By: Sonya Koptyev, Director of Product Marketing and Evangelism at Twistlock
To say that Kubernetes provides no security features would be wrong. Kubernetes provides some functionality designed to help secure a containerized application.
But it would be equally wrong to call Kubernetes a container security tool. Kubernetes’s ability to secure containers is strictly limited.
If you use Kubernetes to orchestrate your containerized app, understanding the limits of Kubernetes security is critical for ensuring that you don’t leave gaps in your security strategy.
With that challenge in mind, let’s take a look at exactly what Kubernetes does and does not do when it comes to security.
Kubernetes security features
Here’s what Kubernetes can do to help keep your container environment secure.
Pod security policies
Pod security policies are perhaps the most important security feature in Kubernetes. They let you explicitly allow or disallow various security-related behaviors, and they are enforced automatically across an entire cluster. For example, you can use pod security policies to prevent containers from running in privileged mode, which gives them a considerable level of access to the host system, and can be a security risk in many circumstances.
Authentication and authorization
Kubernetes provides a framework for requiring authentication and authorization to API endpoints. Mandatory authentication is disabled by default, so you’ll want to be sure to turn it on, but it’s still a security feature that is built into Kubernetes.
Role-based access control
Kubernetes also provides a robust role-based access control (RBAC) framework that lets you define who can access which resources based on usernames and groups. RBAC is another important feature to help improve Kubernetes security and prevent unauthorized access.
As long as you set up security certificates properly when installing Kubernetes, Kubernetes uses TLS encryption to secure most internal and external network traffic.
Resource access restrictions
You can set resource quotas to restrict resource consumption in Kubernetes. While security concerns are not the only reason you might want to set quotas (they can also be helpful for ensuring that no users hog all of the cluster’s resources at the expense of others), quotas can help to mitigate security risks by preventing a compromised app or service from consuming unlimited resources.
What Kubernetes doesn’t secure
All of the above are useful ways to help smooth over some rough edges in Kubernetes from a security perspective. However, even if you use all of the Kubernetes features described above, you’ll fall far short of keeping your cluster and app secure unless you also employ other security tools.
This is because there are many critical container security risks that Kubernetes does nothing to address, including the following.
Vulnerabilities inside containers
Kubernetes does nothing to inspect container images for potential vulnerabilities. Nor can it prevent (or even detect) malware inside a container from compromising other containers or your application as a whole. This is why you should be scanning container images for vulnerabilities.
Beyond preventing containers from running in privileged mode, Kubernetes does nothing to help keep host infrastructure secure. From the perspective of host security, Kubernetes is basically just an app running on the server. It’s not going to help to protect your server any more than, say, Windows Calculator protects your Windows PC.
Container registry security
If you use a container registry to store images (which you probably do if you have a production Kubernetes environment), Kubernetes is not that secure, either. Kubernetes will happily integrate with your registry, but it won’t ensure that it is configured with the proper level of access control, or that the images in it are secure.
Kubernetes supports a range of container runtimes. (A runtime is the tool that actually executes your containers; Kubernetes simply manages containers once they are running.) But no matter which one you use, Kubernetes won’t do anything to ensure that it is free of security flaws. You need an external tool that can monitor the runtime for that purpose.
To sum up: Kubernetes can do a few things to help keep a containerized application secure – namely, it can enforce authentication and access-control policies, and do a few other basic things (like limiting resource consumption) that can mitigate the effects of a security breach.
But when it comes to core security risks, including container image security and runtime security, Kubernetes can’t protect you. Other tools can, but don’t make the mistake of assuming that just because Kubernetes does so many other things, it has security covered, too.