White Papers

Kubernetes_Enterprise_Security_Checklist

Issue link: https://read.uberflip.com/i/1344955

Contents of this Issue

Navigation

Page 0 of 5

Kubernetes Enterprise Security Checklist © 2021 Mirantis Inc. All Rights Reserved. Information is subject to change. | www.mirantis.com Kubernetes and cloud applications let complex systems run reliably in unreliable environments. In doing so, however, they can expose an organization to a multitude of security issues. While some organizations do a great job of securing their inf rastructure, many fall into one of two categories: • Those who are unaware that their clusters are insecure. • Those who know their clusters are insecure, but have no idea where to start securing them. Fortunately, organizations can easily mitigate most Kubernetes security issues by taking action in four main areas: • Secure the cluster, its underlying inf rastructure, and administrative tools. • Control access by keeping out unauthorized people and workloads. • Provide a secure software development process that lets developers build and improve software quickly while consuming only appropriate components, and that prevents erroneous or malicious execution of untrusted workloads on your clusters. • Build a secure DevOps culture by adopting coding best- practices, architectural patterns, standardization, and tools that make your code run more efficiently and securely on Kubernetes, while helping to identify and mitigate vulnerabilities and reduce the attack surface as much as possible. Secure the cluster A properly-hardened specif ication for Kubernetes environments — and the ability to deploy and lifecycle- manage self-similar environments on a wide range of inf rastructures — is a powerful security enabler. Establishing such a standard, hardened Kubernetes cluster conf iguration and deployment specif ication delivers many benef its, including: • One single source of infrastructure-as-code truth for deploying, scaling, managing and updating consistent clusters anywhere. This saves DevOps time and enables continual improvement of the now-portable DevOps inf ra-as-codebase. Lost cycles are minimized with these extraneous requirements and dependencies removed. • One single source of automation truth for deploying, scaling, managing, and updating applications written to exploit this standardized, consistent inf rastructure. • Independence from infrastructure dependencies, conferring greater agility, and inf rastructure mobility, and limiting cloud provider lock-in. Hardening Kubernetes begins with selecting a Kubernetes platform that implements the Kubernetes project's best- practices checklist for cluster security. This entails, among other things: • Hardening nodes: Whether deploying on bare-metal or virtual machines, node hardening details changes that need to be made (and maintained) to harden selected host operating systems and ensure appropriate, non-disruptive, and timely patching. • Securing etcd: Kubernetes uses the etcd key-value store to persist information about the current state of the cluster and all of its objects. An attacker who gains access to it can wreak havoc, stealing sensitive data and causing significant destruction. • Securing the Kubernetes API: As the gateway into your cluster, the Kubernetes API is an essential security chokepoint, and securing it involves a combination of certificates and careful configuration. In some cases, your installer will handle most of the heavy lifting, but you should be aware of what is required.

Articles in this issue

Links on this page

view archives of White Papers - Kubernetes_Enterprise_Security_Checklist