petermbenjamin is a Software Engineer with a background in Information Security and a co-organizer for the San Diego Kubernetes and Go meet-ups. He has a passion for enabling engineers to build secure and scalable applications, services, and platforms on modern distributed systems.
  • @jimmesta is a security leader that has been working in AppSec and Infrastructure Security for over 10 years. He founded and led the OWASP Santa Barbara chapter and co-organized the AppSec California security conference. Jimmy has taught at private corporate events and security conferences worldwide including AppSec USA, LocoMocoSec, SecAppDev, RSA, and B-Sides. He has spent significant time on both the offense and defense side of the industry and is constantly working towards building modern, developer-friendly security solutions.
  • @BradGeesaman loves helping others improve the security of their Kubernetes clusters and supporting cloud environments. He has recently spoken at KubeCon NA 2017, NA 2019, and NA 2020, and EU 2020 on Kubernetes security and has over 5 years of experience building, designing, and delivering ethical hacking educational training scenarios.

cloud-shell-setup's People

Contributors

bgeesaman avatar jmbmxer avatar pbnj avatar tabbysable avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

jnaulty manicodesecurity ivanivsky michaelrp ezequieltbh digitalarche thecjin cybernewbies silviabotros ktaka-ccmp

cloud-shell-setup's Issues

Falco setup is broken for GKE 1.18

Hi folks,

On May 4th 2021 Google updated the default version of the stable channel of GKE to version 1.18.17-gke.100.

This breaks the setup of falco as described in "Scenario 1 Defense"

`kubectl logs -n falco $(kubectl get pod -n falco -l app=falco -o=name) -f

  • Setting up /usr/src links from host
  • Mounting debugfs
    Found kernel config at /proc/config.gz
  • COS detected (build 13310.1209.12), using cos kernel headers...
  • Downloading https://storage.googleapis.com/cos-tools/13310.1209.12/kernel-headers.tgz
  • Extracting kernel sources
  • Configuring kernel
  • Trying to compile BPF probe falco-probe-bpf (falco-probe-bpf-0.17.1-x86_64-5.4.89+-6735ed26366864a54a2aaf3bbad46268.o)
    In file included from /usr/src/falco-0.17.1/bpf/probe.c:13:
    In file included from ./include/linux/sched.h:14:
    In file included from ./include/linux/pid.h:5:
    In file included from ./include/linux/rculist.h:11:
    In file included from ./include/linux/rcupdate.h:26:
    In file included from ./include/linux/irqflags.h:16:
    In file included from ./arch/x86/include/asm/irqflags.h:9:
    In file included from ./arch/x86/include/asm/nospec-branch.h:6:
    In file included from ./include/linux/static_key.h:1:
    ./include/linux/jump_label.h:278:2: error: expected '(' after 'asm'
    STATIC_KEY_CHECK_USE(key);
    ^
    ./include/linux/jump_label.h:81:35: note: expanded from macro 'STATIC_KEY_CHECK_USE'
    #define STATIC_KEY_CHECK_USE(key) WARN(!static_key_initialized,
    ^
    ./include/asm-generic/bug.h:124:3: note: expanded from macro 'WARN'
    __WARN_printf(TAINT_WARN, format);
    ^
    ./include/asm-generic/bug.h:93:3: note: expanded from macro '__WARN_printf'
    __WARN_FLAGS(BUGFLAG_NO_CUT_HERE | BUGFLAG_TAINT(taint));
    ^
    ./arch/x86/include/asm/bug.h:79:2: note: expanded from macro '__WARN_FLAGS'
    _BUG_FLAGS(ASM_UD2, BUGFLAG_WARNING|(flags));
    ^
    ./arch/x86/include/asm/bug.h:35:2: note: expanded from macro '_BUG_FLAGS'
    asm_inline volatile("1:\t" ins "\n"
    ^
    ./include/linux/compiler_types.h:210:24: note: expanded from macro 'asm_inline'`

If I create a cluster with '--cluster-version="1.17.17-gke.3700" --node-version="1.17.17-gke.3700"' instead of '--release-channel "stable"' the setup still works.
I will try to find out what causes the problem here and to create a PR for it, but I am unsure when I will have the time to do so.
I opened the issue to potentially let others know that they are not alone.

Workaround:
Edit setup.sh and use '--cluster-version="1.17.17-gke.3700" --node-version="1.17.17-gke.3700"' instead of '--release-channel "stable"'.

Error on first time `./setup.sh`

Hit this error when running ./setup.sh for the first time. Running it again without changing anything did not reproduce the issue.

Applying bonus node content

error: error executing jsonpath "{.items[].metadata.name}": Error executing template: array index out of bounds: index 0, length 0. Printing more information for debugging the template:
        template was:
                {.items[].metadata.name}
        object given to jsonpath engine was:
                map[string]interface {}{"apiVersion":"v1", "items":[]interface {}{}, "kind":"List", "metadata":map[string]interface {}{"resourceVersion":"", "selfLink":""}}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.