k8s Security

By David Xiao

Over the past few months I’ve collected a few good resources regarding Kubernetes security.

I will add more as I learn.

Reference

Securing a Cluster

This document covers topics related to protecting a cluster from accidental or malicious access and provides recommendations on overall security.

CIS Kubernetes Benchmark version 1.6.1

Released in October 2020, it provides prescriptive guidance for establishing a secure configuration posture for Kubernetes.

Kubernetes security best practices

It covers a few suggestions on what can you do to make your Kubernetes workloads more secure.

  • Disable public access

  • Implement role-based access control

  • Encrypt secrets at rest

  • Configure admission controllers

  • Implement networking policies

  • Configure secure context for containers

  • Segregate sensitive workloads

  • Scan container images

  • Enable audit logging

  • Keep your Kubernetes version up to date

Kubernetes Security Best Practices

It discusses the special security concerns arising in Kubernetes environments, and best practices in properly setting up the k8s environment to mitigate vulnerabilities:

  • work with namespaces for authentication, authorization and access control

  • working with reliable docker images and updating relevant software

  • defining resource quotas to avoid resource cannibalization -setting up network policies for proper segmentation and traffic control