Embedded Files
Security advises
Security advises
Infra security
Infra security
Use recent K8s version
Firewall should block K8s sensitive ports access.. Kubelet use 10250
Wise use of RBAC (least privilege model)
Workload security
Workload security
Configuration management
Network segmentation
Network policies
Pod centric firewalls
Ingress/egress policy
Namespace isolation for multi-tenant environment
Basic image scanning
Ensure That Only Authorized Images are Used in Your Environment.
Create private repository for approved images
compliance
Base image
Base image
Go distroless as much as possible or use lightweight base image
Remove package manager and network utilities
Remove file system modification utilities (chmod, chown)
Remove utilities related to container management (nsenter for example)
Scan images
Container yaml (security context setting)
Container yaml (security context setting)
Set read only FS in security context
Drop all capabilities to avoid security attack
https://kubernetes.io/blog/2016/08/security-best-practices-kubernetes-deployment/
Network security
Network security
Refer network policy rules to stop any unwanted app
Book on K8s security
Book on K8s security
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE36AY2
Reference
Reference
https://kubernetes.io/blog/2016/08/security-best-practices-kubernetes-deployment/
https://medium.com/containerum/top-security-tips-for-your-kubernetes-cluster-9b23a4e95111
Page updated
Google Sites
Report abuse