Testing and Fuzzing the Kubernetes Admission Configuration

The adoption of Kubernetes in enterprises continues to grow rapidly, which increasingly pushes the security of Kubernetes to the center of attention. This talk focuses on the Admission Controller configuration of Kubernetes and demonstrates how to test and fuzz it.

Kubernetes comes with the Admission feature, which allows to mutate or validate the different Kubernetes manifests. Admission controllers are essential for the security of a Kubernetes cluster, because they prevent misconfigurations even before the resources are created.

In this talk we will take a deeper look into Kubernetes Admission Controllers, show how they work, what they are used for and present a never seen tool to test and fuzz the configuration, for potential misconfigurations.