Discover more from Learn Pentesting like a Pro!
Apply this 10 rules to defend your Kubernetes cluster properly
Ten security recommendations to protect your Kubernetes deployment
The Kubernetes API, kubelet API and etcd are not exposed publicly on Internet
Default network policies within each namespace, selecting all pods, denying everything, are in place
If appropriate, a service mesh is used to encrypt all communications inside of the cluster
RBAC rights to
deleteworkloads is only granted if necessary
Appropriate Pod Security Standards policy is applied for all namespaces and enforced
ConfigMaps are not used to hold confidential data
Encryption at rest is configured for the Secret API
Container images are configured to be run as unprivileged user
Container images are regularly scanned during creation and in deployment, and known vulnerable software is patched
The kube-controller-manager is running with
References for further reading:
If you want to pentest your Kubernetes cluster, those are two good tools to start with. Let me know any other else below in the comments.
Tools for security testing:
Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.