Kubernetes & Container Security Checklist

Production, staging, dev; managed (EKS/GKE/AKS) vs self-managed; control-plane vs node K8s version skew. Each cluster has its own attack surface.

Cluster-wide RBAC review is heavy. Agree which namespaces are in scope and whether cross-namespace privilege checks are explicitly included.

A cluster is only as trustworthy as its registries. Note GHCR/ECR/GCR/Docker Hub usage and whether base images come from a hardened internal registry.

Static-token auth is a red flag, OIDC + workload identity is normal. Note auth providers per-cluster.

Admission control is where most workload-hardening lives. Inventory enforced policies and which mode (enforce vs audit) they run in.

kube-bench gives a per-control pass/fail against the CIS Benchmark. Use the output as a backlog and a starting point for deeper testing.

kube-hunter is the dedicated K8s pentest scanner. Run from outside (network exposure) and as a pod (insider) to map the differential.

Get explicit kubeconfigs per-role: cluster-admin (read-only audit), namespace-admin, normal-developer. Cross-role tests require all three.

Pod -> cloud IAM links are a major lateral path. Note the OIDC mappings in IRSA / GKE Workload Identity / Azure AD Workload Identity.

NSA/CISA v1.2 (Aug 2022) is the de-facto baseline for kubernetes hardening. Use it as the structural lens for the engagement.

Managed-control-plane endpoints often default to public. Confirm whether the API server is private-only, IP-allow-listed, or open. nmap from outside.

CIS 4.2.1 / 4.2.2. kubelet must be `--anonymous-auth=false` and `--authorization-mode=Webhook`. Anonymous kubelet was the Tesla 2018 cluster compromise.

Without encryption-at-rest, every secret in the cluster is a base64 line in etcd.db. Confirm `--encryption-provider-config` and rotate the KEK.

CIS 1.2.20-23. Bare audit log without RequestResponse-level entries on Secrets / RoleBindings is too coarse to investigate incidents.

Each namespace should carry pod-security.kubernetes.io/enforce=baseline at minimum, restricted preferred for non-system workloads.

Run `kubectl get clusterrolebindings -o yaml` and look for cluster-admin granted to ServiceAccounts, dev users, or the system:authenticated group.

Workloads in the `default` namespace using the `default` ServiceAccount inherit the most-permissive defaults. Audit and migrate.

The Kubernetes Dashboard with cluster-admin token is a one-step compromise. Confirm it is not exposed externally and uses scoped tokens.

Without a default-deny NetworkPolicy, every pod can reach every other pod and the metadata IP. Confirm Calico/Cilium/Antrea enforces it.

CIS 1.1.20. /debug/pprof on kube-apiserver / kube-scheduler / kube-controller-manager has historically been an info leak. Confirm disabled.

CIS 5.2 / NSA. Pods running as root with writable rootfs make container escape one CVE away. Inspect every workload`s securityContext.

Privileged pods are root on the host. Any privileged pod outside system-namespaces is an escalation hand-grenade.

CAP_SYS_ADMIN, CAP_NET_ADMIN, CAP_SYS_PTRACE in workloads outside the kube-system namespace are warning signs. Drop ALL by default.

A hostPath mount of `/` makes container escape trivial. Any docker.sock or kubelet.sock mount is a path to cluster takeover.

Confirm that running images do not have unpatched critical CVEs. Trivy gives the cleanest CI-friendly output.

NSA hardening guide 4.3. RuntimeDefault seccomp closes a wide class of kernel-attack-surface. Confirm at least RuntimeDefault on all non-system pods.

automountServiceAccountToken: false on every pod that does not call the API server. Otherwise any RCE in the pod = cluster API access.

A SA with `secrets/get` cluster-wide is effectively cluster-admin (it can read any kubeconfig token in any namespace). Audit aggressively.

Deploy a debug pod and try to reach kube-system / db namespaces. Anywhere it succeeds without policy is a lateral-movement path.

Workloads without resource limits enable DoS by noisy-neighbour. Pods with system-cluster-critical priority that should not have it can starve real system pods.

Dirty Pipe (CVE-2022-0847), Dirty COW (CVE-2016-5195), CVE-2024-1086 (nf_tables UAF) - confirm node kernel is patched against the latest LPE class.

CVE-2019-5736 (runc), CVE-2024-21626 (Leaky Vessels). Capture container-runtime version and confirm the patch.

From inside a pod: read /var/run/secrets/kubernetes.io/serviceaccount/token, then run kubectl --token=$T to enumerate. Log the maximum reachable verb-resource pair.

On AWS/GCP/Azure, hitting 169.254.169.254 from a pod and pulling node creds is a classic privilege escalation. Confirm IMDSv2 / hop-limit / Workload Identity.

A workload`s securityContext often passes review while its sidecar (Istio, log-forwarder) runs privileged. Audit each container in each pod, not just the primary.

Any pod with /var/run/docker.sock or kubelet.sock mounted = node compromise on RCE. Worst-case-first triage.

Trigger a known-bad operation (e.g. read /etc/shadow inside a pod) and confirm a runtime-detection alert fires within SLA.

Confirm that an unsigned image is rejected at admission. Run kubectl create -f unsigned-pod.yaml and verify denial - if it admits, the chain is broken.

Use rakkess / rbac-tool / krane to render the actual privilege graph for each ServiceAccount. Most clusters surprise their owners on first render.

Crashing pods sometimes log secrets to stdout (env-var dumps). Confirm log-aggregation does not retain plaintext secrets, and that liveness errors are scrubbed.

Diagram nodes -> namespaces -> ServiceAccounts -> roles -> reachable cloud IAM. This is the headline deliverable for K8s engagements.

Both taxonomies are familiar to platform teams. Cross-tag every finding so risk-owners can dedupe across audit and pentest reports.

NSA guidance is the most recognisable benchmark in regulated environments. Score per-control and surface the gaps.

Hand back a starter policy bundle: deny privileged pods, require runAsNonRoot, deny hostPath, require signed images.

A 5-line default-deny + a namespace-egress allow-list is the highest-leverage K8s control for limiting lateral movement.

Closes the supply-chain loop opened by the build pipeline. Tie this finding back to the CI/CD report if both engagements are in scope.

Pre-prod controls cannot catch zero-days. Recommend runtime-detection as the compensating control with a baseline ruleset.

Kernel and runtime CVEs ship multiple times per year. Recommend a quarterly node-AMI / OS-image refresh cadence.

Attach raw artefacts so the platform team can re-run and verify after fixes. Reproducibility is a key trust signal in K8s reports.

Cluster configs drift on every Helm chart bump. Recommend a 90-day re-test or a continuous Kubernetes Posture Management (KPM) tool.