# Kubernetes Pentesting

## Kubernetes Pentesting

<https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security>

### Kubernetes Pentesting:

[Kubernetes Basics](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-basics)

[Pentesting Kubernetes Services](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/pentesting-kubernetes-services)

[Exposing Services in Kubernetes](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/exposing-services-in-kubernetes)

[Attacking Kubernetes from inside a Pod](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/attacking-kubernetes-from-inside-a-pod)

[Kubernetes Enumeration](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-enumeration)

[Kubernetes Role-Based Access Control(RBAC)](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-role-based-access-control-rbac)

[Abusing Roles/ClusterRoles in Kubernetes](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/abusing-roles-clusterroles-in-kubernetes)

[Kubernetes Namespace Escalation](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-namespace-escalation)

[Kubernetes Pivoting to Clouds](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-pivoting-to-clouds)

[Kubernetes Network Attacks](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-network-attacks)

[Kubernetes Hardening](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-hardening)

## Kubernetes Pentesting

**Support HackTricks and get benefits!**

### Kubernetes Basics

If you don't know anything about Kubernetes this is a **good start**. Read it to learn about the **architecture, components and basic actions** in Kubernetes:

[Kubernetes Basics](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-basics)

#### Labs to practice and learn

* <https://securekubernetes.com/>
* <https://madhuakula.com/kubernetes-goat/index.html>

### Hardening Kubernetes / Automatic Tools

[Kubernetes Hardening](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-hardening)

### Manual Kubernetes Pentest

#### From the Outside

There are several possible **Kubernetes services that you could find exposed** on the Internet (or inside internal networks). If you find them you know there is Kubernetes environment in there.

Depending on the configuration and your privileges you might be able to abuse that environment, for more information:

[Pentesting Kubernetes Services](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/pentesting-kubernetes-services)

#### Enumeration inside a Pod

If you manage to **compromise a Pod** read the following page to learn how to enumerate and try to **escalate privileges/escape**:

[Attacking Kubernetes from inside a Pod](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/attacking-kubernetes-from-inside-a-pod)

#### Enumerating Kubernetes with Credentials

You might have managed to compromise **user credentials, a user token or some service account toke**n. You can use it to talk to the Kubernetes API service and try to **enumerate it to learn more** about it:

[Kubernetes Enumeration](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-enumeration)

Another important details about enumeration and Kubernetes permissions abuse is the **Kubernetes Role-Based Access Control (RBAC)**. If you want to abuse permissions, you first should read about it here:

[Kubernetes Role-Based Access Control(RBAC)](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-role-based-access-control-rbac)

#### Knowing about RBAC and having enumerated the environment you can now try to abuse the permissions with:

[Abusing Roles/ClusterRoles in Kubernetes](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/abusing-roles-clusterroles-in-kubernetes)

#### Privesc to a different Namespace

If you have compromised a namespace you can potentially escape to other namespaces with more interesting permissions/resources:

[Kubernetes Namespace Escalation](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-namespace-escalation)

#### From Kubernetes to the Cloud

If you have compromised a K8s account or a pod, you might be able able to move to other clouds. This is because in clouds like AWS or GCP is possible to **give a K8s SA permissions over the cloud**.

[Kubernetes Pivoting to Clouds](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security/kubernetes-pivoting-to-clouds)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://book.konstantinsecurity.com/readme/pentest/kubernetes-pentesting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.