{{announcement.body}}
{{announcement.title}}
refcard cover
Refcard #275

Kubernetes Security Essentials

Covering the essentials of security in Kubernetes environments, this Refcard addresses the three primary areas of attack within a Kubernetes cluster. Security concepts range from the software supply chain — images, build systems, and container registry security — to Kubernetes infrastructure, as well as deploy-time and runtime security. Key examples like threat vectors, security measures, and vulnerability and violation types within each section will help you continue strengthening your Kubernetes environment security as you automate and scale the deployment and management of your cloud-native applications.

Free PDF for Easy Reference
refcard cover

Written By

author avatar Wei Lien Dang
Co-founder and Chief Strategy Officer, StackRox
Section 1

Introduction

By every measure, today Kubernetes is the de facto standard for automating the deployment and management of cloud-native applications. Its adoption is transforming the ways in which organizations of every size, in every industry, develop and release software using technologies such as containers, microservices, and declarative APIs. In parallel, these new technologies and architectures give rise to broad security risks and challenges that organizations must protect against. Kubernetes introduces a new threat environment — one that is as dynamic, fast-moving, and active as containerized applications themselves.

Kubernetes, with its breadth of cluster components and associated tooling, also introduces complexity for an organization’s end users. It requires teams to learn new skills and adopt new security workflows across development and operations. This complexity can expose organizations to a potentially expansive set of attack vectors throughout Kubernetes environments that stem from vulnerabilities, misconfigurations, or other operational issues.

As Kubernetes increasingly becomes a foundational infrastructure platform that underpins modern software delivery, securing it becomes critical. The broader Kubernetes community has undertaken several efforts to increase security awareness, including conducting a security audit of the Kubernetes platform, publishing a Kubernetes attack matrix based on the MITRE ATT&CK framework, publishing a security whitepaper on best practices, and establishing industry-standard security benchmarks. These efforts can help development, operations, and security leaders develop effective strategies for implementing new security measures to protect their Kubernetes environments.


This is a preview of the Kubernetes Security Essentials Refcard. To read the entire Refcard, please download the PDF from the link above.

Section 2

The Kubernetes Attack Surface

To understand how to protect a Kubernetes environment, it is informative to understand its relevant attack surface. The attack surface within a Kubernetes cluster consists of three main areas that must be protected:

  1. The software supply chain for building the immutable artifacts used to deploy and run containers
  2. Infrastructure components that must be provisioned and configured to run Kubernetes
  3. Deployed and running containers that make up individual Kubernetes applications

Nearly all Kubernetes threat vectors can be mapped to one of these three categories. This Refcard uses them as a framework to describe key security concepts that comprehensively span Kubernetes infrastructure and applications.


This is a preview of the Kubernetes Security Essentials Refcard. To read the entire Refcard, please download the PDF from the link above.

Section 3

Securing the Software Supply Chain

In Kubernetes environments, the software supply chain acts as a centralized place to make any software changes for propagation into production environments. It also serves as a chokepoint where users can incorporate security measures that have an outsized impact on the rest of the application lifecycle.

Container images constitute the standard application delivery format in Kubernetes environments. Building these images is the primary goal of a cloud-native software supply chain, so securing the supply chain should primarily focus on image security. The wide distribution and deployment of these container images require a well-thought-out strategy for ensuring their security.


This is a preview of the Kubernetes Security Essentials Refcard. To read the entire Refcard, please download the PDF from the link above.

Section 4

Securing Kubernetes Infrastructure

Kubernetes is the critical foundation for how cloud-native applications are deployed and managed. Therefore, security measures to protect the components that make up Kubernetes itself, including remediating vulnerabilities or preventing misconfigurations, is essential to protecting your clusters. Every Kubernetes cluster contains a set of infrastructure components needed to run the platform and applications on it. These components may require administrator or user configuration when provisioning clusters and understanding them can help focus efforts on valuable security mitigations.

They can be categorized as:

  • Control plane components – manage operations throughout the cluster.
  • Worker node components – run containerized applications in pods.

The Kubernetes control plane makes global decisions regarding a cluster’s operations. As a result, guarding against threats to its components is paramount since these could lead to the entire cluster environment being compromised. The two tables below list the control plane and worker node components with corresponding threat vectors and security measures to implement.


This is a preview of the Kubernetes Security Essentials Refcard. To read the entire Refcard, please download the PDF from the link above.

Section 5

Securing Deployed and Running Workloads

Once the software supply chain (including the images that are built using it) and Kubernetes cluster infrastructure are adequately secured, the remaining focus is on security controls for the Kubernetes pods that are deployed and run. Pods are the smallest units deployed into clusters and collectively form Kubernetes applications, so they are ultimately the targets subject to individual exploits. Securing pods and their containers requires substantial attention — doing so enables more granular security controls that better scope to requirements of individual application components.

Deploy-time and runtime security involve separate security measures but are related in that they should primarily focus on first setting parameters that restrict what containerized applications can do, and then subsequently monitor for any deviations (or attempts to deviate) from those restrictions.


This is a preview of the Kubernetes Security Essentials Refcard. To read the entire Refcard, please download the PDF from the link above.

Section 6

Conclusion

Kubernetes is a powerful yet complex system that is rapidly transforming how organizations build, ship, and run modern software applications. Its benefits come with associated security demands that must be addressed to minimize risks and threats to your business. An effective approach to securing Kubernetes environments is based on applying controls to secure the following key areas:

  • Software supply chain used to build container images
  • Infrastructure components needed to run Kubernetes clusters, including its control plane and worker nodes
  • Deployed and running containerized workloads made up of individual pods

By leveraging native security controls in Kubernetes, organizations can achieve comprehensive security across these areas and scale their production usage of Kubernetes with confidence.


This is a preview of the Kubernetes Security Essentials Refcard. To read the entire Refcard, please download the PDF from the link above.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}