Chapter 11. Security and Backups
If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.
Bruce Schneier, Applied Cryptography
In this chapter we’ll explore the security and access control machinery in Kubernetes, including Role-Based Access Control (RBAC), outline some vulnerability scanning tools and services, and explain how to back up your Kubernetes data and state (and even more importantly, how to restore it). We’ll also look at some useful ways to get information about what’s happening in your cluster.
Access Control and Permissions
Small tech companies tend to start out with just a few employees, and everyone has administrator access on every system.
As the organization grows, though, eventually it becomes clear that it is no longer a good idea for everyone to have administrator rights: it’s too easy for someone to make a mistake and change something they shouldn’t. The same applies to Kubernetes.
Managing Access by Cluster
One of the easiest and most effective things you can do to secure your Kubernetes cluster is limit who has access to it. There are generally two groups of people who need to access Kubernetes clusters: cluster operators and application developers, and they often need different permissions and privileges as part of their job function.
Also, you may well have multiple deployment environments, such as production and staging. These separate environments will need different ...