tam7t/securing-kubernetes.md

Last active August 30, 2024 02:29

Star (3) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/tam7t/13233080aa4d0b6570bd555ff923d2e0.js"></script>
Save tam7t/13233080aa4d0b6570bd555ff923d2e0 to your computer and use it in GitHub Desktop.

Download ZIP

Resources for Securing Kubernetes

Raw

securing-kubernetes.md

Resources for Securing Kubernetes

A work in progress collection of resources for securing a kubernetes cluster.

Architecture

A good understanding of the k8s architecture and automating operations of your cluster is probably the best place to start:

It should also be noted that the kubelet api has no authentications and allows for remote code execution (this is how kubectl exec works).

Datastore

Transport Security

Authorization

http://kubernetes.io/docs/admin/authorization/#rbac-mode

Image Registry

http://kubernetes.io/docs/user-guide/production-pods/#authenticating-with-a-private-image-registry
Image vulnerability management
- https://jpetazzo.github.io/2015/05/27/docker-images-vulnerabilities/
- https://github.com/coreos/clair

Runtime

https://docs.docker.com/engine/security/security/

Network Policies

Secret Storage

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment