Skip to content

Best Pratices

High Level Documentation

Link Notes
NSA's Kubernetes Hardening Guidance
  • Describes the security challenges associated with setting up and securing a Kubernetes cluster
  • Includes strategies to avoid common misconfigurations and implement recommended hardening measures
OWASP Kubernetes Top 10 Prioritized list of these risks backed by data collected from organizations varying in maturity and complexity

Operational Guides

Link Notes
Kubernetes Hardening Tutorial
Securing Kubernetes Clusters by Eliminating Risky Permissions How permissions are built in Kubernetes with role-based access control (RBAC) and why you should use it carefully
Plain Kubernetes Secrets are fine
  • By creating a threat model that includes the kinds of attacks you want to mitigate, it's clear that managing secrets safely is extremely difficult
  • The problem is NOT that secrets are just base64 encoded; that was never meant as a security feature. And the problem cannot be simply waved away by software/cloud providers and their flashy documentation

Other

Link Notes
The Principle of Ephemerality Everything that can be ephemeral, should be ephemeral
Official CVE Feed A community maintained list of official CVEs announced by the Kubernetes Security Response Committee