Containers deployments in Kubernetes clusters create both familiar and new security challenges. Given the ephemeral nature of containers, the speed and agility goals of microservices architecture, a preliminary detection of potential risks and an early discovery of viable threats yield the best security outcomes.
Successfully addressing the Kubernetes security challenges requires integrating security into each phase of the container lifecycle: build, deploy, and run. But it doesn’t stop at the pod or node level, it needs to secure also the Kubernetes control elements (Master node, API server, etcd, kubelet and more.
Key Discussion Points and Best Practices:
1. Kubei runtime scanner (open-source)
a. Runtime discovery of vulnerable pods
b. Kubernetes infrastructure vulnerability assessment
2. Hardening pods configurations with Pod Security Profiles (PSP)
3. Advanced detection of potential risks – roles, secrets and security contexts, inside the deployment pipeline (CD)
4. Network policies security best practices
5. Protection of Kubernetes Master node elements