The API server is the front end for the Kubernetes control plane.Įtcd is a consistent and highly-available key-value store used as Kubernetes' backing store for all cluster data. Kube-apiserver exposes the Kubernetes API. It consists of components such as kube-apiserver, etcd, kube-scheduler, kube-controller-manager and cloud-controller-manager Component The control plane's components make global decisions about the cluster, as well as detecting and responding to cluster events. The control plane manages the worker nodes and the Pods in the cluster. A Kubernetes cluster consists of a set of worker machines, called nodes that run containerized applications. When you deploy Kubernetes, you get a cluster. The open source project is hosted by the Cloud Native Computing Foundation (CNCF). Kubernetes is an open source container orchestration engine for automating deployment, scaling, and management of containerized applications. Kubernetes Security Cheat Sheet ¶ Kubernetes ¶ Leverage the context that Kubernetes provides to prioritize remediation efforts Use Kubernetes-native security controls to reduce operational risk Receiving alerts for security updates and reporting vulnerabilitiesĮmbed security earlier into the container lifecycle Rotate infrastructure credentials frequently If breached, scale suspicious pods to zero Monitor network traffic to limit unnecessary or insecure communication Preventing containers from loading unwanted kernel modulesĬompare and analyze different runtime activity in pods of the same deployments Use Pod Security Policies to prevent risky containers/Pods from being used Kubernetes Security Best Practices: Runtime Phase Use Kubernetes network policies to control traffic between pods and clustersĪlternatives to Kubernetes Secret resources Implementing centralized policy management Regularly Apply Security Updates to Your EnvironmentĪpply Security Context to Your Pods and Containers Implement Continuous Security Vulnerability Scanning Use Kubernetes namespaces to properly isolate your Kubernetes resourcesĬreate policies to govern image provenance using the ImagePolicyWebhook Kubernetes Security Best Practices: Deploy Phase Use the latest images/ensure images are up to date Use minimal base images and avoid adding unnecessary components Kubernetes Security Best Practices: Build PhaseĮnsure That Only Authorized Images are used in Your EnvironmentĬontainer registry and the use of an image scanner to identify known vulnerabilities Insecure Direct Object Reference PreventionĬontrol network access to sensitive portsĪPI Authorization - Implement role-based access control
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |