Skip to content

Best Pratices

High Level Documentation

Link Notes
NSA's Kubernetes Hardening Guidance
  • Describes the security challenges associated with setting up and securing a Kubernetes cluster
  • Includes strategies to avoid common misconfigurations and implement recommended hardening measures
PCI Guidance for Containers and Container Orchestration Tools
OWASP Kubernetes Top 10
  • Prioritized list of these risks backed by data collected from organizations varying in maturity and complexity
  • See also Sysdig' summary

Operational Guides

Link Notes
Kubernetes Security Checklist A baseline checklist for ensuring security in Kubernetes clusters
Securing a Kubernetes Cluster This document covers topics related to protecting a cluster from accidental or malicious access and provides recommendations on overall security
Securing Kubernetes Clusters by Eliminating Risky Permissions How permissions are built in Kubernetes with role-based access control (RBAC) and why you should use it carefully
Plain Kubernetes Secrets are fine
  • By creating a threat model that includes the kinds of attacks you want to mitigate, it's clear that managing secrets safely is extremely difficult
  • The problem is NOT that secrets are just base64 encoded; that was never meant as a security feature. And the problem cannot be simply waved away by software/cloud providers and their flashy documentation
Kubernetes Hardening Tutorial

Multitenancy

Link Notes
Kubernetes Multi-tenancy Official docs: an overview of available configuration options and best practices for cluster multi-tenancy
Ramblings from Jessie: Hard Multi-Tenancy in Kubernetes A design proposal for how to do hard multi-tenancy in Kubernetes

Other

Link Notes
The Principle of Ephemerality Everything that can be ephemeral, should be ephemeral
Official CVE Feed A community maintained list of official CVEs announced by the Kubernetes Security Response Committee