Skip to content
/ DO-Sec-Com Public

Deploy a security and compliance system on Digital Ocean

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

99887710/DO-Sec-Com

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
DO_challenge.PNG
DO_challenge.PNG
 
 
LICENSE
LICENSE
 
 
readme.md
readme.md
 
 

Repository files navigation

This challenge will give you an opportunity to level-up your Kubernetes skill set before the end of the year.

https://www.digitalocean.com/community/pages/kubernetes-challenge

Topic:

Deploy a security and compliance system using Falco

Steps

  1. Follow the doc to spin up a DOKS Cluster

    • Manual setup only take a couple of minutes
    • Could also use IaC tools like Terraform, Pulumi
    • Download the kube config for connecting to Kubernetes

  2. Interact with the Cluster

    2.1 Using the fancy K8S IDE Lens

    • easy to use with visual interface

    2.2 Using kubectl

The folder structure looks like below,

.kube
  ├── -
  ├── cache
  ├── config
  ├── custom-contexts
  └── http-cache

All the custom kube configs can be placed in the custom-contexts folder.

In order to switch multiple clusters easily, add the following code in the bashrc or zshrc,

# Set the default kube context if present
DEFAULT_KUBE_CONTEXTS="$HOME/.kube/config"
if test -f "${DEFAULT_KUBE_CONTEXTS}"
then
 export KUBECONFIG="$DEFAULT_KUBE_CONTEXTS"
fi

# Additional contexts should be in ~/.kube/custom-contexts/
CUSTOM_KUBE_CONTEXTS="$HOME/.kube/custom-contexts"
mkdir -p "${CUSTOM_KUBE_CONTEXTS}"

OIFS="$IFS"
IFS=$'\n'
for contextFile in `find "${CUSTOM_KUBE_CONTEXTS}" -type f -name "*.yaml"`
do
  export KUBECONFIG="$contextFile:$KUBECONFIG"
done

IFS="$OIFS"

  1. Deploy Falco using Helm

    • easy to deploy K8S manifests

    3.1 Add Helm repo

    helm repo add falcosecurity https://falcosecurity.github.io/charts

    3.2 Install Falco Chart

    helm install my-falco falcosecurity/falco --version 1.16.3

  2. Check Falco Pods Status

    4.1 Get pods

    NAME                     READY   STATUS    RESTARTS   AGE
my-falco-bs462           1/1     Running   0          37m
my-falco-ljccw           1/1     Running   0          37m
my-falco-vv442           1/1     Running   0          37m

  3. Set up an environment to emulate the attacks and detect

    Lets run the following commands to deploy in the env,

    helm repo add stable https://charts.helm.sh/stable

    helm repo update

    helm install mysql-db stable/mysql

    kubectl get pods

    Now. we have a running mysql pod, so we can start detecting the following scenarios.

    5.1 Detecting terminal shells being spawned in pods

    kubectl exec -it mysql-db-6696899956-v84vc -- bash -il

    and check Falco logs, you will see the log like below,

    Notice A shell was spawned in a container with an attached terminal

Conclusion

In this short blog, we looked at the basics of DigitalOcean Kubernetes setup and how Falco allows us to achieve the detection of security issues. Most importantly, this is a truly starting point to get in the world of Kubernetes!

About

Deploy a security and compliance system on Digital Ocean

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published