Kubernetes can look enticingly powerful at first glance, like it will solve all of your problems. (It solves many of them!) But anyone working with it knows how quickly things can get complex. Kubernetes security is no different.

Kubernetes is not secure by default. There are multiple attack pathways and CVEs are regularly found. While it can feel overwhelming to get started, there are some concrete tactics you can implement to protect your services and infrastructure — and keep your organization out of the headlines. Learn the major components of the pipeline you’ll be securing, then how to secure them.

First let’s get an overview of the ecosystem you’re securing.

• Containers. Kubernetes is a container orchestration system. So any attempt to secure Kubernetes must involve securing the containers it deploys, including the pipeline of building and deploying them.
• Linux and Windows. Containers usually contain an operating system (OS), in addition to the OS powering the servers or VMs that Kubernetes is deployed on, so we have to talk about securing the OS, whether it’s Linux, Windows — or both.
• Kubernetes. Kubernetes itself is both an API server, as well as a distributed system of agents and etcd databases within a network — all of which also need to be secured.

#kubernetes