Express YourSelf !

Definition: Any subject, user, program, process, and so on should only have the minimum required privileges to perform its function.

Authorization Models

1. ACL: Subject, Object, Operations: Linux and network firewalls

2. RBAC: Subject has role. Role, Object, Operations. DB

3. ABAC: Subject has attributes (e.g. label, property). Attribute, Object, Operations. 

RBAC

- Subjects

-- Regular Users

-- SA (If a Microservice does not interact with kube-apiserver or any other K8s object, then it does not need any privileges)

-- Annonymus users

-- Groups

- Role / ClusterRole

-- Collection of persmissions

-- Role creatoin / modification is restricted. 

- RoleBinding / ClusterRoleBinding

-- Binds role and subject. 

NS: In K8s, NS allows a single cluster to be logically shared among teams/projects 

- NS have resource quota

- RBAC per NS

- NetPol per NS

- Nodes and PV do not belong to any NS. 

One can specify NS with "k apply -f" command also. 

Security Context

- at pod level and at container level

- It about accessing worker node system resources. 

1. Discretionary Access Control (DAC)

-- User ID

-- Group ID

-- container's root file system is RO or not. 

2. Security Enhanced Linux (SELinux)

- Label for level, role, type, user 

- volumes on the node

3. Privileged Mode

4. Linux Capabilities : https://man7.org/linux/man-pages/man7/capabilities.7.html 

5. AppArmor profile

- Linux capabilities

- file access

- nw resources access

6. Secure Computing Mode (seccomp): witelist and blacklist for system calls. 

7. AllowPrivilegeEscalation: Process can give more privileges than its parents or not.

if (CAP_SYS_ADMIN || Privileged mode) then AllowPrivilegeEscalation = true

PodSecurityPolicy: Pod's scrutiny attributes. Defined at cluster level. 

- privileged container (Privileged Mode)

- host-level ns (network, PID, IPC)

- host ports

- different types of volumes

- host's filesystem

- RO root filesystem for containers (DAC)

- user IDs and group IDs (DAC)

- containers' privilege escalation (AllowPrivilegeEscalation)

- containers' Linux capabilities (Linux Capabilities)

- SELinux

- seccomp and AppArmor profiles

- sysctls that a pod can run

- a proc mount type to be used

- an FSGroup to volumes

Resource Limit Control

- request

- limit

Least privilege for nw resources using netpol

Least privilege for app resources with proper design of app.