Visiting AWS re:Invent? Meet CAST AI in booth #2346 to chat K8s cost & security or win a swanky scooter 🛴

Chaos Engineering and Kirvis for Kubernetes at KubeCon Europe 2022

We’re thrilled to have such skilled people on board! One of our brilliant engineers – Matas Kulkovas – was a speaker at this year’s KubeCon Europe with a presentation entitled Komrade: an Open-Source Security Chaos Engineering (SCE) Tool for K8s delivered together with Aaron Rinehart.

chaos management kubernetes

What is chaos engineering in Kubernetes? And how does Kirvis (previously named Komrade) help handle it? 

Inside Kubernetes security

As a container orchestration platform, Kubernetes comes with security uncertainties on four different levels: the code, the container, the cluster, and the cloud. 

The work of Matas focuses on an approach that can be used at the cluster level. The idea is to inject various kinds of threats inside the system as experiments with open gates, ones that simulate the existence of faulty configurations or similar security flaws. Each experiment is structured as an application you can insert into the Kubernetes cluster.

The work derives from Matas’s MSc thesis Security Chaos Engineering in Kubernetes, awarded by IDA Connect for presenting a completely new approach to testing security in a Kubernetes cluster.

The approach is based on a circular sequence of actions:

  • First, you hypothesize how the system will handle a given threat. 
  • Then you insert a security error into it and verify whether the system behaves as it should. 
  • That way, you can check what works and what you need to work on and repeat the circle repeatedly.

The experimental setup Matas designed brought together various known methods for injecting faults into systems by so-called Chaos Engineering and, more specifically, Security Chaos Engineering (SCE). The latter hasn’t been used on Kubernetes platforms until now.

Enter Kirvis, the first SCE tool for Kubernetes

Security Chaos Engineering (SCE) focuses on discovering system weaknesses proactively before they snowball into real problems. The objective here is moving security activities toward continuous recalibration thanks to a more realistic understanding of how well certain practices perform under specific conditions. 

During their KubeCon presentation, Matas and Aaron showcased a demo of Kirvis, the first open-source tool for running SCE experiments on Kubernetes.

Check out the presentation here.

Source code relevant to Kubernetes API server, Kubelet, CIS Benchmark experiments for Kubernetes can be found in the Kirvis GitHub repository.

Keep an eye on our blog to learn more about the latest trends in Kubernetes.

  • Blog
  • Chaos Engineering and Kirvis for Kubernetes at KubeCon Europe 2022

Leave a reply

1 Comment
Oldest
Newest
Inline Feedbacks
View all comments
Zidan
2022-06-25 5:12 AM

Good content and information

Recent posts

Are your workloads spot instance friendly?

Get the spot-readiness cheat sheet and quickly determine which of your workloads can reliably run on spot instances.

We may occasionally email you with cloud industry news and great offers.