Community post by Jim Bugwadia

The CNCF Kubernetes Security Special Interest Group (SIG) and Policy Working group (WG) have just released a new paper on Kubernetes Policy Management to help educate the community about best practices for managing Kubernetes configurations using policies. 

This paper aims to provide a clear understanding of why Kubernetes policy management is important for security and automation of Kubernetes clusters and workloads. It also describes what problems Kubernetes policies can help solve and how Kubernetes policies can be implemented.

“Policies can simplify managing Kubernetes configurations and security controls for developers, operators, security engineers, and compliance officers. In a cloud native environment enforcing policies in continuous delivery pipelines and during admission controls helps shift security left, enforce software supply chain security, in addition to applying runtime security. This paper represents a community effort and is a great step in clarifying the role of policies for Kubernetes cluster operations, security, continuous compliance, and management.” said Aradhna Chetal of the CNCF Kubernetes Policy WG.

The paper introduces new guidance for policy-based operations across the cloud native lifecycle and discusses a reference architecture for Kubernetes policy management providing a description of each component required. The paper also discusses how policies map to other security domains such as threat modeling, assurance, and compliance.

The Kubernetes Security SIG Security focuses on improving the security of the Kubernetes project across all components. If you are interested in participating in the Security SIG check out the Charter for more information.

Kubernetes working groups are organized to address specific topics that span SIGs. The Kubernetes Policy WG is focused on policy implementations, architectures, and best practices for Kubernetes. If you are interested in advancing Kubernetes policy management, join an upcoming meeting or message the group on the Slack channel.

The Kubernetes Policy Management paper is available on GitHub.