We’re thrilled to have such skilled people on board! One of our brilliant engineers – Matas Kulkovas – was a speaker at this year’s KubeCon Europe with a presentation entitled Komrade: an Open-Source Security Chaos Engineering (SCE) Tool for K8s delivered together with Aaron Rinehart.
What is chaos engineering in Kubernetes? And how does Kirvis (previously named Komrade) help handle it?
Inside Kubernetes security
As a container orchestration platform, Kubernetes comes with security uncertainties on four different levels: the code, the container, the cluster, and the cloud.
The work of Matas focuses on an approach that can be used at the cluster level. The idea is to inject various kinds of threats inside the system as experiments with open gates, ones that simulate the existence of faulty configurations or similar security flaws. Each experiment is structured as an application you can insert into the Kubernetes cluster.
The work derives from Matas’s MSc thesis Security Chaos Engineering in Kubernetes, awarded by IDA Connect for presenting a completely new approach to testing security in a Kubernetes cluster.
The approach is based on a circular sequence of actions:
- First, you hypothesize how the system will handle a given threat.
- Then you insert a security error into it and verify whether the system behaves as it should.
- That way, you can check what works and what you need to work on and repeat the circle repeatedly.
The experimental setup Matas designed brought together various known methods for injecting faults into systems by so-called Chaos Engineering and, more specifically, Security Chaos Engineering (SCE). The latter hasn’t been used on Kubernetes platforms until now.
Enter Kirvis, the first SCE tool for Kubernetes
Security Chaos Engineering (SCE) focuses on discovering system weaknesses proactively before they snowball into real problems. The objective here is moving security activities toward continuous recalibration thanks to a more realistic understanding of how well certain practices perform under specific conditions.
During their KubeCon presentation, Matas and Aaron showcased a demo of Kirvis, the first open-source tool for running SCE experiments on Kubernetes.
Check out the presentation here.
Source code relevant to Kubernetes API server, Kubelet, CIS Benchmark experiments for Kubernetes can be found in the Kirvis GitHub repository.
Keep an eye on our blog to learn more about the latest trends in Kubernetes.