Use recent K8s version
Firewall should block K8s sensitive ports access.. Kubelet use 10250
Wise use of RBAC (least privilege model)
Configuration management
Network segmentation
Network policies
Pod centric firewalls
Ingress/egress policy
Namespace isolation for multi-tenant environment
Basic image scanning
Ensure That Only Authorized Images are Used in Your Environment.
Create private repository for approved images
compliance
Go distroless as much as possible or use lightweight base image
Remove package manager and network utilities
Remove file system modification utilities (chmod, chown)
Remove utilities related to container management (nsenter for example)
Scan images
Set read only FS in security context
Drop all capabilities to avoid security attack
https://kubernetes.io/blog/2016/08/security-best-practices-kubernetes-deployment/
Refer network policy rules to stop any unwanted app
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE36AY2
https://kubernetes.io/blog/2016/08/security-best-practices-kubernetes-deployment/
https://medium.com/containerum/top-security-tips-for-your-kubernetes-cluster-9b23a4e95111