Virtual machines on Kubernetes pods: one more layer of security. Right?
KubeVirt is a Kubernetes add-on that enables running virtual machines in Kubernetes pods. Intuitively, we may think that virtualization should bring additional assurance. However, in this talk, we will show that this reasoning may come with flaws. After covering background information on KubeVirt purpose and architecture, we will dive into our findings on KubeVirt security, covering in particular CVE-2022-1798. To conclude the talk, we will touch on hardening, recommended setup, and the remediation at scale of the CVE.