Skip to content

K8s kube-hunter as pod

Description

kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own!

Project page

  • https://github.com/aquasecurity/kube-hunter

kube-hunter.job.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: kube-hunter
#  namespace: <namespace>
spec:
  template:
    spec:
      containers:
        - name: kube-hunter
          image: aquasec/kube-hunter
          command: ["kube-hunter"]
          args: ["--pod"]
      restartPolicy: Never
  backoffLimit: 4

Run the job

kubectl create -f kube-hunter.job.yaml

Find the pod name

kubectl describe job kube-hunter
kubectl describe job kube-hunter --namespace=<namespace>

View the test results

kubectl logs <pod name>
kubectl logs kube-hunter-4nz47 --namespace=<namespace>