Skip to content

abdul-050/k8s-iac-security-workshop

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Kubernetes Infrastructure as Code Gamified

This workshop was first run at SnykCon 2021.

Instructions

  1. By yourself or in a small group, spend at least 25 minutes looking through the files in this repository and try to identify at least 7 security vulnerabilities.

There are three directories:

  • A terraform directory that sets up a Kubernetes cluster using DigitalOcean Kubernetes
  • A helm directory that has files for setting up ingress-nginx
  • An api-deployment directory that has yaml manifests to deploy an example api written in Go.

Hint:

  • 2 high-severity security vulnerabilities
  • 5 medium-severity security vulnerabilities

If you have no idea where to start looking, it’s okay! Pick an article from the resources section, read through it and try to find one issue to look for.

  1. After looking through the repo, fork this into your github account, sign up for Snyk and run this repo the IAC scanner. Make changes to fix the issues and then run the scan again. Celebrate when you have fixed the 7 vulnerabilities!

Resources

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Mustache 73.8%
  • HCL 26.2%