Skip to content

Best Pratices

High Level Documentation

Link Notes
NSA's Kubernetes Hardening Guidance
  • Describes the security challenges associated with setting up and securing a Kubernetes cluster
  • Includes strategies to avoid common misconfigurations and implement recommended hardening measures
PCI Guidance for Containers and Container Orchestration Tools
OWASP Kubernetes Top 10 Prioritized list of these risks backed by data collected from organizations varying in maturity and complexity

Operational Guides

Link Notes
Kubernetes Security Checklist A baseline checklist for ensuring security in Kubernetes clusters
Securing a Kubernetes Cluster This document covers topics related to protecting a cluster from accidental or malicious access and provides recommendations on overall security
Securing Kubernetes Clusters by Eliminating Risky Permissions How permissions are built in Kubernetes with role-based access control (RBAC) and why you should use it carefully
Plain Kubernetes Secrets are fine
  • By creating a threat model that includes the kinds of attacks you want to mitigate, it's clear that managing secrets safely is extremely difficult
  • The problem is NOT that secrets are just base64 encoded; that was never meant as a security feature. And the problem cannot be simply waved away by software/cloud providers and their flashy documentation
Kubernetes Hardening Tutorial

Multitenancy

Link Notes
Kubernetes Multi-tenancy Official docs: an overview of available configuration options and best practices for cluster multi-tenancy
Ramblings from Jessie: Hard Multi-Tenancy in Kubernetes A design proposal for how to do hard multi-tenancy in Kubernetes

Other

Link Notes
The Principle of Ephemerality Everything that can be ephemeral, should be ephemeral
Official CVE Feed A community maintained list of official CVEs announced by the Kubernetes Security Response Committee