NASA K8s Hardening Guide


Published:   August 4, 2021

Tags:
Ref: https://news.ycombinator.com/item?id=28050750

Main highlights as mentioned by top commentator

  • Scan containers and Pods for vulnerabilities or misconfigurations.

  • Run containers and Pods with the least privileges possible.

  • Use network separation to control the amount of damage a compromise can cause.

  • Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality.

  • Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.

  • Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity.

  • Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.

For me encryption is the key, mTLS feature should be must for any secure environment.



Let me know if you have any questions or comments.
It will help me to improve/learn.


< Older   Further Reading   Newer >